Washington Children’s Hospital Fires 15 Nurses for Alleged HIPAA Violations
Fifteen nurses at Providence Sacred Heart Medical Center & Children’s Hospital in Spokane, Washington, have been terminated for alleged HIPAA violations. The nurses allegedly accessed the medical records of a 12-year-old patient, Sarah June Niyimbona, who committed suicide at the children’s hospital on April 13, 2024, when there was no direct treatment relationship.
Starting in early 2024, the patient had been repeatedly admitted to the emergency department of the hospital after several self-harm incidents and suicide attempts. Overnight on April 13, 2024, the patient left her room alone and walked a quarter of a mile to a parking facility on the hospital campus and jumped from a 4th-floor parking garage. She died in the hospital emergency room two hours later. While the patient previously had two sitters, including one sitter monitoring via video, the camera had allegedly been removed from her room weeks earlier, and the sole sitter had been cancelled days before the patient left her room and exited the facility undetected.
The story was covered by InvestigateWest, which spoke to hospital staff under the condition of anonymity due to employment fears. They criticized the hospital for the lack of protection for patients at risk of self-harm and suicide. The hospital had closed its Psychiatric Center for Children and Adolescents six months previously, as it was losing $2 million per year, and patients who would have been admitted to the psychiatric center were being treated on the general pediatric floor. While two rooms had been created within the pediatric unit specifically for psychiatric patients, an anonymous source at the hospital claimed nurses tasked with caring for those patients had not received any additional training, and the rooms lacked the physical security measures of the psychiatric center that prevented patients from leaving.
Sacred Heart Medical Center is being sued by the child’s parents for alleged negligence and medical malpractice, as while she was being monitored round the clock by a sitter assigned to her room and via video surveillance, those measures were no longer present, even though the patient was still a suicide risk. The Washington Department of Health investigated the hospital over the incident and identified deficiencies, including repeated violations of its state safety standards and policies regarding screening and supervision of suicidal patients. Providence Sacred Heart has stated that new security protocols have been implemented, which include suicide risk screening for all patients. After appropriate measures were implemented to address the deficiencies, the Department of Health closed its investigation.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Fifteen nurses have now been terminated in connection with the incident, and another nurse has been disciplined. Under HIPAA, medical records can generally only be accessed for reasons related to treatment, payment, or healthcare operations. Accessing medical records out of curiosity, even with no malicious intent, is a HIPAA violation. Staff members found to have violated HIPAA face sanctions, which, for unauthorized medical record access, is often termination.
According to a statement provided to The Spokesman-Review, the terminations were all for patient privacy violations, in accordance with the hospital’s sanctions policy. “Providence takes violations of our code of conduct and federal privacy laws that govern private health information very seriously,” said Providence Sacred Heart spokesperson Jen York. “We review employee conduct and take appropriate action, including termination of employment, where warranted. Patient privacy is one of our top priorities.”
The evening the patient died, Sacred Heart issued a staff-wide alert instructing staff members not to discuss the incident publicly and not to access medical records unless directly involved in a patient’s care. One of the nurses who spoke with InvestigateWest admitted to accessing the patient’s records after the incident, trying to understand what had happened, as the nurse had previously cared for the patient on almost every shift. “I probably shouldn’t have been in her chart,” explained the nurse. “But at the same time, it also felt like I should have known what happened, because I was working with her so often.”
The nurses were not the only individuals to be terminated or disciplined in connection with the incident. Former staff members have spoken with the media and claimed that other staff members were terminated over the incident. The hospital has not confirmed how many individuals were terminated or whether those terminations were also for alleged HIPAA violations.
The Washington State Nurses Association was contacted by the nurses and has filed grievances over the terminations and disciplinary action. “Any information accessed pertained directly to the nurses’ duties responding to this crisis,” said WSNA director David Keepnews. “We reject Providence Sacred Heart’s claims that privacy was violated by nurses who were doing their jobs to assist in efforts to save the life of a 12-year-old girl in the hospital’s care.”
The nurses and the WSNA suggest that the terminations and disciplinary action were an act of retaliation for speaking with the media. The hospital allegedly conducted an audit of access logs after the publication of the story by InvestigateWest on April 23, 2025. The nurses claim that they were asked if they had spoken to the media and were subsequently fired for violating the HIPAA Privacy Rule.
