Medical record confidentiality threatened

| Mar 21, 2019 | Medical Malpractice

Ohio medical negligence is not limited to surgical error or misdiagnosis. Although laws, such as the Health Insurance and Portability Act (HIPAA), are intended to protect patient information, there have been concerns over health care workers looking through medical records for curiosity instead of legitimate care. This has prompted medical malpractice lawsuits in states.

Most recently, dozens of employees at Chicago’s Northwestern Merial Hospital were terminated after they allegedly inappropriately viewed the medical records of Empire cast member Jussie Smollett who was treated in its emergency room after he claimed he was attacked. A nurse claimed that this was a misunderstanding because she and many other employees scrolled past his records when they were looking for another patient’s information.

Health care data privacy experts claim that unauthorized snooping is not limited to celebrity records. They believe that this happening frequently because of the fascination associated with looking through another person’s records. For example, looking at a former boyfriend or girlfriend’s psychiatric records is tempting.

Under HIPAA, a health care provider may access or use patient medical records solely for treatment, care operations or payment. Unauthorized review of records is as illegal as a massive data breach where patients’ sensitive records are disclosed. While the federal government may impose large fines for violations, individuals cannot file private lawsuits under HIPAA.

Patents have sought redress by filing medical malpractice lawsuits. Private actions have also included charges of a practitioner breaching a professional duty. Health care facilities have the duty of enforcing policies against unauthorized inspection, training employees and making them aware of the sanctions for violating confidentiality and access rules and policies. Facilities should also safeguard technology.

For example, if it is working with a technology vendor over its electronic records system, the facility should assure the system is equipped with options, such as a pop-window that requires the individual to attest that they are treating the patient and have authorization to review the records before receiving access.