Inside the privacy debacle.
Related posts:
- Doctors, nurses, HIPAA and Britney Spears
- Britney Spears’ and her figure
- Britney Spears and Dr. Phil
- A psychiatrist analyzes Britney Spears
- HIPAA is impeding research this time
- How HIPAA harms patients
- UCLA must have missed the HIPAA memo
KevinMD.com on Facebook
{ 8 comments }
The headline is a little misleading. HIPAA has never been enforced, not the patient privacy aspect of it anyway, and there does not appear to be any mention of HIPAA action in the linked article.
There is a mention that the State DoH might be opening an investigation, which is rather different.
From a corporate compliance point of view, the hospital will almost certainly be exonerated for its prompt and appropriate response to employee misbehavior.
The real point might be that HIPAA, like it or don’t, is the big scary threat that made hospitals take privacy seriously enough to set and enforce internal standards.
I guess there are 2 standards of discipline for these violations. Physicians are reprimanded and the rest of the staff get terminated.
Yet more lenient treatment for the “do no harmers.” One would suspect that the “best and the brightest” would be held to a higher standard than just lowly staff, but as with about everything else the dichotomy of privilege vs. responsibility is once again evidenced.
First of all, the doctors are usually not hospital employees, so there has to be differential treatment. You can’t fire someone who doesn’t work for you, though you can restrict or terminate their medical staff privileges. That’s easier said than done, as there is a due process right to a hearing and other administrative requirements before you can give them the boot.
Honestly, for a first offense, I doubt they will get thrown off the staff, nor should they. A better question is why the hospital was so quick to fire the employees, presuming there were no prior warnings or transgressions. If they fired unionized employees, there may be cause for action. It’ll be interesting to see.
We’ve already been lectured in my med school class about accessing patient records for patients not directly under our care or that of our attending physician. My school is in a large city and our trauma center routinely attracts Hollywood celebrities, NBA players, and other very recognizable stars. I have to admit it will be tempting NOT to ask around about So and So and why he’s there…they installed a program to record who’s been looking at records, so this would not happen at my hospital. Everyone knows they can track your activity so no one would dare try it here.
“Physicians are not usually hospital employees” – Correct in most cases but not at UCLA or other UC system hospitals. Almost all are employees either faculity working for the school of medicine or Residents in training.
Hospitals are required to train our workstaff through various times in their employment. At most academic medical centers physicians are employees and therefore a part of the covered entity’s work staff.
The federal regulations (remember – this is law not some arbitrary thing) require a covered entity to apply sanctions without regard to role within the covered entity.
UCLA is an academic medical center, trained their staff on numerous occasions, sent warnings to staff, and their policy allows for termination based on accessing PHI without a business/TPO need.
Therefore – how can UCLA defend itself in what appears to be their applying their sanctions in an manner that is not equal amongst workforce?
The staff should push this point as it will help all of us who have this argument daily (the physicians are a very tough group to get sanctioned and the administration is often not helpful – and allege faculty code issues).
BTW, it came out today that all of the presidential candidates passport files have been breached.
Does anyone seriously think that this will not happen routinely with a national health information database?
Comments on this entry are closed.