2. INTRODUCTION
Insider Snooping is the most common HIPPA violations where a medical practice’s own employees peek into the medical
records of friends, fellow workers and even celebrities (Chaput, 2014). In the case of UCLA Hospital in Los Angeles, more than
120 workers snooped into celebrities' medical records and other personal information without permission between January
2004 and June 2006. The celebrities that were violated were: Britney Spears, Farrah Fawcett and Maria Shriver. The hospital
was blamed for not taking appropriate steps to maintain patient confidentiality. The violations led to several firings,
suspensions and warnings (Fox News, 2008). This presentation will provide training techniques to avoid this behavior as well
as review HIPPA/HITECH violations.
3. Training Initiatives that Managers
can Implement
First, seek benchmarks from other healthcare
organizations’ initiatives. For example, West Virginia
University Hospital’s implementations were:
Sent out monthly security reminders that comes
from the hospital’s privacy and security officer.
Daily employee audits.
Utilized digital media boards for reminders.
Conduct a security risk analysis, preferably guided
by experienced compliance professionals.
Clearly communication your no-snooping policy to
all employees.
Password protect medical files depending on “a need
to know basis”.
Conduct background checks.
Allow patients to restrict the sharing of PHI.
( Chaput, 2014)
4. How Can Training on Confidentiality be Effective
for Employees
Training on confidentiality can be effective for the employees
because they often think that they can snoop and get away with it,
and they often do not understand how serious the consequences
can be.
Not only can they be fired, but they can also jeopardize their
entire careers and lose their license.
These consequences must be emphasized, emphatically. Many
employees think: “What’s the harm of a little peep?” They don’t
realize that a small incident of peeping can cost their employer
millions of dollars and ruin their careers
(Solove, 2014).
5. HIPPA Violations
The Health Insurance Portability and Accountability Act
(HIPPA)of 1996, was passed to protect an employee's health
insurance coverage when they lose or change jobs. It also has
provisions to ensure the privacy and confidentiality of
identifiable health information (Chaput, 2014).
Penalties
A person that knowingly and in violation of the HIPAA rules
puts them in jeopardy of criminal prosecution. If convicted,
the level of punishment depends on the seriousness of the offense:
Fine of up to $50,000 and/or imprisonment for up to a year for a simple
violation.
Fine up to $100,000 and/or imprisonment up to five years if the offense is
committed under false pretenses.
Fine of up to $250,000 and/or imprisonment up to ten years for offenses
committed with intent to sell, transfer, or use individually identifiable health
information for commercial advantage, personal gain, or malicious harm.
6. Reference
Chaput, M. (2014). Don't let your practice get stung by 'snooping'. Medical Practice Insider. Retrieved from http://
www.medicalpracticeinsider.com/best-practices/dont-let-your-practice-get-stung-snooping.
Fox News.(2008). Report over 120 UCLA hospital staff saw celebrity health records. Retrieved from
http://www.foxnews.com/story/0,2933,398784.00.html.Fox News. (2008).
McCann, E. (2015). How one health system is putting an end to insider snooping. Healthcare IT News. Retrieved from
http://www.healthcareitnews.com/news/how-one-health-system-putting-end--insider-snooping.
Solove, D. (2014). Ebola and privacy: snooping, confidentiality, and HIPAA. TeachPrivacy. Retrieved from
https://www.teachprivacy.com/ebola-privacy-snooping-confidentiality-hipaa/.