HIPPA violations lead to dozens of healthcare workers at Northwestern Memorial Hospital in Chicago, Illinois, reportedly fired last week; accused of accessing the electronic health record (EHR) of former “Empire” actor Jussie Smollett, according to several news reports.
NBC Chicago reported that “at least 50” employees were fired, citing anonymous sources.
Smollett reported to Chicago police in January that attackers assaulted him and yelled racial and homophobic slurs. He was taken to the hospital.
An unnamed nurse who was fired told CBS Chicago that she never accessed Smollett’s chart but simply scrolled past it when looking for another patient’s name.
A surgical nurse who was fired told NBC Chicago, “Simply put, it was just morbid curiosity. I went into the charting system and started to search his name.”
She said she didn’t open Smollett’s chart but knew that searching his name was wrong.
In another famous case, the University of California, Los Angeles, Medical Center, where singer Britney Spears was hospitalized in early 2008, fired 13 employees and suspended six physicians for accessing her medical records without a valid reason.
What is HIPPA
- “HIPAA is The Health Insurance Portability and Accountability Act of 1996, otherwise known as HIPPA, was created by the federal government to promote the portability of health insurance and to protect again fraud and abuse.
What information is protected?
- Information created or received by a health care provider, health plan, business associate, employer, etc., that relates to the past, present or future physical or mental health of an individual, the provision of health care to an individual or the payment for provision of health care to an individual
What are the potential penalties?
- You could receive a minimum fine of $100 per violation, maximum is $50,000 per violation
- Your maximum annual fine for multiple violations ranges from $25,000 to $1.5 million per violation
- Up to $50,000 and one year in prison for disclosing protected health information
- You can be fined up to $100,000 and 5 years in prison for obtaining protected health information under false pretenses
- Possible for you to be fined up to $250,000 and 10 years in prison for obtaining or disclosing protected health information with the intent to use it for commercial advantage or malicious harm