HIPAA Blog

[ Friday, June 16, 2023 ]

 

 Snooping Results in Quarter Million Dollar Fine: Breach threats can be external (hackers and stolen data) or internal (lazy or ill-intentioned employees who lose or steal data).  One of the more common types of insider breach incidents is snooping -- staff look at medical records they shouldn't, often records or a friend, family member, or celebrity, and usually out of curiosity.  I often advise clients to be on the lookout for snooping, by flagging celebrity files so that any access is immediately reviewed and training medical records staff to pay particular attention to the records of known family members of staff.  Warnings against snooping should be a regular part of HIPAA training, if the facility is such that family members of staff or celebrities are likely to be patients.  And when snooping is detected, punishment should be relatively harsh, pour le encourager des autres.

Yesterday, OCR announced it had levied a $240,000 fine against Yakima Valley Memorial Hospital for a snooping violation.  According to OCR's report, 23 members of the hospital's ER security staff accessed records of 419 individuals when they had no legitimate reason to do so.  

The case is interesting in that at 419 affected individuals, it's likely that the incident was reported as part of Yakima Valley's annual reporting, and not reported when it occurred.  It is unusual for OCR to issue fines for breaches this small, particularly with regard to a type of incident that is so common.  


Jeff [12:48 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template