Posted on 01/28/2006 3:57:10 AM PST by Excuse_My_Bellicosity
Intermountain Healthcare has fired two employees at Cottonwood Hospital in Murray after news media reportedly were alerted to the medical condition of LDS Church President Gordon B. Hinckley through an e-mail.
The 95-year-old president of The Church of Jesus Christ of Latter-day Saints underwent surgery at LDS Hospital to remove a cancerous growth earlier this week. He was recovering on schedule and doctors were pleased with his progress, church spokesman Dale Bills said Friday on the faith's Web site, lds.org.
Aryn Nelson, a gastroenterologist technician, said she was terminated on Wednesday because she had given her log-in information to a worker whose Internet privileges had been taken away.
Nelson said hospital officials told her the other employee allegedly signed in under Nelson's name and sent an e-mail to media outlets Tuesday, saying Hinckley was in the hospital.
Nelson admits giving out her log-in information.
"It's really upsetting to me," she said. "You put all you can into a company you hope you'll retire from, and overnight it's shattered. They wouldn't even show me the e-mail. They just fired me."
Nelson plans to appeal her termination.
LDS Hospital spokesman Jess Gomez said he could not discuss specific personnel issues. He did say, however, that all new Intermountain Healthcare employees go through orientation, in which they learn about the company's password policy and patient privacy measures mandated by the Health Insurance Portability and Accountability Act (HIPAA).
“It's something we take very, very seriously," Gomez said "All of our employees have passwords and access codes in order to access medical information for patients in which they are a direct provider of care. Our policy is that employees safeguard their passwords and access codes so we can ensure privacy and confidentiality for our patients. A violation of that policy can result in termination."
Nelson said she knew the policy but says that workers sharing log-ins isn't uncommon.
HIPAA went into effect in 2003. Part of the act sets standards for patients' privacy. Doctors, nurses or other health-care employees who give out information about a patient without the patient's consent would be violating the law.
Violations can draw fines and jail time.
"That would be a very clear violation of HIPAA standards," said Douglas Springmeyer, an assistant attorney general who worked on a guide explaining the complex guidelines.
HIPAA privacy rules are enforced by the Office of Civil Rights in the federal department of Health and Human Services.
Anyone who believes their privacy rights were violated would need to go to that department's Web site (http://www.hhs.gov/ocr/hipaa/) and file a complaint to the Denver regional office.
The office would conduct an investigation and decide if sanctions were appropriate.
chamilton@sltrib.com
Certainly the employee who sent the email should be fired post haste.
As for Nelson, she deserves a reprimand and maybe even suspension, but firing seems excessive if this is her first personnel offense. Unless they're just trying to make an example of someone.
I used to work at Cottonwood Hospital in the IT department. I was a Network Engineer / System Admin. Trust me, they take patient confidentiality very seriously and everyone knows, you release info about a patient, no matter who it is, and you're fired.
so what information was released - does humpty dumpty really have a crack in his egg shell.
Ping
At the hospital where I work, this would be very serious and could lead to termination. If she gave her password to someone else, it's her fault, and since it was released on her password, there's no proof she isn't really the one who released the information against HIPAA policy. She knows the rules...
Yeah but all she has to do is show it is routine and she'll get $$$$$. The hospital isn't going to let someone die because a technician can't remember a userid/password. Borrowing userid/passwords is fairly common in the functional world. Especially if it took long periods to reset passwords.
From the article:
she was terminated on Wednesday because she had given her log-in information to a worker whose Internet privileges had been taken away.
Seems the leaking worker didn't have a "memory" problem.
Don't give out your login password.
Don't give out your login password.
Don't give out your login password.
That is all.
No problem. I've got my password taped to the underside of the keyboard.
At least you have deniability that way. It is better to appear stupid that mendacious.
At a very security-conscious company, I was told at orientation: "If you can't be bothered to put a screen-saver password on your computer, don't worry about it. The VP of Engineering will set one for you. He just won't tell you what it is." :=)
In my "functional world", you get a couple of infractions before you get fired. If you give somebody your login and password on a first offense, you have to read and sign a statement, take supplemental training, and give a training lecture to the office on why it is very bad to give your username and PW to somebody else.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.