A nurse was fired from a Kentucky hospital after she told a physician and EKG technician to wear gloves for a procedure – because the patient has Hepatitis C. The patient was behind a privacy curtain, with other patients and staff nearby.
The patient complained to the hospital that the nurse revealed his diagnosis to nearby patients and staff who overheard her. The nurse was fired for violating HIPAA, and sued the hospital for wrongful termination. The nurse argued that she did not violate HIPAA, because her disclosure was “incidental” and permitted under HIPAA.
The nurse lost at trial, and, later, on appeal. The appellate court stated: “…even if [the hospital] were objectively wrong that [the nurse] violated HIPAA’s patient confidentiality provisions, [the nurse] cannot rely on HIPAA as a basis for a wrongful discharge claim, since HIPAA’s confidentiality provisions exist to protect patients and not healthcare employees.”
The nurse also sued the hospital for defamation. The nurse said a hospital employee defamed her when she reported the nurse’s HIPAA-based termination to the Metropolitan Louisville Healthcare Consortium. The Court upheld the trial court’s finding that no defamation occurred, because the hospital told the truth: the nurse was in fact terminated for violating HIPAA after she disclosed more information than the minimum necessary.
This is just one Kentucky court’s opinion – and keep in mind that the OCR has not released any enforcement regarding this instance. But, this lawsuit is an example of two things:
- A provider successfully firing someone for violating HIPAA; and
- An ongoing need to train staff on common HIPAA risks