Issue link: https://beckershealthcare.uberflip.com/i/1327468
33 CIO / HEALTH IT 11 medical record snooping cases in 2020 By Jackie Drees E leven hospitals and health systems re- ported instances of EHR snooping by their employees in 2020, resulting in terminations and other disciplinary actions. HHS' HIPAA privacy and security rules re- quire hospitals and health systems to invoke sanctions against staff members who violate privacy and security policies such as EHR snooping. However, the office leaves the re- sponsibility of implementing appropriate punishment up to the healthcare organiza- tions, whether that is termination or another disciplinary action. Here are 11 hospitals and health systems that reported patient record breaches by employ- ees wrongfully viewing medical records in 2020, as reported by Becker's Hospital Review: 1. Lisa Roland, a former patient at Huntsville (Ala.) Hospital, in March claimed an employ- ee improperly viewed her medical records. Ms. Roland alleged an insurance auditor em- ployed by Huntsville Hospital unnecessarily accessed her files and that since the incident, her information is being leaked. Huntsville Hospital confirmed to Ms. Roland in a letter that her information was accessed without a business-related purpose. 2. Valencia, Calif.-based Henry Mayo Ne- whall Hospital fired several employees in March aer wrongfully viewing the infor- mation of the suspected Saugus High School shooter, Nathaniel Tennosuke Berhow, who died at the hospital aer allegedly shoot- ing and killing two classmates and injuring three others. 3. Honolulu-based Hawaii Pacific Health fired an employee in March aer discovering the employee had inappropriately accessed patient medical records between November 2014 and January 2020. 4. Mercy Health terminated a nurse at its Hackley Hospital in Muskegon, Mich., April 3 for inappropriately viewing medical re- cords of several patients. 5. Ann & Robert Lurie Children's Hospital of Chicago reported May 4 that an employ- ee viewed more than 4,800 patient medical records without a work-related reason be- tween Nov. 1, 2018, and Feb. 29, 2020. Aer discovering the incident and launching an investigation, the hospital terminated the employee's access to its information sys- tems on March 5 and confirmed in its May 4 notice that the employee no longer worked for the hospital. 6. Kaiser Foundation Health Plan of the Mid-Atlantic States terminated an employ- ee who inappropriately accessed members' radiology records from 2012 to 2020. e health system reported the breach to HHS May 22 as affecting 2,756 individuals. 7. Hennepin Healthcare terminated five em- ployees in July for inappropriately viewing the medical records of "a high profile patient" aer George Floyd was taken to the Minne- apolis-based hospital in May aer dying in police custody. 8. Ashley County Medical Center in Crossett, Ark., fired a former nurse in August for view- ing 772 patients' records for reasons unrelat- ed to medical care and treatment. 9. Montefiore Medical Center in New York City posted a security breach notice Sept. 18 stating that a former employee had stolen about 4,000 patients' personal information, including names, addresses and Social Se- curity numbers, between January 2018 and July 2020. 10. Geisinger began notifying more than 700 patients Sept. 18 that one of the Danville, Pa.- based health system's former employees in- appropriately accessed their medical records from June 2019-20. 11. Rochester, Minn.-based Mayo Clinic on Oct. 5 notified more than 1,600 patients that a former employee wrongly viewed their health records, which stored information including demographic information, birth dates, medical record numbers, clinical notes and medical images. n 5 tips for a smooth EHR-to-EHR transition By Jackie Drees A s EHRs continue to age out from first and second generation software, hospitals and health systems will increasingly look to transition their current sys- tems to a new platform. John McGreevey III, MD, associate clinical medicine pro- fessor at Philadelphia-based Penn Medicine, and Ross Koppel, PhD, senior fellow of Penn Medicine's biomed- ical informatics institute, in a Nov. 16 blog post outlined five tips and considerations for healthcare organizations ahead of making an EHR transition. 1. Be ready to provide much more support than typical hospital operations require since new EHRs drum up mas- sive training expenses and significant time commitments among IT personnel, clinicians and consultants. 2. Ensure as many of the variations in the organization's typical operations are standardized before a transition be- cause those alterations most likely will not translate easily over to the new EHR system. 3. Hire more IT staff to support the EHR transition since it will create new work and maintenance tasks. However, it's also important to enlist networks of clinical subject matter experts to assess and endorse the clinical content that will live within the EHR. 4. Be aware of patient safety threats stemming from lim- ited access to legacy records and different definitions or standards for data during the switch. 5. Remember that EHR-to-EHR transitions are still relatively new territory and that each organization must ultimately find its own path for a successful implementation. n