informa
/
Application Security
Quick Hits

Your Health Is None of Your Damn Business

Workers at Wyoming hospital reprimanded for breaking HIPAA rules to look at their own health records

Hospital workers got a harsh reminder this week that they can't capriciously use medical computer systems to check out health records -- even their own.

Over the past month, Wyoming's Ivinson Memorial Hospital has fired one employee, suspended two, and reprimanded four for violating the Health Insurance Portability and Accountability Act, which went into effect in 2003 in an effort to better protect patients' privacy.

Those who were reprimanded also looked at records other than their own, but several other employees have since acknowledged looking at their own records, the Laramie Boomerang newspaper reported.

"You can't look at your own records or any family member records unless there is a clinical need to do so," said Nick Braccino, interim chief executive of the hospital. "If you are doing so just because they are there and you have a private interest, you are violating HIPAA regulations and patient confidentiality."

No patients who looked only at their own records will be fired, Braccino said.

Many of the employees probably looked at their own records with harmless intent, said hospital trustee, Shelbie Bershinsky.

"I've been in health care 19 years and I, until today, I didn't think there was anything wrong with me looking at my records," she said. "I now know that I shouldn't do that."

Trustee Dan Baccari pointed out that employees are allowed to view their own information under certain conditions.

"There is an appropriate process for employees to inquire about their medical or financial information," Baccari said.

— Tim Wilson, Site Editor, Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5