Washington Health Systems has suspended several of their staff members following allegations that they accessed patient health records without authorisation. The privacy breach is currently being investigated by the appropriate authorities.
The company has not yet confirmed how many employees have been suspended for this HIPAA violation. Larry Pantuso, the Vice President of Strategy and Clinical Services at Washington Health System, has issued a statement to the Observer Reporter indicating the number of employees that have been suspended to be around a dozen. It was reiterated that at this stage, no employees have been fired for inappropriate medical record access.
The breach of HIPAA legislation is believed to be related to the death of an employee of the WHS Neighbor Health Center. Kimberly Dollard, 57, was killed when a driver who lost control of his car rammed into the building where she worked. The driver, Chad Spence, and one other individual were admitted to the hospital after sustaining injuries in the accident.
In the statement, Pantuso did not confirm that this was the incident that prompted the employees to access patients’ medical records. However, he did confirm that the alleged unauthorised access related to a “high profile case” which the facility was handling.
The Health Insurance Portability and Accountability Act (HIPAA) stipulates that the accessing of medical records without any legitimate work reason for doing so is a punishable offence. The individual in question may be suspended, fired, lose their medical license, or even face criminal charges in extreme cases of HIPAA violations. HIPAA Rules only permits the accessing of PHI by employees for treatment, payment, or healthcare operations.
Recent months have seen several cases in which employees have been fired accessing the medical records of high profile patients without any legitimate reason to do so.
In February this year, 13 employees of the Medical University of South Carolina were fired for HIPAA violations after they accessed the medical records of patients without authorization. Many of the files pertained to high profile patients of the facility.
One of the most recent actions taken against a healthcare employee for a HIPAA violation was taken by the New York nursing board’s Office for Professional Discipline. Martha Smith-Lightfoot had been employed at the University of Rochester Medical Center (URMC), but was leaving to take up a new position at Greater Rochester Neurology. Prior to her departure, Smith-Lightfoot was given a list of patients at URMC. Upon arrival to her new workplace, she provided that list to her new employer and patients were contacted in an attempt to solicit business from URMC.
Smith-Lightfoot has signed a consent order with the nursing board admitting the HIPAA violation. Her license to practice was suspended for one year, and she received a stayed suspension for another year, and three years of probation when she returns to practice.
Unauthorised access of medical records is likely to be discovered as the database logs when health records are accessed, and sometimes who accesses them. Those logs are periodically checked and if inappropriate PHI access is discovered it is likely to result in termination and will make it hard to obtain future employment in healthcare.