Thursday, July 21, 2011

What is Sufficient Proof that an Employee Violated Patient Data Privacy?

When a healthcare worker is alleged to have accessed the electronic medical records of a patient who is not under their care, what proof is sufficient? And what is the proper course of action? Your thoughts?

A Real Example with the Names Removed
A former resident physician is suing a hospital over her firing for violating patient data privacy.
  • On June 6, 7 and 10, 2009 she allegedly accessed medical records inappropriately in violation of hospital policy and HIPAA.

  • On July 22, 2009 she was dismissed from the hospital.

  • On June 11, 2010, although she denied any wrongdoing, she entered into a combined statement of charges and settlement with the Board of Medicine. The settlement involved a public reprimand, a civil fine of $2,500, and participation in an ethics program.

  • On July 11, 2011 she filed a petition with the court requesting a jury trial over her dismissal.
She now claims she was terminated with no notice and was given no opportunity to respond to the allegations. How could the proof be insufficient such that she could dispute the improper access? What would be in debate?

For more details see the Board of Medicine's Statement of Charges and Settlement Agreement.

So what do you think? What constitutes proof when the person being charged denies they looked at a patient’s electronic health information improperly?

Share your thought in the comments.

(a) Iowa Board of Medicine's Statement of Charges and Settlement Agreement - Iowa Board of Medicine, June 11, 2010
(b) Former Mercy resident physician suing hospital over firing - Mason City Globe Gazette , July 13, 2011


Maria Peluso said...

I believe this can only be determined by forensic evidence and not hearsay. That is, to seize the computer, do a full analysis of data stored, accessed or deleted by the computer by applications and\or still stored in cache. Correlate authentication logs to network flows to and from the specific computer and for which if in real time (as it's happening) may contain data packets with evidence, and lastly a log analysis on the application systems for activity.

That said, an allegation of a paper view is much more difficult to determine!

Alan Norquist said...

Maria, I agree that the availability of digital evidences means there is no reason to rely on hearsay. - Alan Norquist

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at