Texas Hospital District Fires 16 For HIPAA Violations
The Harris County Hospital District of Houston, Texas, fired 16 employees, accusing them of violating patient privacy laws by inappropriately accessing the records of a medical resident who'd been admitted to the hospital after she was shot in a grocery store parking lot.
The Harris County Hospital District of Houston, Texas, fired 16 employees, accusing them of violating patient privacy laws by inappropriately accessing the records of a medical resident who'd been admitted to the hospital after she was shot in a grocery store parking lot.A spokeswoman for the hospital district confirmed in an e-mail exchange with InformationWeekthat 16 employees were fired November 20 for violating Health Insurance Portability and Accountability Act (HIPAA), but declined to provide specifics.
A county employee who asked not to be identified told the Houston Chronicle that two high-ranking administrators told him the fired employees had looked at the medical records of Dr. Stephanie Wuest, a first-year Baylor College of Medicine resident assigned to Ben Taub General Hospital.
Wuest became a patient at Ben Taub on Oct. 29, after she was shot in a grocery store parking lot. She is expected to make a full recovery, her mother said [Nov. 25].
Most of the fired employees worked at Ben Taub. They include managers, nurses, clerks and other employees.
HIPAA requires healthcare providers to sanction employees for violations, but leaves the level of sanction to the healthcare provider's discretion.
"It could be that the district wants to draw a hard line against any violations of the law in order to discourage the federal Office of Civil Rights from imposing large civil or criminal financial penalties," said Stacey Tovino, a professor of health law at Drake University who writes frequently on HIPAA.
She noted that many institutions fire employees for that reason.
Still, Tovino said the level of sanction could be considered harsh given HIPAA's standards requiring institutions to report violations to the federal government. She said the law defines such breaches as those posing "a significant risk of financial, reputational or other harm to the individual."
Tovino questioned whether employees accessing a colleague's record out of concern about her prognosis would meet that threshold.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.