The news stories and TV broadcasts say “Northwestern Medical Center fires dozens of employees for seeking to access Jessie Smollett’s health care record.” What’s that all about?
Medical records are meant to be confidential. Every doctor, dentist, mental health professional and more have you sign a form outlining the organization’s policy on privacy and how the organization complies with HIPAA, the Health Insurance Portability and Accountability Act. You may not read the form, but I bet it tells you that employees will not look at your information without needing to for medical reasons and that no one will release that information to any outside agency that doesn’t have a need to know. And we all hope everyone follows those rules.
How do health care organizations enforce HIPAA? Lots of education is a start. In our group of 60 physicians plus a few hundred ancillary employees, everyone must take an online course on patient privacy on a yearly basis. It can be a bore and a chore, but it hits home the message–patient information is personal and private. And since almost all health care in the US is now documented electronically all those electronic health records have security features, passwords, lock-outs, and time outs. If you look where you shouldn’t, you are going to leave a thumbprint.
I take the regulations seriously. Barb and I are of an age where many of our friends and neighbors have urologic conditions that lead to biopsies. These frequently cross my microscope. Other friends will call me with a question or a need to vent. Barb knows of none of this. Unless the acquaintance says to me “It’s ok to tell Barb,” I keep my mouth shut. And in some cases, it is a secret I have kept for a dozen years or more. And the medical professionals I know all follow the same philosophy–some even like to brag about it.
So what went on at Northwestern? I can only speculate. I am sure the employees have been trained on a regular basis. At a high recognition institution like Northwestern that probably has its share of celebrities as patients/clients, I cannot imagine it can be any other way. And this incident proves that electronic safeguards are in place, identifying all the employees who tried to take a peek.
What made those dozens do it? Curiosity? The opportunity to sell the information for a big payoff? Requests from friends who wanted to be “in the know”? Or maybe, as some of the let go employees claim, Northwestern made a mistake.
Whatever the truth, this story is a reminder to health care workers, more powerful than Powerpoints and online courses, that what happens in the doctor’s office stays in the doctor’s office. At least that’s the way it supposed to be!
The above is the opinion of the author and does not necessarily reflect the opinions of UroPartners LLC.
Like what you read here? Add your name to our subscription list below. No spam, I promise!