LITTLE ROCK, Ark. – University of Arkansas Medical Sciences fired three employees over sharing an HIV patient’s private medical information.
The records included the patient’s name, age, surgical history, HIV status and employment information.
The hospital says the employees were fired after being accused of violating their HIPAA oath.
“We took action right away,” said Vice Chancellor of Communications and Marketing, Leslie Taylor.
According to UAMS an employee shared medical records of the HIV patient with a co-worker. Then that employee passed the records on to a friend who posted them on Facebook. The third employee knew all this was going on but never spoke up, which Taylor says is a violation of the hospital’s code of conduct.
“They know that this is something that they cannot do,” Taylor said. “They undergo lots of training and they know this is a fireable offense.”
Since breaking HIPAA is illegal, the hospital says it sent this case to the U.S. Attorney’s Office, who will decide if charges will be filed against the three former employees.
Right now the hospital says its focus is helping the patient whose privacy was violated.
“Their privacy and their safety is our primary concern, so we want to do what we can to support that patient,” Taylor added.
Melanie Ware, a Nurse Practitioner who now works as a Legal Nurse Consultant, says HIPAA violations should be taken seriously.
“That’s pretty basic information that’s shared with any new employee,” Ware said. “It’s part of their orientation, it’s something that’s really talked about and touched every day as you interact with patients.”
Ware says she hopes this incident will be used to improve policies and make sure this invasion of privacy doesn’t happen to another patient.
“As a patient as well, and as a mother of children, and family member, that information needs to be kept confidential,” Ware said.