In classified environments, information is only available on a need-to-know basis. If you have no official business pertaining to a file, then you don’t need to know. Healthcare professionals should consider HIPAA to be a similar environment.
Last year, Congress passed HITECH, which tightened restrictions on healthcare privacy and increased penalties for transgressions. Unauthorized access to patient records can lead to jail-time. A surgeon working as a researcher at UCLA was sentenced to jail under the HIPAA. What happened? Here’s the rest of the story:
Huping Zhou, a cardiothoracic surgeon, was working at the UCLA School of Medicine as a researcher. His employment was terminated, but UCLA’s IT department didn’t block his access to electronic medical records at the same moment; it took the university some time to process retraction of the doctor’s authorization to the database. In that interrum, Dr. Zhou accessed and read his immediate supervisor’s medical records, as well as those of former co-workers. Then, over the next few weeks, his curiosity led him to remotely access of other medical records he was unauthorized to see, including those of celebrity patients.