Not really a vacation, they were FIRED.
Allina hospital in Minneapolis fired 28 employees who “were found to have violated the federal patient privacy rule known as HIPAA” as reported by the StarTribune paper.
“Although they were patient-care providers, none of them were caring for the 11 people hospitalized.”
This clarifies it was not accidental viewing by janitor or someone similar who may not know what PHI is.
Why does this happen? How does this happen?
I imagine if one were to review the Annual HIPAA Awareness training the hospital conducts…might they find it isn’t occurring?
How about ensuring the HIPAA Policies are up to date and in line with expectations? Another training issue to be sure.
There may be a slim argument that these care-givers shouldn’t have had access to these records, but this is not realistic as they are care-givers and could come across a need to access these records.
The basic version of this is ensuring that all employees are setup correctly in the EHR. Correctly meaning a non-caregiver shouldn’t have access to patient medical records.
Well, in this case that basic level has to be taken to the next level which is, generate a report of who looked at which records and cross-reference that with whether those care-givers were dealing with the patient records they viewed.
This is a messy issue, but it is a requirement.