It takes Britney Spears to enforce HIPAA

The headline is a little misleading. HIPAA has never been enforced, not the patient privacy aspect of it anyway, and there does not appear to be any mention of HIPAA action in the linked article.

There is a mention that the State DoH might be opening an investigation, which is rather different.

From a corporate compliance point of view, the hospital will almost certainly be exonerated for its prompt and appropriate response to employee misbehavior.

The real point might be that HIPAA, like it or don’t, is the big scary threat that made hospitals take privacy seriously enough to set and enforce internal standards.

Yet more lenient treatment for the “do no harmers.” One would suspect that the “best and the brightest” would be held to a higher standard than just lowly staff, but as with about everything else the dichotomy of privilege vs. responsibility is once again evidenced.

We’ve already been lectured in my med school class about accessing patient records for patients not directly under our care or that of our attending physician. My school is in a large city and our trauma center routinely attracts Hollywood celebrities, NBA players, and other very recognizable stars. I have to admit it will be tempting NOT to ask around about So and So and why he’s there…they installed a program to record who’s been looking at records, so this would not happen at my hospital. Everyone knows they can track your activity so no one would dare try it here.

Hospitals are required to train our workstaff through various times in their employment. At most academic medical centers physicians are employees and therefore a part of the covered entity’s work staff.

The federal regulations (remember – this is law not some arbitrary thing) require a covered entity to apply sanctions without regard to role within the covered entity.

UCLA is an academic medical center, trained their staff on numerous occasions, sent warnings to staff, and their policy allows for termination based on accessing PHI without a business/TPO need.

Therefore – how can UCLA defend itself in what appears to be their applying their sanctions in an manner that is not equal amongst workforce?

The staff should push this point as it will help all of us who have this argument daily (the physicians are a very tough group to get sanctioned and the administration is often not helpful – and allege faculty code issues).