HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Careless Talk Sees University of Iowa Worker Fired for HIPAA Privacy Violation

A medical assistant at the University of Iowa has had her employment terminated – after 14 years working for student health – after she accidentally disclosed the health status of a patient, with a recent unemployment hearing ruling in the favor of the university.

The patient in question was the girlfriend of a “well known athlete” who had visit the hospital to have a pregnancy test performed. Kathryn Trump disclosed the results of the test out loud, with at least one other person hearing her comment about the positive pregnancy test result.

In an unemployment hearing, Trump claimed to have said at the time “I said I hope it was a happy situation.” The individual who overheard the comment, only referred to as Beth at the hearing, reportedly spoke to two other members of staff about the matter asking for more information.

In addition to Trump’s inadvertent disclosure, she was also alleged to have accessed the patient’s medical records twice more than the hospital deemed was required. As a result of the disclosure and the unauthorized access, Trump’s employment was terminated. On the same day, January 12, 2015, “Beth” was disciplined.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

According to Trump, the accidental disclosure was just her talking to herself, as she was concerned about student falling pregnant. She said it is not something that students generally want and she was concerned. She also said that she “was only commenting out loud to herself because the athlete and her nephew had the same color hair.”

Under the Health Insurance Portability and Accountability Act, individuals given access to medical records must only access those records when required to do so for work purposes. They are not permitted to even check their own patient records unless there is a legitimate reason for doing so.

Medical professionals are also not permitted to talk about patients specifically with other medical professionals that are not directly involved in their care, nor are they allowed to access patient charts unless it is for the care or treatment of that individual.

The University of Iowa uses a computer algorithm to assess HIPAA violations to determine their severity, and in this instance it was deemed that the HIPAA violation caused by Beth did not warrant the termination of her employment, although it did in the case of Trump.

At the unemployment hearing, Administrative Law Judge Julie Elder was not convinced by Trump’s testimony and ruled in favor of the university, ordering Trump to repay $4,670 that she had already received in benefits.

This is not the first time the University of Iowa has been forced to terminate employment contracts of staff after they inappropriately accessed health records of patients. In 2011, two employees were suspended while three lost their jobs after they looked at the records of patients who had been injured after a strenuous training session.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.