The Security Scrutinizer with Howard Anderson

Great Work on Records Snoops Crackdown

Hospital Treating Giffords Puts the Spotlight on Privacy
Great Work on Records Snoops Crackdown

The hospital that is treating Rep. Gabrielle Giffords, D-Ariz., and other victims of the Jan. 8 shooting incident in Tucson, Ariz., deserves accolades not only for its care for the victims, but also for calling attention to an important privacy issue.

University Medical Center announced Jan. 12 that it had fired three staff members for inappropriately accessing confidential medical records. In addition, a contracted nurse also was terminated by the nurse's employer for the privacy violation.

The announcement of the action was posted prominently on a high-profile section of the medical center's website labeled "incident command site" that's devoted to coverage of treatment of Giffords and others. So the whole world knows that this hospital takes its privacy policy seriously.

Privacy Policy Example

The high-profile announcement provides an excellent example for other hospitals to follow when dealing with records snoops on their staff. Zero tolerance is appropriate. And a prominent announcement of the sanctions helps ensure that other employees get the message: Snoop in records, and you'll lose your job.

It will be interesting to see whether those involved in this case, and other records snooping cases, ever receive federal sanctions for violating the HIPAA privacy rule. The HITECH Act established tougher penalties for HIPAA violations. But so far, only one person has received a prison sentence for a HIPAA privacy violation. More high-profile fines and prison terms could help deter other snoopers.

In its statement, the medical center notes: "With advances in technology, ensuring patient privacy has become the focus of hospitals nationwide. UMC uses sophisticated technology to help prevent and detect inappropriate access to patient information."

Unfortunately, sophisticated technology apparently wasn't enough to prevent this breach. But it may have helped detect it.

Is your organization doing all it can to prevent and detect breaches? Are you sure?

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.