Britney Spears. Octomom. Farrah Fawcett. George Clooney. Maria Shriver. Michael Jackson. The list of celebrities whose medical records have been viewed illegally by voyeuristic hospital staff is long and shameful.
But the recent round of firings at two Twin Cities hospitals offers up new evidence that snooping victims aren't all VIPs -- an alarming development as paper records give way to electronic medical records called up with a few clicks on a computer.
There wasn't one famous person among the dozen young Twin Cities residents who developed dangerous reactions to a synthetic drug taken at a Blaine party back in March; a 19-year-old Coon Rapids man died. Yet an Allina investigation found that a shocking number of staffers at nearby Unity Hospital in Fridley and Mercy Hospital in Coon Rapids inappropriately accessed these young people's medical records.
This wasn't a situation in which a handful of rogue staffers gave the records a brief glance. Instead, Allina wound up terminating 32 people for not only accessing these records, but in some cases going deep into the file to see notes and other details. "We were devastated that we had to lose these 32 people,'' said Allina spokesman David Kanihan. "Many of these people were really good employees. We didn't want to have to do this. However, patient privacy comes first.''
Allina's move was swift and appropriately harsh -- especially given that these staffers had undergone training and were well-aware that they were violating the nation's health privacy law.
The young people entrusted to the care of Minnesota's world-class health care providers had their dignity and privacy violated. It's clear the staff didn't think through the harm their actions could cause.
These patients are young, and they made a mistake. Having others in the community know they experienced a drug overdose could damage their reputations and potentially their future job prospects in these north suburban communities. Certainly if these employees' couldn't be trusted to safeguard this information at work, there's a strong chance that they may have shared what they learned with family and neighbors.
The firings sent a strong message to all health care employees that they will get caught if violating privacy and that such violations will not be tolerated. Allina wasn't the first Minnesota provider to deal with privacy breaches, nor will it be the last. But its clear message that curiosity can cost a person their job is a powerful deterrent.
That type of personal risk-benefit analysis likely is the best bet to prevent future misbehavior. While there are safeguards built into online systems, medical institutions also need to ensure that many employees can access records quickly. Quickly knowing a patient's drug allergies or blood type, for example, could be the difference between life and death.
Federal officials don't track the number of people who have been fired for medical information breaches. What is clear is that opportunities to look at friends' and families' records are increasing in this electronic medical record era. In 2010, the U.S. Department of Health and Human Services' Office of Civil Rights received more than 25,000 breach-of-privacy reports. Five million people were affected by medical privacy breaches in 2009 and 2010 according to the Privacy Rights Clearinghouse.