Nebraska Medical Center Data Breach (2014)

Two hospital employees have been fired for illegally accessing the electronic health record (EHR) of a Massachusetts physician who was being treated for Ebola in the facilitys isolation unit. The HIPAA violation was discovered by Nebraska Medical Center officials conducting an audit of their EHR system, according to a statement released by the Omaha, NE-based facility. Richard Sacra, MD, contracted Ebola while working as a medical volunteer in Liberia. He was flown back to the US in September and was placed in a specialized isolation unit, one of only a handful like it in the country. The unit featured a remote monitoring system which allowed Sacra to communicate with his family members via videoconferencing technologies. In its statement to the media, hospital officials said the unauthorized access of Sacras record constitutes a HIPAA violation, an issue we take very seriously, the statement said. Based on the results of the investigation conducted, two employees no longer work for the organization and other corrective action has been taken. The hospital said it informed Sacra about the breach prior to his discharge from the facility. The incident should serve as a reminder to providers that the records of patients with extra notoriety, such as the potentially panic-inducing diagnosis of Ebola, may require an extra measure of security. As is often the case of breaches involving celebrities, the level of curiosityor perhaps the price tagfor information of this nature is high.