An article in the September issue of Healthcare Risk Management’s HIPAA Regulatory Alert, “Hospital Terminates Employees for Allowing Another to Do Their Jobs,” discussed a recent incident at Mass General Brigham in Somerville, MA. Upon investigation, the hospital discovered that two employees inappropriately allowed a third person, who was not a hospital employee, to perform some of their job duties. Rivkin Radler’s Ashley Algazi was quoted in the article.
Ashley pointed out that all employees of a HIPAA covered entity should have a unique username and password to allow the employer to track unusual activity and identify potential breaches. “Ultimately, good employee management is required to identify
if your employee is offloading their work to an outside party,” she said. Ashley listed the following possible red flags regarding employees:
- Being evasive or unable to answer questions about their work;
- Being unavailable during regular business hours;
- A sudden change in the quality of their work product; and
- Unusual communications or file transfers to outside the organization.
Sign up to receive Rivkin Rounds at www.RivkinRounds.com.