Back in June, the victims of the horrific Orlando shooting at Pulse Nightclub were also victims of a privacy breach when their personal health information was accessed without authorization by a few curious employees at Orlando Health Hospital. The hospital confirmed that employees have previously received HIPAA training on patient privacy. However, they are now retraining staff and increasing auditing and monitoring of patient records in response to the breach. Experts say the hospital could be responsible for penalties up to $100,000 depending on the severity. A high price for personal curiosity.
According to a study reported in the HIPAA Journal the most common cause of HIPAA security breaches is small scale snooping by employees. For example, if an employee see’s their neighbor or friend visiting the office and out of curiosity looks at the patient’s record to see why they are there, this is considered a breach of privacy. Another similar example is if an employee sees something on the news such as a car accident or shooting and reviews a patient record to find out what has happened. Both are common examples of employees snooping or being curious and violating HIPPA patient privacy laws. This type of breach not only puts an organization or medical practice at risk for a violation or hefty penalty, but it also threatens the organization’s reputation and damages patient trust.
Civil penalties for a HIPAA violation can range from $100 to 1.5 million. Criminal penalties can include up to $250,000 in fines and possible imprisonment for up to ten years depending on the severity. To protect patient privacy, and avoid such hefty penalties organizations, and medical offices must be vigilant about making security a priority. The following are a few best practices to prevent a privacy breach from happening:
While it may not be possible to prevent all employees from snooping, the risk of a breach can significantly be reduced by implementing an effective ongoing training program. If you or your medical office has a question regarding HIPAA privacy laws or HIPAA employee training, contact the experts at MedSafe at 1-888-MEDSAFE or visit our website at www.medsafe.com.