A data entry specialist in Minnesota who was fired for accessing medical records on behalf of a colleague was denied unemployment benefits by the Minnesota Court of Appeals in a recent decision that highlights the importance of zero tolerance policies for employers. The unpublished decision, Bingham v. Allina Health System, No. A10-872 (Jan. 11, 2011), involved an employee whose duties consisted of electronically scanning old medical records for storage, for which she had access to current patient medical data. A co-worker, who did not have the same access, asked the employee to retrieve her minor daughter’s lab test results. The employee did as her co-worker asked. Her conduct was discovered and she was promptly terminated for breach of company policy and violation of the Health Insurance Portability and Accountability Act (HIPAA).
The appellate court noted that the employer’s policy was worded in "emphatic terms" and required employees to keep confidential all patient information except their own, and prohibited them from participating in unauthorized computer access to view confidential data or accessing medical information except for business purposes. The policy said that there would be "no tolerance" for inappropriate access or sharing of patient information" and that failure to comply could lead to termination. The court also noted that the policy was meant to conform with the requirements of HIPAA, 42 U.S.C. Sections 1320d-1 – 1320-9.
Although the employee argued that she thought she had permission for her actions, the court relied on the written policy, HIPAA, and public policy in enforcing the zero tolerance provision. It found that the employee was not eligible for unemployment benefits because she had committed misconduct, as defined by state law.
The case is similar to periodic reports of health care employees improperly accessing confidential medical information of celebrities and public figures and shows that a well-crafted written policy is necessary and will be upheld by the courts.