[ Monday, January 30, 2006 ]
: Remember when President Clinton went in for a heart procedure at NY Columbia Medical Center and a bunch of folks on staff not working on his case tried to access his medical records and got fired for doing so? Well, a similar event
occurred in Salt Lake City, this time involving a different president: the leader of the Mormon church. The employee gave her username and password to a coworker who had lost her internet privileges, and the coworker used the access to get medical information on the church leader and send an email to media outlets informing them of the LDS president's hospitalization. The lending employee has been fired, I'm assuming the disclosing employee has been fired, and OCR is investigating the hospital.
Obviously, sharing login information was forbidden by hospital policies, but apparently it wasn't all that uncommon. If you're responsible for training your staff on HIPAA matters, this story ought to be front and center in your teaching tools: violate out HIPAA policies, lose your job, end of story.
Jeff [10:37 AM]
Blogger: HIPAA Blog - Edit your Template