I have written many times about how the U.S Department of Health and Human Services (HHS) has severely weakened the planned privacy and security goals of the Health Insurance Portability and Accountability Act (HIPAA) to require healthcare covered entities (CEs) to implement strong safeguards for the protected health information (PHI) with which they’ve been entrusted. And I still believe that.
However, after reading a another report today I realized something…
It was widely reported that the UCLA medical center is firing employees for snooping into Britney Spears’ medical records.
This is the second time the medical center fired employees for snooping into Spears’ files; they did it before in 2005 when she was in the hospital having her first baby.
However, this is not the only time a medical center has fired employees for snooping into patient files and/or leaking patient information to the press. For example I blogged about another such event here with George Clooney.
And there have been numerous other similar incidents, many not concerning celebrities, that have been reported.
As I was thinking about this I realized…this noticeably increased concern for patient privacy, and reported discipline for employees invading patient privacy, really started after HIPAA…didn’t it?
I didn’t spend a huge amount of time searching, but did spend a few minutes searching back through the news archives and I couldn’t find any reports of employees being fired, or otherwise sanctioned, for invading patient privacy prior to HIPAA.
So…even though the HHS *has* hurt the the privacy and security goals of HIPAA to protect PHI…and they still have a lot of improvements to make with their compliance efforts…it seems that HIPAA has raised the awareness of patient privacy within healthcare providers (hospitals, clinics, etc.) and has motivated them to do more to protect PHI.
Tags: awareness and training, Britney Spears, George Clooney, HHS, HIPAA, Information Security, IT compliance, policies and procedures, risk management, security awareness, security training, UCLA Medical Center