Protection of patient privacy is serious business. Allina Hospitals and Clinics recently demonstrated zero tolerance for violations of its privacy policy when it fired 32 employees for inappropriately looking at the electronic health records of patients involved in a recent mass drug overdose case. "We take our obligation to protect patient privacy very seriously," according to an Allina statement released following the incident. "Anything short of a zerotolerance approach to this issue would be inadequate." Allina's actions fall in line with the provisions of HIPAA which prohibit any health worker from accessing the health records of a patient unless they are actively participating in her/his care. "HIPAA is quite clear that a patient's records may only be accessed by those who have a business reason to do so, such as participation in or supervision of care," Kenneth N. Rashbaum, Esq. of Rashbaum Associates, LLC, New York, NY told Eli. "It is, for the most part, impracticable to 'lock out' certain caregivers from access to patient information as they may be called upon to consult on that patient's care (such as caregivers in such areas as cardiology, neurology, infectious diseases, vascular surgery and other specialties), so hospitals must rely upon clearly written procedures, and training on those procedures, to comply with the provisions of HIPAA described above. They must also monitor compliance, again, where practicable." According to an editorial comment in the Rockford Star Tribune on May 14, 2011, an Allina investigation found that staffers at nearby Unity Hospital in Fridley and Mercy Hospital in Coon Rapids inappropriately accessed patients' medical records. Allina terminated 32 people for not only accessing these records, but in some cases going deep into the file to see notes and other details said the same editorial comment. "We were devastated that we had to lose these 32 people," said Allina spokesman David Kanihan. "Many of these people were really good employees. We didn't want to have to do this. However, patient privacy comes first."