Half the people posting on this would have done the same thing out of curiosity. I won't assume that these workers weren't doing the same thing but maybe they were in it to find a way to make money. Either way, I think people are too quick to judge them. Lots of people look at private documents to assuage their curiosity.

Most unwise, and as much as the hospital staff needed to avoid even the appearance of impropriety, so the hospital administration needed to avoid even the appearance tolerating impropriety. Interesting though, that usually the accountability comes after the crime has been done. These got nailed midstream.

Lots of people look at private documents to assuage their curiosity.

Lots of people are wrong exactly because they are "private" documents, additionally, they are confidential documents and violate the privacy of patients. That is the law, not for amusement and curiosity seekers.

I am glad they got fired. They violated HIPAA regulations that they were well aware of and should have known better. They were probably trolling for information that they could sell to one of the scandal sheets you see in the supermarket to try and make a few extra bucks. We have lost enough of our privacy in recent years without people like this breaking the law and making it even worse. With the exception of Gabrielle Giffords, these people are private citizens and deserve to be able to keep their lives and personal information private.

That is the law

I'm pretty sure the law doesn't forbid nurses from looking up patient records... it only forbids releasing that info to the public. Nevertheless, it is probably against hospital policy for nurses to look up records of people that aren't their patients... of course, if I were one of those nurses, I'd turn around and sue the hospital knowing that the hospital could not divulge in public court that the patient wasn't one of theirs because that would violate the HIPAA act... Oh sure it'd be wrong, but that's what I'd probably do... well actually, what I'd do is not look up the info in the first place but simply ask a friend that is one of the nurses working with her how she's doing.

The HIPPA law only allows access to patient records on a strick need to know basis. Even if they have the need to access records, they can only access certain portions that pertains to their specific need to care for the patient. For instance, a nurse can access patients allergies to certain foods or meds if they're going to be administering any but they don't need to know their entire medical history or past admissions unless it has a significance to their present care.

Naturally when lawyers codify ethical matters, the end result are regulations with unintended consequences. An example is highlighted in CarolynG's reply. It is very easy to overlook allergies and drug contraindications when access is limited, that is sometimes some important indicators are in the full chart. The hospital took the correct internal action, they simply should have kept the entire matter internal; there was no reason to issue a public statement. The resulting law suites in this incident will benefit more lawyers who can then support more extensive legislation. This is one reason there is so much vitrolic dialogue.

@ Carolyn a nurse has access to a patients entire record and medical history but to only those that are under their care or if a charge nurse on their unit. Nurses from other units sometimes get curious and will assess patient information from other area's of the hospital which isn't appropriate. Support staff would not need any access to most patients unless they are on respaitory therapy or physical therapy or lab personal.

How many times have you seen a hospital spokesman come out and report on the condition of a critically wounded comotous patient. They have no right to do so, the patient, didn't and could not have consented. I think there is a double standard here, HIPPA applies to nurses, not to the fat cat doctors and hospital spokesmen looking for publicity, because they get to treat a celebrity patient. If it's going to be enforced, do it equally.

Support staff would not need any access to most patients unless they are on respaitory therapy or physical therapy or lab personal.

Or for billing... kinda hard to bill for services if you have no idea what services were rendered.

Where are the criminal indictments? An example must be set. If it is not a criminal offense then it needs to be. Arizona passed the funeral protest law instantly, why not this?

@Gil- I'm willing to bet that the hospital doctors and spokespeople have permission from Rep. Giffords' husband for all the things they tell the public.

"Disgruntled American Man

Half the people posting on this would have done the same thing out of curiosity. I won't assume that these workers weren't doing the same thing but maybe they were in it to find a way to make money. Either way, I think people are too quick to judge them. Lots of people look at private documents to assuage their curiosity."

When medical staff are hired, they have to sign a confidentiality agreement, so that they know what the consequences are for accessing or disclosing patient information.

They are given training, once per year, on how to treat patient information.

"Health Insurance Portability and Accountability Act
From Wikipedia, the free encyclopedia
Jump to: navigation, search

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (P.L.104-191) [HIPAA] was enacted by the U.S. Congress in 1996. It was originally sponsored by Sen. Edward Kennedy (D-Mass.) and Sen. Nancy Kassebaum (R-Kan.). According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.

The Administration Simplification provisions also address the security and privacy of health data. The standards are meant to improve the efficiency and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in the U.S. health care system.

Privacy Rule

The effective compliance date of the Privacy Rule was April 14, 2003 with a one-year extension for certain "small plans". The HIPAA Privacy Rule regulates the use and disclosure of certain information held by "covered entities" (generally, health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions.)^[10] It establishes regulations for the use and disclosure of Protected Health Information (PHI). PHI is any information held by a covered entity which concerns health status, provision of health care, or payment for health care that can be linked to an individual.^[11] This is interpreted rather broadly and includes any part of an individual's medical record or payment history."

The penalty for access and/or disclosure of PHI, by a covered individual ranges from oral reprimand to termination of employment.

Z1P2

"That is the law

I'm pretty sure the law doesn't forbid nurses from looking up patient records... it only forbids releasing that info to the public."

Nurses or anyone else can't be looking up patient information without authorization and a need to know.

Careleast

"Naturally when lawyers codify ethical matters, the end result are regulations with unintended consequences. An example is highlighted in CarolynG's reply. It is very easy to overlook allergies and drug contraindications when access is limited, that is sometimes some important indicators are in the full chart. The hospital took the correct internal action, they simply should have kept the entire matter internal; there was no reason to issue a public statement. The resulting law suites in this incident will benefit more lawyers who can then support more extensive legislation. This is one reason there is so much vitrolic dialogue."

Carolyn G has stated the rules, correctly, and you have no clue as to what you are talking about.

Gil-2872519

"How many times have you seen a hospital spokesman come out and report on the condition of a critically wounded comotous patient. They have no right to do so, the patient, didn't and could not have consented. I think there is a double standard here, HIPPA applies to nurses, not to the fat cat doctors and hospital spokesmen looking for publicity, because they get to treat a celebrity patient. If it's going to be enforced, do it equally."

How do you know whether or not the doctor is authorized to disclose information about specific patients?

And, BTW, it's HIPAA, not HIPPA.

"Z1P2

Support staff would not need any access to most patients unless they are on respaitory therapy or physical therapy or lab personal.

Or for billing... kinda hard to bill for services if you have no idea what services were rendered."

And once, again, you have no clue as to what you are talking about.

Everyone, working in a doctor's office or hospital is a covered entity. Even if the doctor's office contracts with an outside company to do their billing, they are a covered entity under HIPAA rules.

Please get educated. It's easy. Just google "HIPAA".

Z1P, the law also requires that the hospital INFORM the patient of the "leaked" data, who received such information and how ... and without disclosing that info to anyone else, if that patient choses to take that peeping tom to court ... all that info is able to be used in court and the court can SEAL the court records to protect the patient who was violated while still utilizing what was usurped.

The making money of such leaks is not what is required for such lawsuits ... merely the intentional, unauthorized access is grounds for both being fired (the hospital taking appropriate remedial action) and held liable in a civil court of law for punative damages. I do not work in the medical professions, but do know they are very much the same as the disclosure laws I had to observe while dealing with federal taxpayers day in and day out when I was an IRS employee.

Asking a nurse the condition of a patient is also a violation of HIPAA regulations. Any patient information, no matter how it's obtained, without consent of the patient is a violation!

Exactly. PHI is sacred. They knew better.

Of course they knew better. YOu have to take a HIPAA class before your first day of work then every year thereafter. There was no excuse for accessing those records. They were probably looking to sell the info to those rag magazines.

Having been a nurse for 27 years, and a Unit Manager for the last 10, many times it's just a matter of curiostiy and not necessarily a scandal or a way to make money.

HIPPA does NOT protect you from your records being released. ER visit my records were sent to 4 different hospitals, one over 300 miles away. Not a one of them had a need for my records. Filed complaint with HIPPA and was told that the doctor can release my records to any medical facility or other doctor they want to release them to, with or without my permission. HIPPA did nothing to protect my records. And did nothing about the faxing of my records all over the state.

They knew. I work in the medical field and yes, we're told of audits before we even begin their first day of work. They were idiots who either ignored the warnings or didn't pay attention. Stupid, stupid move.

I've worked on medical devices. After all the encryption we go through to securely get the data to the database you would think only people who have a need to know would be able to access it. Thank goodness they at least audit the accesses. Firing them should only be the first step.

They don't realize how much they screwed themselves. The hospital I work in is part of a nine hosptial system. Meaning, all nine hospital falls under one administration. Massive hospital mergers are the norm today. The good part is, if there is an advanced position for you at one of those hospitals, you only need to put in a transfer and skip the application process. The bad part is, if you're fired from one hospital, you're ineligible for hire in all nine hospitals. Sucks to be them.

Less likely that they were going to sell it, more likely they were just curious about the case that's been all over the news the last several days. They know they aren't supposed to look at any records that they don't have a legitimate professional reason to look at, but if curiosity overwhelmed them it can seem really private at a person's desk, even though you leave a digital fingerprint on every file you open. It's still bad and they still should have been fired, but I'm not convinced they were looking to actively sell off the info.

And the jail house too. We had a deputy sheriff arrested & suspended pending outcome, yesterday for unauthorized accessing jail house records.

"everyone at the bank looks up my bank records and credit stuff just to see what and how i spend my money.."

Sure if it is there job description....but everyone...thats an exageration...nobody is that important except in their own mind.

That's funny. I was once a teller & my mother-in-law accused me of the same thing. I never one time looked up anyone's financial matters "out of curiosity". Who really cares?

Now I am a nurse. All hospital staff are well aware of HIPPA regs. Some people look at medical records out of curiosity. NOT necessarily to sell the information. The people who wrongfully accessed these records were correctly fired. Calls for harsher penalties are overkill.

FYI: If a person is my patient then I have full access to their entire medical record but I do not have time to go snooping in all records that do not pertain to the immediate need. I never have & never will.

if the discussion is going to be about how many or if it is a majority or a minority then fine, but if one person looks up the info just to fill their curiosity then it is a problem...

the system is based on privacy...

Under "Wrongful Disclosure of Individually Identifiable Health Information," Section 1177 states that a person who knowingly:

uses or causes to be used a unique health identifier;
obtains individually identifiable health information relating to an individual; or
discloses individually identifiable health information to another person,
shall be fined not more than $50,000, imprisoned not more than 1 year, or both:
if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and
if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both.

http://www.training-hipaa.net/hipaa_resources/Violation_Penalties.htm

Or were you being facetious?

Please read my post above. You will not get away with kiss and tell where I work or where our software is installed. Also, HIPAA is old news, even more teeth in the new HITECH act. Look it up...http://www.hipaasurvivalguide.com/hitech-act-13410.php

We have 0-tolerance where I work as well. I won't even say an address outloud, spell your name outloud or repeat a phone number. We shred EVERYTHING with more than a first name on it.
I am often asked to verify a MR #. And my answer is always a polite but firm, "NO. That's a HIPAA violation." What gets me is some people are appalled that I'm not more forthcoming with that info. Or they introduce themselves beginning with their SSN. I'm forever interrupting by saying, "Please don't give that out, I don't need to know that."
Even in my personal life. I won't share a phone number from family to family without express permission.

I think that is an excellent idea! The press should have to comply with HIPPA too.

"just1girl

I think that is an excellent idea! The press should have to comply with HIPPA too.

The press would not have any personal patient info, unless it was disclosed by an entity covered by the HIPAA rules.

Sorry - there are a lot of people who have moral values and wouldn't even think of violating privacy laws.