Ann & Robert H. Lurie Children’s Hospital of Chicago fired an employee for incorrectly accessing the medical records of patients without authorization for 15 months.
The hospital identified the privacy violations on March 5, 2020 and immediately terminated the employee’s access to hospital systems while conducting the investigation. After going over access logs, the hospital discovered that the employee had viewed the medical records of 4,824 patients without permission from November 2018 to February 2020.
The worker accessed the following types of information: names, dates of birth, addresses, diagnoses, prescribed medicines, visits, and medical procedures. There was no health insurance details, financial data, or Social Security numbers accessed.
There was no reason given as to why the employee accessed the medical records. But the hospital states it believes the employee did not acquire, misuse, or disclose the information to anybody else. The hospital also stated the employee is no longer employed at the hospital.
This is not the first data breach of its type to happen at Lurie Children’s Hospital. There was a similar incident discovered in November 2019. That time, the hospital discovered that a previous employee accessed patient medical records without permission from September 2018 to September 2019.
Mercy Health Fires Nurse for Multiple Privacy Violations
Recently, Mercy Health also took action against an employee for alleged violations of the HIPAA Privacy Rule. Hackley Hospital in Muskegon, MI terminated a nurse on April 3, 2020. The termination happened shortly after the nurse brought up concerns in media interviews regarding the hospital’s level of preparedness for the COVID-19 crisis and how the alleged insufficiency of preparedness put safety at stake. The nurse called the Michigan Nurses Association Labor Union, which said that Mercy Health dismissed the nurse for talking publicly. The Labor Union additionally filed a case with the National Labor Relations Board.
A Labor Union press release issued on April 21, 2020 stated that the termination of Howe on April 3 happened after he had publicly raised concerns concerning the shortage of suitable PPE and the need for improving the screening procedures to protect the nurses and healthcare workers during the COVID-19 pandemic.
10 days following the nurse was dismissed, and one day after the Labor Union’s press release, Mercy Health made a press release stating that the nurse was dismissed because of multiple violations of HIPAA Rules. Mercy Health stated it does not normally share information about job concerns related to its workers but was forced to speak out because of the “misinformation campaign” started by the Labor Union.
Mercy Health states that the nurse, Justin Howe, was dismissed for accessing the medical records of patients over a period of a couple of days. The records were not for patients getting treatment at the area where Howe worked and there was no legit work reason for using those data. Mercy Health states that Howe was not the only nurse dismissed for the improper access of medical records.
As per Mercy Health’s press release, the hospital is monitoring inappropriate access to privileged records. Mr. Howe and others were fired for the same. This investigative effort is still in the works.