Monday, March 11, 2019

‘Dozens’ of Northwestern Memorial Hospital Employees Fired for Accessing Jussie Smollett’s Medical Records

Here is an interesting story that I came across and I feel really compelled to share it with you.  As regular readers of the blog know, I’ve got a serious interest security and since I’m also in the healthcare area, that translates to also being concerned about patient data security and PHI (Protected Health Information).  Usually when I think of a HIPAA violation I think of some type of data breach where an intruder steals patient data.  However, this case is completely different and even though it may not apply to very many dental scenarios (as dental offices have exponentially fewer employees) I think it still information that is pertinent to a security discussion.
While most of you in dentistry probably do not have a practice filled with celebrities, there are still some lessons to be learned from this story.  The biggest and most important lesson is employees need to know that they can only access PHI if they have a legitimate reason to do so.  
The following story is from the HIPAA Journal and details how Northwestern Memorial Hospital in Chicago dealt with employees who choose to access the records of Jussie Smollett without proper authorization or medical reason to do so.  It’s an article that provides some good lessons.

A major case of snooping on celebrity medical records has been reported that has resulted in ‘dozens’ of healthcare workers being fired from Chicago’s Northwestern Memorial Hospital for accessing the medical records of Jussie Smollett without authorization.

Jussie Smollett attended the hospital’s emergency room for treatment for injuries sustained in an alleged racially motivated attack by two men on January 29, 2019.

Following a police investigation into the alleged attack, Chicago Police Superintendent Eddie Johnson announced that the Empire actor had been arrested on February 21 and charged with disorderly conduct and filing a false police report. The police allege that the attack was a hoax and that it had been staged by Smollett as a publicity stunt.

Curiosity got the better of some employees at Northwestern Memorial Hospital who searched for Smollett on the hospital’s system, some of whom accessed his chart and viewed his medical records.

Accessing the medical records of patients without authorization is a violation of Health insurance Portability and Accountability Act (HIPAA) Rules and can result in disciplinary action and, in certain cases, criminal penalties for the employees concerned.

Northwestern Memorial Hospital reviewed PHI access logs and took decisive action over the privacy violations. Employees found to have snooped on Smollett’s medical records were fired.

Northwestern Memorial Hospital has neither confirmed that Smollett was a patient nor provided information about the number of employees that have been terminated, stating that HIPAA prevents such information from being disclosed.

Some employees that were terminated have spoken to the media about the incident. CBS Chicago claims dozens of hospital employees have been terminated for the HIPAA violations while NBC Chicago has reported there have been at least 50 terminations for snooping.

1 comment: