Mayo's apparent zero-tolerance approach to such internal breaches of protected health information is commendable, especially for such a high-profile organization that others look to as a model. It provides an example of how to protect patient privacy as called for in the HITECH Act and its toughened HIPAA privacy and security rules.
Fairmount Medical Center in Minnesota, part of Mayo Health System, announced it fired six employees for violating privacy policies. "In this situation, one patient's record was inappropriate accessed," the hospital said in a statement. "While the intent does not appear to have been malicious, it is a serious violation of a patient's privacy and the trust placed on us as a healthcare provider."
Mayo's zero-tolerance approach to internal breaches of protected health information is commendable.
In addition, a Mayo Clinic financial business unit employee was fired for accessing patient records beyond the scope of their job responsibilities. According to a notice on the Department of Health and Human Services' Office for Civil Rights' list of major breaches, that incident affected 1,740 patients.
Mayo was very sparse with details in announcing its actions in the two cases, which is regrettable. If the internationally known organization spelled out the details more thoroughly, others could learn even more from the incidents.
But I'm glad that Mayo pointed out that the firings at Fairmount were for actions that apparently did not have malicious intent. That means that snooping into records that you shouldn't be viewing, for any reason, is intolerable. And that's a powerful message, one that all of healthcare should consider.