Privacy Protection: Deterring SnoopsHigh-Profile Patients Can Be Breach Targets
The Dayton Daily News in Ohio reported this week that Miami Valley Hospital sent a letter to accident victim Brennan Eden, informing him that four employees inappropriately accessed his medical records. Eden was in the news when he was involved in a spectacular car crash captured by police video on Aug. 23.
The hospital did the right thing in making Eden aware of the breach of his privacy. But a hospital spokesman told the newspaper that the four employees are being disciplined in accordance with human resources policy, declining to reveal the level of discipline. And that's a big mistake.
Punishing Privacy ViolatorsAs I pointed out in a blog earlier this month, Mayo Clinic took a much more clear-cut approach in similar circumstances. Mayo fired six employees for inappropriately looking at one patient's records and then publicized its disciplinary action.
A zero-tolerance policy, like Mayo's, can be a powerful deterrent.
Although Mayo was tight-lipped about the details of the breach, it did a good job of communicating a zero-tolerance policy toward internal privacy breaches.
A zero-tolerance policy, like Mayo's, can be a powerful deterrent. But at the very least, hospitals and others should spell out to record snoop victims, as well as the public, precisely how they disciplined those who violated their privacy.
Small Breaches Are Serious TooWhen it comes to breach prevention, much attention is being paid to avoiding major breaches affecting 500 or more patients, which must be reported within 60 days to the Department of Health and Human Services' Office for Civil Rights under the HITECH Act's breach notification rule.
But preventing smaller breaches, which must be reported to federal authorities annually, is equally important. Just ask Brennan Eden.
So how will your organization discipline employees who snoop at the records of celebrities, people in the news or any other patient? Have you got a clear-cut policy in place? We'd like to hear from you.