University Medical Center announced Jan. 12 that it had fired three staff members for inappropriately accessing confidential medical records. In addition, a contracted nurse also was terminated by the nurse's employer for the privacy violation.
The high-profile announcement provides an excellent example for other hospitals to follow when dealing with records snoops on their staff.
It will be interesting to see whether those involved in this case, and other records snooping cases, ever receive federal sanctions for violating the HIPAA privacy rule. The HITECH Act established tougher penalties for HIPAA violations. But so far, only one person has received a prison sentence for a HIPAA privacy violation. More high-profile fines and prison terms could help deter other snoopers.
In its statement, the medical center notes: "With advances in technology, ensuring patient privacy has become the focus of hospitals nationwide. UMC uses sophisticated technology to help prevent and detect inappropriate access to patient information."
Unfortunately, sophisticated technology apparently wasn't enough to prevent this breach. But it may have helped detect it.
Is your organization doing all it can to prevent and detect breaches? Are you sure?