NP Privacy Partner
Search Nixon Peabody's Data Privacy and Cybersecurity blog  Nixon Peabody on Twitter Nixon Peabody on YouTube
Subscribe:Nixon Peabody's Data Privacy and Cybersecurity blog  Nixon Peabody's Data Privacy and Cybersecurity blog
Share Print View
Curiosity leads to 13 terminated employees in 2017 at Medical University of South Carolina

In February 2018, Medical University of South Carolina (“MUSC”) announced during a meeting with its board of trustees that 13 employees were terminated in 2017. The administrators of MUSC determined that these employees accessed patient records without permission. Such access without permission is considered “snooping.” Studies have found employee snooping is one of the biggest threats to HIPAA privacy. Snooping usually occurs when an employee views medical records of their friends, family, work colleagues or a celebrity without authorization because such employee is curious of why such person is there/what treatment they are receiving.

Such snooping is considered a breach under HIPAA. HIPAA provides three exceptions to the definition of ‘breach.” One exception applies when an employee of a covered entity unintentionally accesses or uses protected health information but such access or use is made in good faith and within the scope of authority. However, the Department of Health and Human Services, Office for Civil Rights (OCR) has provided that this exception does not apply to snooping employees because snooping is neither unintentional nor done in good faith.

In order to monitor snooping, MUSC has designated certain employees to monitor the news to identify any possible patients making the news. At times, some employees will snoop in a patient’s record after that patient is discussed in the news. Eleven of fifty-eight privacy breaches at MUSC in 2017 were categorized as snooping.

A MUSC spokeswoman also issued a statement regarding the terminations based on snooping and provided that “[s]ome breaches are simply a case of information being faxed to the wrong clinic location, whereas others can involve misplaced curiosity or malice” and “[t]ransparency is incredibly important, and necessary, to prevent and discourage future breaches…”


There are no comments yet for this post.
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.
* indicates a required field


Body *

Date *


Privacy Policy | Terms of Use and Conditions | Statement of Client Rights
This website contains attorney advertising. Prior results do not guarantee a similar outcome. © 2018 Nixon Peabody LLP
Sort by AttachmentsParentCategory