3 Fired For Snooping Athletes' EHRs
University of Iowa Breach Incident Affected 13 StudentsThe Associated Press reported that the athletes affected by the healthcare information breach were members of the University of Iowa football team who were admitted in late January after undergoing intense workouts following winter break. The football players were treated for rhabdomyolysis, which causes muscle fibers to be released into the bloodstream and can cause kidney damage, AP reported.
A hospital spokesman declined to offer further comment on the identity of those whose records were breached. The unauthorized access to the records was detected, he said, because "through our monitoring process, all faculty and staff use an assigned identification code and a personally chosen password to access the system, so our review team is able to determine who accessed the system and which information was viewed."
Unauthorized access to patient records by those not directly involved in treatment is a violation of the HIPAA privacy rule. Pending HIPAA modifications, called for under the HITECH Act, increase the penalties for violations.
The hospital has notified the athletes about the breach incident, the spokesman said.
In a similar incident, the Arizona hospital where shooting victim Rep. Gabrielle Giffords, D-Ariz., was treated recently fired three staff members for inappropriately accessing confidential medical records.