Oops, They Did It Again

Human curiosity is a powerful thing, often more powerful than a hospital's privacy policies and procedures.  The L.A. Times reports that employees at UCLA Medical Center were warned of the consequences of snooping on the medical records of Britney Spears' when she was admitted as a patient on January 31.  Days later, several employees and physicians did just that, examining Ms. Spears' records when they were not involved in the patient's treatment.  The result -- 13 of the employees of the medical center were fired and six doctors face disciplinary action. Unnecessary access to a patient's records will generally be considered a violation of the HIPAA Privacy Rule's "minimum necessary" rule governing uses and disclosures of protected health information ("PHI").  Incidents like this one and the one involving George Clooney (see posting below) suggest that privacy policy violations are increasing becoming firing offenses.  Privacy and data security are becoming critical compliance issues that affect patient trust in an organization. Being willing to fire an employee for a privacy violation is one way to demonstrate to your community and your workforce that you don't take these issues lightly.