MN Health Clinic Fires 32 for HIPAA Violations

Big events, such as a VIP coming to a hospital or a well-known member of the community receiving care at a facility, may prompt unauthorized access, primarily out of curiosity or concern for the individual, Ruelas adds.

"However, as more organizations prompt their employees to make use of their own facilities to receive care, the opportunity for more snooping even out of a genuine concern from coworkers to see how someone they know is doing -- which is still unauthorized -- is a big issue that I believe people are finally realizing needs to be addressed," Ruelas says.

This isn't the first case of termination for patient-record snooping.

In January, the University Medical Center in Tucson fired three clinical support staff members and a contracted nurse for "inappropriately accessing confidential medical records."

The records were related to shootings at a Tucson supermarket that killed six and wounded 13 -- including U.S. Rep. Gabrielle Giffords (D-AZ).

Last September, Mayo Clinic fired an employee who worked in a business center in Arizona for accessing nearly 2,000 patient medical and financial records over a four-year period. The employee's access rights covered all Mayo Clinic patient records at all Mayo sites.

HIPAA compliance specialist Phyllis A. Patrick, MBA, FACHE, CHC, of Phyllis A. Patrick & Associates LLC in Purchase, N.Y., says the number of terminations at Allina Hospitals & Clinics itself may not be as "significant as it may seem."

"This is a large health system," she adds. "They have developed their policies, training programs, auditing systems, and sanctions processes to meet the requirements and the spirit of the laws. It appears that they have had their program in place for some time and their processes should be no surprise to any of their workforce. … They appear to be diligent in their investigation process and consistent in how they treat inappropriate access."