March 13, 2019
Dozens of employees at Northwestern Memorial Hospital in Chicago, Illinois, were reportedly fired last week, accused of violating the HIPAA (Health Insurance Portability and Accountability Act of 1996) by accessing the electronic health record (EHR) of former "Empire" actor Jussie Smollett, according to several news reports.
NBC Chicago reported that "at least 50" employees were fired, citing anonymous sources.
Northwestern Medicine told Medscape Medical News that it could not comment on the reports of firings, citing privacy reasons.
Smollett reported to Chicago police in January that attackers assaulted him and yelled racial and homophobic slurs. He was taken to the hospital. Police and prosecutors now allege the report was a hoax meant to generate publicity, and Smollett now faces multiple felony charges.
The Chicago Sun-Times quoted an unnamed Northwestern hospital administrator as saying she was fired after an employee in another department came to her desk and asked if Smollett had been admitted under an alias.
The newspaper quoted the fired employee as saying she "didn't ask why the information was needed because she believed it to be a professional request."
An unnamed nurse who was fired told CBS Chicago that she never accessed Smollett's chart but simply scrolled past it when looking for another patient's name.
A surgical nurse who was fired told NBC Chicago, "Simply put, it was just morbid curiosity. I went into the charting system and started to search his name."
She said she didn't open Smollett's chart but knew that searching his name was wrong.
"If I could take it back, I would," she was quoted as saying.
NBC Chicago reported that another nurse, who was not fired and who asked not to be identified, said people were fired from Northwestern facilities throughout the Chicago area.
"Officially, we have been told that every employee involved in the breach of Mr Smollett's HIPAA information was terminated," the nurse was quoted as saying.
'It Happens a Lot'
Healthcare attorney Karin Zaner of Zaner Law PC, in Dallas, Texas, told Medscape Medical News that healthcare system employees' accessing of health information for people not in their care is a common HIPAA violation.
"It happens a lot, but the celebrity cases are the ones we hear about," she said.
She noted that the violations are easily tracked and that cases can be easy to prove with current technology.
Medscape Medical News reported last year on a JAMA study that found that more than 176 million confidential health records were breached between 2010 and 2017, including 37.1 million records controlled by healthcare providers.
Becker's Hospital Review reported in 2017 that 13 employees at the Medical University of South Carolina in Charleston were terminated after administrators determined they had viewed patient records without permission.
In another famous case, the University of California, Los Angeles, Medical Center, where singer Britney Spears was hospitalized in early 2008, fired 13 employees and suspended six physicians for accessing her medical records without a valid reason.
In addition to loss of employment, criminal and civil penalties are possible in these kinds of cases, Zaner said.
She warned that protected health information has a broad definition and that any employee of a healthcare organization should know the rules surrounding it and the consequences for accessing it or disclosing it.
If there's any question about whether you have legitimate permission to look at a patient's information, "Don't do it," she said. "It's not worth it."
SOURCE: Medscape, March 13, 2019.