EHR snooping can occur at any hospital and is often driven by various motivating factors, from curiosity to an act of malice.
HHS' HIPAA privacy and security rules require hospitals and health systems to invoke sanctions against staff members who violate privacy and security policies such as EHR snooping. However, the office leaves the responsibility of implementing appropriate punishment up to the healthcare organizations, whether that is termination or another disciplinary action.
Here are seven hospitals that have reported patient record breaches by employees wrongfully viewing medical records since 2019, as reported by Becker's Hospital Review:
1. Ann and Robert Lurie Children's Hospital of Chicago on May 4 reported that an employee viewed more than 4,800 patient medical records without a work-related reason, according to a notice posted May 4 on its website.
2. Honolulu-based Hawaii Pacific Health fired an employee in March after discovering the employee had inappropriately accessed patient medical records between November 2014 and January 2020.
3. Valencia, Calif.-based Henry Mayo Newhall Hospital fired several employees in March after wrongfully viewing the information of the suspected Saugus High School shooter, Nathaniel Tennosuke Berhow, who died at the hospital after allegedly shooting and killing two classmates and injuring three others.
4. Lisa Roland, a former patient at Huntsville (Ala.) Hospital, in March claimed an employee improperly viewed her medical records. Ms. Roland alleged an insurance auditor employed by Huntsville Hospital unnecessarily accessed her files and that since the incident, her information is being leaked. Huntsville Hospital confirmed to Ms. Roland in a letter that her information was accessed without a business-related purpose.
5. A former Lehigh Valley Health Network patient sued the Allentown, Pa.-based health system last August over claims that an LVHN-affiliated physician who was not treating him illegally accessed his medical records for months.
6. A former Pittsburgh-based UPMC care coordinator was sentenced on June 25, 2019, to one year in federal prison after illegally accessing and disclosing 111 patients' records.
7. At least 50 staff members from Chicago-based Northwestern Memorial Hospital were fired in March 2019 for improperly viewing actor Jussie Smollett's medical records.