Woman’s Secret Adoption Exposed During Tampa General, USF HIPAA Breach


HIPAA violations and breaches involving security, administrative, or technical safeguards occur on a regular basis. A recent violation was reported in  The Tampa Bay Times explaining how a relative who spied on data in an Electronic Health Record (EHR) exposed a patient’s secret.

Jennifer Jones, age 29, delivered a baby girl at Tampa General Hospital almost five years ago. Jennifer, and lifelong partner David Harrison chose to place the baby up for adoption. They didn’t want anyone to know about this and made sure not to tell family members.

However, Jennifer’s relative, whose job as a nurse gave her access to the hospital’s medical records, decided to go snooping and found out. Not only did this relative access Jennifer’s medical records inappropriately, but she also caused a privacy breach when she told other members about the secret.

The couple hoped they could keep the experience quiet and thought that since the court records were sealed that they’d be able to. However, in 2010, David’s Aunt, Nadine Mcnew found the records and gave printouts to another family member.

The incident showcases how easy it is to access records, and how hard it is to keep health information secure. Jennifer’s relative was able to look up her chart from a computer outside of the hospital several years after the birth.

“The damage is done,” said the 29-year-old who is raising two sons out of the area. “I am the one who has to live with the fear of someone telling my children, or just knowing deep down that people that I don’t know very well have a very deep dark secret of mine that I didn’t want them to know. That’s a scary feeling.”

While Tampa General and University of South Florida (USF) Officials have acknowledged the breach, they’ve remained silent and decline to discuss the details due to patient privacy laws. As for Nadine, University records show that she worked at USF from November 2009 to August 2012, and was rehired in late 2012, only to be fired on June 6, 2013.

Officials at both institutions said they do their best to educate employees about federal laws protecting patient privacy, and they warn that breaches will result in termination. However, neither Tampa General nor USF have plans to change their policies as a result of this incident.

It’s important for employees to be educated on their responsibilities to protect patient information. They must be aware of the risks, and know that they can be fired in the event of a breach. Patients should have the assurance that their private health information is always kept private and protected.

For more information about HIPAA compliance and security call our team of IT professionals.

We're Integris. We're always working to empower people through technology.

Keep reading

Nine Policies and Procedures for Compliance with HIPAA

Nine Policies and Procedures for Compliance with HIPAA

The HIPAA Security Rule was enacted in 1996 by the U.S. Congress, designed to establish national standards to protect individuals’ electronic personal health information used and/or stored by a covered entity. The HITECH act states that all healthcare providers will...