Follow these tips to protect yourself when terminating peeping employees.
You know what curiosity did to the proverbial cat, and the consequences are just as dire when you have curious employees meddling in your patients’ records. If an employee is accessing patient information for personal or otherwise non-business purposes, this is a HIPAA violation (and technically a breach). Here’s what you can learn from this recent breach case.
Prying out of Curiosity is Not Okay
Background: San Francisco-based California Pacific Medical Center (CPMC), an affiliate of Sutter Health, recently notified 844 of its patients after a self-audit of its electronic health record (EHR) system revealed inappropriate “snooping” by an employee, according to a Jan. 23 CPMC announcement.
The initial audit revealed that a pharmacist employee accessed 14 patients’ records, but an expanded investigation identified 844 patients whose records the pharmacist may have accessed without an apparent business or treatment purpose, CPMC said. From October 2013 to October 2014, the employee accessed information like patient demographics, Social Security numbers (last four digits only), clinical information and diagnoses, and prescription information.
CPMC fired the employee and notified the 844 affected patients. “CPMC has no evidence of a malicious intent or any unauthorized sharing of patient information by the employee,” the provider stated. “CPMC believes that the employee accessed the information out of curiosity.”
Cultivate a ‘No-Spying’ Culture
Employee “snooping” is nothing new to the world of HIPAA data breaches — but it’s a big problem, especially because employers are suffering the consequences for employees’ bad behavior. “There have been a number of cases where the employers were held accountable,” such as the cases of Walgreens and the University of California Medical Center, according to a recent blog posting by Mary Beth Gettins of Gettins’ Law LLC.
So what can you do to prevent, or at least mitigate the impact of, employee snooping? Gettins offered the following tips:
Cover Yourself When Terminating Employment
Caveat: But if you fire an employee for prying, this could cause liability on the employee front, Gettins warned. Make sure you have the following in place before firing a nosy employee:
Lesson learned: Have the above items in place before firing the employee, so you can minimize your risks of claims for unemployment compensation, wrongful termination, and discrimination, Gettins advised. And beware that if you fail to take action in the event of improper access to health information by an employee, you’re violating HIPAA and other health care laws — and you could damage your reputation and expose your organization to claims for liabilities and damages.