3 Employees of University of Arkansas Medical Sciences Fired for Patient Privacy Violation
The University of Arkansas Medical Sciences (UAMS) fired three employees because of an alleged violation of HIPAA Rules. According to the report, the three employees saw the protected health information of a patient and impermissibly disclosed it by publishing it on Facebook.
All employees of UAMS undergo training on their responsibilities of protecting patient privacy and adhering to HIPAA requirements. Despite the required training, one employee still violated the rules and disclosed a patient’s information including name, age, employment information, HIV status and surgical history to a co-employee. The employee in turn shared the information to a friend who shared the PHI on Facebook. A third employee denied playing any part on the patient privacy violation. But the fact that he was aware of the disclosures made by his co-employees, he should have reported the incident to the hospital.
Upon discovery of the HIPAA violations, the hospital took immediate action and fired the three employees from their job for violating not just the HIPAA Rules but also the hospital’s code of conduct. UAMS is also making sure that the same incidents won’t happen again. The hospital is also trying to resolve the privacy violation together with the patient.
There was no clear explanation about the motives of the employees for their action. But there’s no doubt that they knew about their responsibilities to protect patient privacy yet they violated it and breached federal regulations. Aside from being terminated from work, the employees could face criminal charges for HIPAA violation as the matter has been referred to the U.S attorney general’s office.
Through this incident, healthcare employees should know and be warned about the potential consequences of HIPAA violations. An employee who knows about a co-employee’s violation but fails to report it may also suffer the loss of his job. If you’re an employee of an organization and you happen to discover a HIPAA violation, you should report the incident to your privacy officer so that your officer can promptly take action to limit the resulting harm.