Two separate incidents where HIPAA has been violated have led to healthcare workers being fired from their positions in Michigan and Illinois.
In Michigan Mercy Health terminated an employee for allegedly breaching the HIPAA Privacy Rule. A nurse at Hackley Hospital in Muskegon, MI was sacked on April 3, 2020. The termination came not long after the nurse voiced worries, in media interviews, relating to the level of preparedness of the hospital for the COVID-19 pandemic and how an apparent lack of preparedness put safety in danger. The nurse contacted the Michigan Nurses Association Labor Union, which claimed that Mercy Health terminated the nurse due to this course of action. Due to this the Labor Union also filed a charge with the National Labor Relations Board.
The Labor Union said in an April 21, 2020 press release: “Howe’s termination came on the evening of April 3, days after he had publicly raised concerns about lack of appropriate PPE and the need for improved screening measures to keep nurses and healthcare workers safe during the COVID-19 pandemic”.
10 days following the firing of the nurse, and one day after the press release was issued by the Labor Union, Mercy Health released a press release of its own outlining that the nurse was fired for multiple breaches of HIPAA Rules. Mercy Health said it does not, typically, publish details about employment matters related to its workers but was forced to speak out due to the “misinformation campaign” led by the Labor Union.
Mercy Health alleges that the fired nurse, Justin Howe, was terminated for viewing the medical records of multiple patients over a period of many different days. The records were for not for patients receiving treatment at the campus where the nurse was employed and there was no legitimate work reason for accessing those records. Mercy Health claims that Howe was not the only nurse sacked for improper medical record viewing.
Mercy Health’s press release said: “We have mechanisms in place to monitor for inappropriate access of privileged information. As part of this review process, Mr. Howe along with others were terminated for the same. This investigative effort is still in process.”
Meanwhile, Ann & Robert H. Lurie Children’s Hospital of Chicago has fired a healthcare worker for illegally accessing the medical records of patients without authorization over a time period of 15 months.
The privacy violations were noticed by the hospital on March 5, 2020. Due to this the employee’s access to hospital systems was immediately disabled while an investigation was initiated. After reviewing access logs, the hospital discovered that the employee had accessed the medical records of 4,824 patients without proper permission from November 2018 to February 2020.
The spectrum of information accessed included names, addresses, dates of birth, diagnoses, medications, appointments, and medical procedures. No health insurance information, financial information, or Social Security numbers is thought to have been impacted.
No reasoning has been provided for the accessing of the medical records, but the hospital says it has no reason to believe the employee obtained, misused, or disclosed the information to anyone else. The hospital said the employee no longer has a position at the hospital.
This is not the first time something like this has taken place at Lurie Children’s Hospital. A similar incident was identified during November 2019, when the hospital became aware that a former employee viewed the medical records of patients without authorization between September 2018 and September 2019.