Sixteen employees of the Harris County Hospital District were terminated last month after accessing the medical records of a first-year medical resident who had become a patient.
The employees had accessed the records of Stephanie Wuest, a doctor who had been admitted after being shot in a supermarket parking lot on October 29. One terminated employee stated that the records were accessed out of concern for the colleague, and that they were just trying to locate Wuest.
HIPAA requires that a hospital issue "appropriate sanctions" when an employee violates the law. The Harris County situation is one example of employers setting a firm rule against access to medical records without the consent of the patient or patient's guardian.
Some have argued that incidents of mistake, or access to records out of concern for a colleague should not be considered severe enough to warrant termination. Others argue that the privacy risk to the patient is too great and that hospitals should punishing HIPAA violations with a firm hand, especially if employees are provided sufficient education in the law and in what constitutes a violation.
This incident serves as a reminder that when it comes to HIPAA, make sure your colleagues and members of the medical staff know the law and are aware of the consequences enforced at your facility.
Source: Houston Chronicle