The Security Scrutinizer with Howard Anderson

Mayo Gets Tough With Records Snoops

Firings Show Commitment to HITECH Privacy Policy
Mayo Gets Tough With Records Snoops

The Mayo Clinic empire is providing a good example of what to do with employees who snoop into patients' records. In recent weeks, the organization has fired seven employees for their actions.

Mayo's apparent zero-tolerance approach to such internal breaches of protected health information is commendable, especially for such a high-profile organization that others look to as a model. It provides an example of how to protect patient privacy as called for in the HITECH Act and its toughened HIPAA privacy and security rules.

Fairmount Medical Center in Minnesota, part of Mayo Health System, announced it fired six employees for violating privacy policies. "In this situation, one patient's record was inappropriate accessed," the hospital said in a statement. "While the intent does not appear to have been malicious, it is a serious violation of a patient's privacy and the trust placed on us as a healthcare provider."

In addition, a Mayo Clinic financial business unit employee was fired for accessing patient records beyond the scope of their job responsibilities. According to a notice on the Department of Health and Human Services' Office for Civil Rights' list of major breaches, that incident affected 1,740 patients.

Mayo was very sparse with details in announcing its actions in the two cases, which is regrettable. If the internationally known organization spelled out the details more thoroughly, others could learn even more from the incidents.

But I'm glad that Mayo pointed out that the firings at Fairmount were for actions that apparently did not have malicious intent. That means that snooping into records that you shouldn't be viewing, for any reason, is intolerable. And that's a powerful message, one that all of healthcare should consider.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.