News, Developments, and Insights

high-tech technology background with eyes on computer display

This cartoon is about snooping, one of the most common HIPAA violations.  HIPAA prohibits accessing information that people don’t need to do their jobs.   It can be easy to look at electronic medical records, and people who snoop in this way might not perceive it as wrong.  But the cartoon invites people to imagine how creepy the snooping would appear if it were occurring right in front of patients.  Computers remove the interpersonal dynamic, making it harder for people to fully appreciate the wrongfulness of their conduct.

Though the high-profile, celebrity snooping incidents garner all the media attention, smaller cases affecting everyday individuals make up the bulk of the cases and legal activity.  A large number of inappropriate access claims involve people checking on protected health information (PHI) about family and friends.  Snooping is not intended maliciously.  Often a concerned staff member will access the patient records of a family member or acquaintance out of worry or concern.  In one case, a nurse in New York was fired for disclosing a patient’s medical history to warn a family member who was romantically involved with the patient of the patient’s STD.

It is important to note that even if the information in the record is simply viewed, not communicated or distributed, a HIPAA violation has still occurred. For example, a California teacher discovered her ex-husband’s new wife who worked in medical records at the local hospital had accessed her records more than a dozen times.  The clerk lost her job and received a misdemeanor charge while the hospital paid $25,000 to resolve the claim.

Many people mistakenly think that if they have access to data, they can look at it.  So many incidents involve people doing foolish things because they either didn’t know better or didn’t understand the severity of the consequences.  People working in healthcare need to understand the penalties for violating HIPAA so their curiosity doesn’t get the best of them.

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics.  Professor Solove also posts at his blog at LinkedIn.  His blog has more than 1 million followers.

NEWSLETTER: Subscribe to Professor Solove’s free newsletter (2x per month).  

TWITTER: Follow Professor Solove on Twitter.


Check out our HIPAA training game by finding HIPAA violations in a hospital setting.


Spot the Risks: HIPAA Privacy and Security