Virginia Mason Memorial Hospital recently sent letters out to 419 patients detailing an internal HIPAA violation perpetrated by 21 employees.
The Yakima Herald provided information about the internal HIPAA violation affecting 419 patients. Virginia Mason Memorial Hospital discovered the issue in January during a routine audit. The audit revealed that 21 employees at the hospital had improperly accessed hundreds of patients’ records. The audit also revealed that these employees had viewed patient information from roughly October 2016 to January of this year.
The hospital contracted an outside forensic firm to help investigate the HIPAA violation and to determine if patient information was viewed for malicious reasons.
Currently, Virginia Mason Memorial Hospital believes that the information was accessed because employees were curious or bored. Trent Belliston, the hospital’s chief compliance and privacy officer stated that the employees accessed “a wide array of patients and information.”
Despite the hospital believing that the patient information was not accessed for malicious use, the hospital has purchased credit monitoring through Experian for the affected patients. This credit monitoring will last for two years.
The 21 employees were also spoken to by management and appropriate action has been taken, according to the hospital CEO Russ Myers.
Not only is this a lesson for other Virginia Mason Memorial Hospital employees, but health care employees around the country. Snooping in patients’ records is a HIPAA violation. If there is no business need to access the information, don’t do it. It can cost the organization a pretty penny and could result in an employee losing his or her job.
Additionally, this case shows how important audits are for protecting patient information. It’s one of the only ways to know if employees are accessing patient information without a business need.
Start learning more about how to protect your health care organization against this type of HIPAA violation by joining HIPAAgps today.