Curiosity Killed the Cat and Got 50 Hospital Employees Fired

At Chicago’s Northwestern Hospital, Jussie Smollett, an actor from the TV series “Empire,” was admitted after he was physically attacked. According to reports, he suffered bruises and facial lacerations. Nurse Forums General Nursing Article

Updated:  

Curiosity Killed the Cat and Got 50 Hospital Employees Fired

You're Fired!

Out of curiosity, over 50 hospital employees, including nurses, decided to check the celebrity's medical records. Many said they didn't go past the name screen but that was enough to be a HIPAA violation. Those individuals lost their jobs.

Anything that you do online in the hospital is trackable. You cannot access the medical records of anyone unless you are involved in that patient's care. Even being only on the face page for any amount of time as little as 17 seconds is a HIPAA violation if you are not involved in the care for that patient.

Audit Trails

Authorities can find your path if you wrongfully access a record because of what's called "audit trails.” The same rules apply if you are changing a medical record such as making a late entry and you will need to properly identify the late entry. Although you may be able to simply replace or add to your prior charting, this can be discovered.

Your employer or an attorney can go through the audit trails to see exactly how the records may have been changed. Cases which might pique an attorney's curiosity, such as a heel ulcer developed overnight and yet all the proper preventative records were checked that they were done in the medical record and sudden changes in condition. In these situations, an attorney may get the audit trail to show that the entries placed in the record were entered late after they knew of the heel ulcer or the change in condition.

Also, be careful when copying and pasting previous notes. Again, those actions can be tracked and the attorney may question whether you actually performed a new assessment.

What is HIPAA?

HIPAA established national standards to protect an individual's medical record as well as other personal health information. Patients' have the right to privacy for their medical records. Any intrusion into the medical records can result in a significant fine to the hospital. Therefore, most facilities have a zero tolerance policy if the privacy rights of any patient are violated. Improperly accessing records could result in termination as this is what happened to more the 50 health care workers at Northwestern.

With medical records and portability information, it is even more important nowadays to be aware of the rules to protect patients' privacy as well as protecting your license.

Privacy and confidentiality also are important when you are conversing with another health care professional outside of the medical area such as in elevators or while having lunch. You never know who may be listening. Even if you avoid using the patient's name, there may enough information revealed to identify the patient.

This is not the first time that a celebrity's medical information has been improperly accessed. Britney Spears was hospitalized in a psychiatric unit when several employees improperly accessed her records. They were all terminated.

Social media is another big issue. All attorneys advise not to post anything, zilch, about work on any of the social media. Again, you can never know all who may be reading your posts or who may even forward that information to other pages.

Violation of HIPAA may result in fines of from $100 to $50,000 per violations and up to $1,500,000.00 a year. Hospitals must designate a HIPAA officer to make sure that the hospital is in compliance.

According to the HIPAA Journal, the average HIPAA data breach costs an organization $5,900,000.00. This is astronomical! No wonder hospitals take this so seriously.

Do your part by never accessing patient information for which you are not authorized to do.

Lorie A. Brown is a Nurse Attorney representing nurses before the licensing board and founder of EmpoweredNurses. org.

7 Articles   119 Posts

Share this post


Share on other sites
Specializes in school nurse.

Wow. I wonder if this the biggest mass firing in a US hospital...

Very interesting. The job market out there must be such that they can replace the 50 people very easily.

Specializes in school nurse.
1 hour ago, Oldmahubbard said:

Very interesting. The job market out there must be such that they can replace the 50 people very easily.

But, but, there's a terrible nursing shortage. Haven't you heard?

Specializes in Community health.

It’s good that I read this today. If I had been in their shoes, I might have thought “Well let me just search his name, out of curiosity.” I wouldn’t have gone into what I think of as the “real” chart (that is, I wouldn’t have looked at notes or labs or anything) but certainly might have done a 2-second “see if he was here.” Good frightening reminder to stay in my lane and not go peeking at things!

Specializes in Medical-Surgical.

Wow! Many voiced they didn't go past the name screen. I work with a nurse now, and she is always looking up my patients information. I told her that's a HIPPA violation. Her reply is, "Well I'm charged tonight." Gonna see where that charge phrase gets her when they catches her. All hospitals do random audits. Like the reading said above, "there are audit trails."

16 hours ago, CommunityRNBSN said:

It’s good that I read this today. If I had been in their shoes, I might have thought “Well let me just search his name, out of curiosity.” I wouldn’t have gone into what I think of as the “real” chart (that is, I wouldn’t have looked at notes or labs or anything) but certainly might have done a 2-second “see if he was here.” Good frightening reminder to stay in my lane and not go peeking at things!

This should be utterly basic information that is not even a question in any nurse's mind anywhere.

We do not have a "need to know" with regard to anything (including presence in a facility) about any patient for whom we have no legal duty/responsibility. If we have some form of responsibility to/for them, that is another matter. If we don't, we have nothing but curiosity, as you note.

Yes of course facilities can see what you are "curious" about. It is 2019 and every nurse should assume all activities in the medical record system are able to be monitored, including your every click and keystroke.

3 hours ago, Destiny08 said:

I work with a nurse now, and she is always looking up my patients information. I told her that's a HIPPA violation. Her reply is, "Well I'm charged tonight." Gonna see where that charge phrase gets her when they catches her. All hospitals do random audits. Like the reading said above, "there are audit trails."

That is incorrect. Being in charge will likely get her pretty far with regard to accessing records unless the information is not being used appropriately or the access of records goes beyond what is necessary for the role.

Being in charge is a responsibility that legitimately includes some review of or use of or knowledge of information about patients who are under the direct care of another RN. Even something completely basic like making fair assignments or assisting newer nurses may involve such information. The law generally allows for activities that facilitate patient care.

This is not difficult. Some activities clearly support the care of the patient and/or other activities directly related to provision of care, and some clearly don't.

Specializes in CCU, SICU, CVSICU, Precepting & Teaching.
18 hours ago, Oldmahubbard said:

Very interesting. The job market out there must be such that they can replace the 50 people very easily.

It may hurt them to replace 50 employees, but I'm guessing the optics of not replacing them would have hurt more.

Specializes in CCU, SICU, CVSICU, Precepting & Teaching.
1 hour ago, Destiny08 said:

Wow! Many voiced they didn't go past the name screen. I work with a nurse now, and she is always looking up my patients information. I told her that's a HIPPA violation. Her reply is, "Well I'm charged tonight." Gonna see where that charge phrase gets her when they catches her. All hospitals do random audits. Like the reading said above, "there are audit trails."

A charge nurse has a responsibility for knowing what is going on with all the patients under her charge. That means accessing patient charts to double check that vital signs, I & O, lab draws and treatments have been done and checking the charting for accuracy, timeliness and thoroughness from time to time during the shift. Especially if the nurse is new to the unit or is known to be having difficulties. A charge nurse may also be responsible for chart audits -- ensuring that orders are taken off and carried out appropriately, that meds are given on time, that monitoring and procedures are charted correctly.

Yes, there are audit trails to see who has audited the charts, and as long as you stay in the charts of patients for whom you are responsible, you're good. The charge nurse is responsible for all of the patients.

One more thing while I'm on my soapbox -- the nurse in the room next to you may also access your patient's chart if you've ever asked her to cover you for a break, "drop down a set of vital signs for me," draw a lab or give a med. If she's sitting in her room in the ICU doing some charting and happens to glance up and see your patient in an alarm state, she may also access your patient's chart. Especially if you are busy cleaning up stool in another room, transporting a patient to CT or whatever. If I am in a room next to a new grad fresh off of orientation, you can bet I'll be keeping an eagle eye on the patient(s) and may look into their chart if I see something that needs investigating. You may get pulled into to the office to explain, although I never have. But you'll have a good reason for being in the chart.

Specializes in CCU, SICU, CVSICU, Precepting & Teaching.
47 minutes ago, JKL33 said:

This should be utterly basic information that is not even a question in any nurse's mind anywhere.

We do not have a "need to know" with regard to anything (including presence in a facility) about any patient for whom we have no legal duty/responsibility. If we have some form of responsibility to/for them, that is another matter. If we don't, we have nothing but curiosity, as you note.

Yes of course facilities can see what you are "curious" about. It is 2019 and every nurse should assume all activities in the medical record system are able to be monitored, including your every click and keystroke.

That is incorrect. Also, it is HIPAA, not HIPPA. Being in charge will likely get her pretty far with regard to accessing records unless the information is not being used appropriately or the access of records goes beyond what is necessary for the role.

Being in charge is a responsibility that legitimately includes some review of or use of or knowledge of information about patients who are under the direct care of another RN. Even something completely basic like making fair assignments or assisting newer nurses may involve such information. The law generally allows for activities that facilitate patient care.

This is not difficult. Some activities clearly support the care of the patient and/or other activities directly related to provision of care, and some clearly don't.

I have always found that if I don't want to go on "60 Minutes" and explain why I accessed the chart, gave two doses of a prn med at the same time, increased that morphine drip or dismissed that complaint, I had best not do those things. It has served me well.

24 minutes ago, Ruby Vee said:

A charge nurse has a responsibility for knowing what is going on with all the patients under her charge. That means accessing patient charts to double check that vital signs, I & O, lab draws and treatments have been done and checking the charting for accuracy, timeliness and thoroughness from time to time during the shift. Especially if the nurse is new to the unit or is known to be having difficulties. A charge nurse may also be responsible for chart audits -- ensuring that orders are taken off and carried out appropriately, that meds are given on time, that monitoring and procedures are charted correctly.

Yes, there are audit trails to see who has audited the charts, and as long as you stay in the charts of patients for whom you are responsible, you're good. The charge nurse is responsible for all of the patients.

One more thing while I'm on my soapbox -- the nurse in the room next to you may also access your patient's chart if you've ever asked her to cover you for a break, "drop down a set of vital signs for me," draw a lab or give a med. If she's sitting in her room in the ICU doing some charting and happens to glance up and see your patient in an alarm state, she may also access your patient's chart. Especially if you are busy cleaning up stool in another room, transporting a patient to CT or whatever. If I am in a room next to a new grad fresh off of orientation, you can bet I'll be keeping an eagle eye on the patient(s) and may look into their chart if I see something that needs investigating. You may get pulled into to the office to explain, although I never have. But you'll have a good reason for being in the chart.

As a new grad, I'm grateful for crusty old bats and battle axes (terms of endearment) such as yourselves. Please keep your eagle eyes and ears on me and my pts.

With gratitude,

Baby Chickens

Being “Charged” will only CYA if that patient was in house and actually under your supervision and you had a reasonable excuse for accessing the chart. Accessing their information without cause and at any other time is obviously inappropriate and likely leaves you at risk to twist in the wind...

Boggles my mind that anyone would assume a single keystroke goes unmonitored today.