Healthcare Information Security

HIPAA and Compliance News

Federal Court Sides with Main Line Health in HIPAA Violation Case

A federal court in Pennsylvania recently ruled against a Main Line Health employee who argued that her dismissal was due to age discrimination, not a HIPAA violation as the company claimed.

HIPAA Violations

Source: Thinkstock

By Fred Donovan

- A federal court in Pennsylvania recently ruled against a Main Line Health employee who argued that her dismissal was due to age discrimination, not a HIPAA violation as the company claimed.

Philadelphia-based Main Line Health Inc. (MLHI) fired Gloria Terrell for violating HIPAA by accessing a co-worker’s personal data through the company’s internal records system, explained Jack Greiner, a lawyer with the Graydon law firm in Cincinnati, in an article on Cincinnati.com.

MLHI accused Terrell of engaging in “co-worker snooping” related to patient privacy and in violation of HIPAA.

Terrell argued that she had a legitimate business interest in accessing the records. She said she needed to obtain an employee’s phone number to ensure that the co-worker was able to make her shift.

Terrell argued that MLHI fired her because they wanted to replace her with a younger worker. That worker, according to Terrell, engaged in similar conduct but was not fired.  

Following her firing in September 2016, Terrell filed an age discrimination lawsuit against MLHI. The federal court, however, found no evidence that MLHI discriminated against employees because of age. The court ruled that she had failed to establish a viable age discrimination case.

Greiner explained that MLHI was also insulated from liability because Terrell violated HIPAA.

To comply with HIPAA, MLHI implemented policies and employee training programs about protecting PHI and other confidential information. The policies included disciplinary actions for confidentiality violations, such as co-worker snooping.

Pennsylvania has seen its share of recent HIPAA violation news.

Last month, Linda Sue Kalina, a former patient information coordinator at University of Pittsburgh Medical Center (UPMC), was indicted by a federal grand jury for HIPAA violations. She was charged on six counts of wrongfully obtaining and disclosing PHI.

Kalina was employed as a patient information coordinator at UPMC and later at the Allegheny Health Network (AHN). She used her position to obtain PHI on 111 individual patients between March 30, 2016, and August 14, 2017.

Between December 30, 2016, and August 11, 2017, Kalina disclosed PHI on three individuals with the intent to cause harm, according to the indictment. She could face up to 11 years in prison, a fine of $350,000, or both.

“At AHN we place the highest priority on safeguarding the privacy of our patients. We have cooperated fully with authorities investigating this matter and will continue to do so,” AHN spokesman Dan Laurent told the Pittsburgh Post-Gazette.

Also in June, Pennsylvania-based Washington Health System suspended a dozen employees for alleged HIPAA violations involving inappropriately accessing patient records in a high-profile case.

WHS conducted an internal investigation and found evidence that the employees had acted inappropriately in accessing the records.

The high-profile case reportedly involved Kimberly Dollard, an employee at the WHS Neighbor Health Center, who was killed when a car careened out of control and rammed into the building where she worked.

A WHS spokesman would not confirm whether this was the incident involved in the suspensions, only that they were related to a “high-profile case.”

In New York, Martha Smith-Lightfoot, a former nurse at the University of Rochester Medical Center, was suspended last month for a HIPAA violation affecting more than 3,000 patients.

Smith-Lightfoot took a list of patients from URMC to her new employer, Greater Rochester Neurology (GRN), in 2015.

The list included the patients’ names, addresses, dates of birth, and diagnoses. Smith-Lightfoot asked for the list to ensure continuity of care for the patients. However, she did not receive the permission of URMC or the patients to give the information to her new employer.

Smith-Lightfoot admitted to violating HIPAA in a consent order she signed with the state nursing board’s Office for Professional Discipline. In addition to a one-year suspension, she received a one-year stayed suspension and three years’ probation.

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks