Curiosity Killed the Cat, and Can Get Employees Fired: HIPAA Privacy Alert

Any time a patient is a public figure or when any patient is in the news, healthcare institutions across the nation face the challenge of keeping that patient’s information private, as required under HIPAA for all patients. While it may be obvious that staff are not to release any information to unauthorized outside individuals, HIPAA also mandates that reasonable safeguards be implemented to limit the number of internal staff who have access to a patient’s information to the “minimum necessary.” Whether a staff member’s access is necessary to carry out treatment, payment for that treatment, or other healthcare operations must be considered.

HIPAA requires healthcare institutions to have policies in place which address the unauthorized access of a patient’s medical records, requires the institutions to train staff regarding the policies, and that those institutions enforce their policies.

REMINDER: When a Patient is a Public Figure or the Patient is in the News:
- HIPAA still applies;
- Healthcare institutions must have policies in place addressing unauthorized access or disclosure, even internally;
- Medical providers and staff must continue to follow HIPAA and adhere to the institution’s privacy policies; and
- Healthcare institutions must continue to enforce their policies.

If you or your institution has any questions, please contact our HIPAA Compliance Officer, Kristin Ahmadian, at Lowis & Gellen LLP at (312)628-7869.