By now pretty much everyone has heard about Jussie Smollett. It's a case that grabbed a lot of attention because it involved a celebrity. It was no secret that Jussie Smollett had admitted himself to Northwestern Memorial Hospital. At that point though his right to patient privacy was no different then anyone else.
The Health Insurance Portability and Accountability Act (HIPAA) created standards that require all covered entities (healthcare facilities, dentists, physicians, labs etc) to protect patient privacy by implementing policies, safeguards and providing employee training. Considering the magnitude and exposure of this case it's easy to see why over 50 healthcare workers at Northwestern Memorial Hospital were fired for violating HIPAA rules.
Issac Newton's Third Law of Motion says "For every action there is an equal and opposite reaction." and although Newton was talking physics we can use it to summarize this case.
"How" / Action
- Over 50 employees at Northwestern Memorial Hospital violated HIPAA's "Minimum Necessary" rule and accessed or discussed protected health information (PHI) about Jussie Smollett without having a need to use or talk about his treatment.
"Why" / Reaction- Northwestern Memorial Hospital made a fairly extreme decision to fire any employee that accessed or discussed Jussie's information without having a need during his treatment. HIPAA rules require that the hospital implement some type of "Corrective Action" in response to the employees accessing information beyond the scope of their job.
Conclusion - Due to the massive media coverage and sheer visibility of this scenario Northwestern Memorial Hospital decided to clean house and really emphasize their commitment to protecting patient privacy. It's very possible this spills into a HIPAA audit that will scrutinize all sorts of documentation including policies, training records, employee confidentiality statements and more.
Management has an obligation to determine the cause. Was it accidental or malicious? Has this happened before? Etc.
In most cases the punishment should fit the crime. Our policies include sanction guidelines and corrective action forms. These should be used anytime there is an incident that warrants a response.
Here's an example of our Sanction Policy Violation Form. This would typically kept with an employee personnel file.
If you have an incident be sure to document it and what was done to reduce the likelihood of another incident. At the time of hire employees should also be signing an employee confidentiality statement. This form explains their obligation of patient confidentiality and their commitment to only access and use the necessary amount of information to perform their job.
If you need policies or have questions about our products, please don't hesitate to give us a coll toll-free at 1-800-522-9308.
Our HIPAA bundle includes policies, forms, employee training, updates and phone support all for the low price of $269.95 + $ 13.95 S/H.