UHealth employees allegedly violate HIPAA policy, face possible punishment

Several University of Miami Health System (UHealth) employees face disciplinary action, including the possibility of termination, for allegedly accessing patient records protected by the federal Health Insurance Portability and Accountability Act (HIPAA), according to an e-mail memo obtained by The Miami Hurricane.

In the March 18 memo, two top administrators at UM’s Miller School of Medicine said an internal investigation found that several unidentified UHealth employees “violated HIPAA regulations and our policies by improperly accessing … their own medical records and those of their family members as well as abusing systems privileges by making medical appointments for themselves and/or their relatives.”

The memo, sent by William Donelan, vice president for Medical Affairs, and William O’Neill, executive dean for Clinical Affairs, did not provide further details concerning why employees may have accessed patient records.

On Wednesday, Sharon Budman, the interim chief privacy officer/ombudsman, suggested that the e-mail was intended to remind the school’s students, faculty and staff of its commitment to protecting the privacy and confidentiality of UHealth patients.

“The e-mail was an internal notification to emphasize the importance of privacy,” Budman said in a phone interview.

The memo also advised students, faculty and staff that discussing a patient’s health information with someone not involved in the case would violate HIPAA rules as well.

According to the UHealth Web site, the network includes six hospitals and more than two dozen outpatient facilities in Miami-Dade, Broward, Palm Beach and Collier counties, and it employs more than 1,200 physicians and 8,000 staff.