In a recent meeting with the board of trustees, staff members from the Medical University of South Carolina in Charleston said 13 employees were terminated in 2017 after administrators determined they had viewed patient records without permission, the Post and Courier reports.
The staff said hospital officials reported 58 patient privacy breaches to the federal government in 2017, 11 of which were categorized as "snooping," or a case in which an employee violated federal law by viewing patient records they were not authorized to access. For example, an employee may "snoop" in a patient record after a case makes the news or to view information on a former spouse.
"Some breaches are simply a case of information being faxed to the wrong clinic location, whereas others can involve misplaced curiosity or malice," MUSC spokeswoman Heather Woolwine told the Post and Courier in a statement.
At the meeting, a board member questioned whether the policy was "draconian," according to the Post and Courier. In response, hospital staff noted HHS has audited 100-plus healthcare institutions for potential HIPAA violations. Hospital staff emphasized the need to prepare for the possibility of an HHS audit, which would consider how MUSC officials address privacy breaches.
Hospital staff also stressed that in spite of the potential for "snooping," EHRs are arguably more secure than paper records, since the hospital is able to track which employees view which records. All providers at MUSC, including medical students, undergo annual training on when it's appropriate to view a patient record.