HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Healthcare Workers in Michigan and Illinois Fired for HIPAA Violations

Ann & Robert H. Lurie Children’s Hospital of Chicago has terminated an employee for improperly accessing the medical records of patients without authorization over a period of 15 months.

The privacy violations were identified by the hospital on March 5, 2020. The employee’s access to hospital systems was immediately terminated while the investigation was conducted. After reviewing access logs, the hospital found that the employee had accessed the medical records of 4,824 patients without authorization between November 2018 and February 2020.

The types of information accessed by the employee included names, addresses, dates of birth, diagnoses, medications, appointments, and medical procedures. No health insurance information, financial information, or Social Security numbers were accessed.

No reason as been given as to why the medical records were accessed, but the hospital says it does not believe the employee obtained, misused, or disclosed the information to anyone else. The hospital said the employee no longer works at the hospital.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

This is not the first incident of its type to occur at Lurie Children’s Hospital. A similar incident was discovered in November 2019, when the hospital learned that a former employee accessed the medical records of patients without authorization between September 2018 and September 2019.

Mercy Health Fires Nurse for Multiple Privacy Violations

Mercy Health has also recently taken action against an employee for alleged violations of the HIPAA Privacy Rule. A nurse at Hackley Hospital in Muskegon, MI was terminated on April 3, 2020. The termination came shortly after the nurse raised concerns in media interviews about the level of preparedness of the hospital for the COVID-19 pandemic and how the alleged lack of preparedness put safety at risk. The nurse contacted the Michigan Nurses Association Labor Union, which claimed that Mercy Health fired the nurse for speaking out. The Labor Union also filed a charge with the National Labor Relations Board.

“Howe’s termination came on the evening of April 3, days after he had publicly raised concerns about lack of appropriate PPE and the need for improved screening measures to keep nurses and healthcare workers safe during the COVID-19 pandemic,” said the Labor Union in an April 21, 2020 press release.

10 days after the nurse was fired, and one day after the press release was issued by the Labor Union, Mercy Health released a press release of its own stating the nurse was fired for multiple violations of HIPAA Rules. Mercy Health said it does not usually share details about employment matters related to its workers but was compelled to speak out due to the “misinformation campaign” led by the Labor Union.

Mercy Health claims the fired nurse, Justin Howe, was terminated for accessing the medical records of multiple patients over a period of several days. The records were for not for patients receiving treatment at the campus where the nurse worked and there was no legitimate work reason for accessing those records. Mercy Health claims that Howe was not the only nurse terminated for improper medical record access.

According to Mercy Health’s press release, “We have mechanisms in place to monitor for inappropriate access of privileged information. As part of this review process, Mr. Howe along with others were terminated for the same. This investigative effort is still in process.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.