16 Employees Fired for HIPAA Violations

by James Lawson

Normally I see HIPAA violations news stories when my Google Alert emails me about one of my keywords. As I was sitting drinking my morning coffee, you can imagine my surprise when I heard that one of my local hospitals had fired 16 employees for HIPAA violations. All of them were looking at the chart of a Baylor College resident who was shot.

The Harris County Hospital District runs three separate hospitals, including a popular level one trauma center. Most of the gunshot victims and other traumas are taken to the Houston Medical Center, so I assume they’ve dealt with employees inappropriately accessing patient records before. However, I can’t remember ever hearing about so many HIPAA violations. I have to wonder whether it’s happened before or it’s not normally reported to the news.

I also wonder whether these violations were found due to a complaint or to proactive audits? If there was a complaint, I expect many violations have occurred without consequences. This is why it’s critical to have a tool that exposes HIPAA violations. It’s likely that the Harris County Hospital District doesn’t have a tool like this, because when hospitals install security auditing tools they usually implement an employee training and awareness plan so people know that if they look they will be caught. It sounds like these employees had no idea they would be caught for inappropriately looking at patient data.

I’ve seen several news stories on these violations now; the Harris County Hospital District is getting a lot of unwanted attention and the damage to their credibility is likely quite significant. Interestingly enough, I don’t believe any fines have been levied yet. Based on some of the latest legislation changes, these fines are likely to be expensive.

I have many friends who work in this hospital system and am thankful that none of them were included in the list of violators. For more information, check out the  news story that appeared on ABC13.