Ann & Robert H. Lurie Children’s Hospital of Chicago dismissed a worker for inappropriate access of the healthcare data of patients with no permission over a period of 15 months.
The hospital discovered the patient privacy violations on March 5, 2020 and promptly blocked the employee’s use of hospital programs whilst doing the investigation. After analyzing access logs, the hospital learned that the worker had accessed the healthcare records of 4,824 patients with no authorization between November 2018 and February 2020.
The hospital employee viewed the following types of data: names, birth dates, addresses, diagnoses, prescription drugs, consultations, and medical treatments. There were no medical insurance data, financial details, or Social Security numbers viewed.
There was no explanation provided regarding why the employee accessed the healthcare records. However, the hospital claims it is convinced the worker didn’t get, misuse, or expose the material to someone else. The hospital also mentioned the worker is not working at the hospital.
This isn’t the first breach of its type to take place at Lurie Children’s Hospital. There was an identical episode identified in November 2019. That occasion, the hospital found out that an ex-employee viewed patient healthcare records with no authorization between September 2018 and September 2019.
Mercy Health Terminates Nurse for Several Privacy Violations
Just lately, Mercy Health likewise had taken action against a worker for alleged HIPAA Privacy Rule violations. Hackley Hospital in Muskegon, MI fired a nurse on April 3, 2020. The termination took place right after the nurse raised issues in press interviews concerning the hospital’s level of readiness for the COVID-19 outbreak and how the supposed deficiency of readiness put patient and healthcare workers’ safety on the line. The nurse got in touch with the Michigan Nurses Association Labor Union, which stated that Mercy Health terminated the nurse for speaking publicly. The Labor Union furthermore filed a complaint with the National Labor Relations Board.
A Labor Union press release on April 21, 2020 explained that the firing of Howe on April 3 transpired after he had openly brought up issues regarding the insufficiency of required PPE and the necessity of bettering the screening steps to safeguard the nurses and healthcare employees during the COVID-19 crisis.
10 days right after the nurse was terminated, and a day subsequent to the Labor Union’s press release, Mercy Health issued a press release saying that the nurse was terminated due to several HIPAA Rules violations. Mercy Health explained it doesn’t generally share facts about career issues of its employees but was obligated to speak out as a result of the “misinformation campaign” brought up by the Labor Union.
Mercy Health remarks that the nurse, Justin Howe, was terminated for viewing the health records of several patients for a few days. The information wasn’t for patients having a procedure at the place where the nurse was working and there was no authorized work reason for viewing those files. Mercy Health remarks that Howe wasn’t the sole nurse fired for inappropriate access to health records.
As stated in Mercy Health’s press release, the hospital is tracking unacceptable access to medical data. Mr. Howe, as well as others, were dismissed for that reason. This investigative work is still ongoing.