Hospital Employees Fired for Celebrity Snooping

You’ve heard the saying “curiosity killed the cat,” well in the case of dozens of hospital employees, curiosity may have killed their careers.

Earlier this month, Chicago’s Northwestern Memorial Hospital fired dozens of employees who allegedly accessed the medical records of actor Jussie Smollett without authorization, according to numerous published reports.

The Empire actor was treated in the hospital’s emergency room for injuries he received in what he told police was an attack by two men on Jan. 29. Smollett was later arrested and charged with filing a false police report after police alleged the attack had been staged as a publicity stunt. The news made national headlines, which in turn, peaked a lot of interest.

The employees were let go for violating the Health Insurance Portability and Accountability Act or HIPAA, which is designed to protect patient privacy.

The employees ranged from caregivers to those in administrative positions. A number of employees have told the media that either they never actually accessed the information, or that they had authorization to do so. Some are appealing their termination. The hospital is not commenting, citing HIPAA.

The employees aren’t the only ones facing consequences. Federal law requires hospitals to report the breach to the U.S. Department of Health and Human Services, as well as to Smollett, (both of which likely are well aware after all of the publicity).

While some have claimed the hospital acted too quickly without giving the employees a chance to explain their actions, healthcare facilities have reason to act swiftly. Such a breach can result in significant fines (which can range from $100 to $50,000 per violation depending on the perceived level of negligence) and even criminal liability, which can result in jail time for those found to have violated the law.

Federal law is clear: Those working in the healthcare field should only have minimum access to information that allows them to do their job. Therefore, if an employee is not involved in treating a patient, they should not have access to a patient’s information. That can include something as simple as their name.

Celebrity-related HIPAA violations are nothing new. For example, in 2007, more than two dozen employees of Palisades Medical Center were suspended for accessing the medical records of actor George Clooney, who was taken to the New Jersey hospital following a motorcycle accident. In 2011, UCLA Health System was fined $865,500 for HIPAA violations caused by allowing the medical records of two unnamed celebrity patients to be accessed by non-authorized personnel. And, in 2013, Cedars-Sinai Medical Center in Los Angeles fired six people who inappropriately accessed the healthcare records of reality television star Kim Kardashian who gave birth at the hospital.

Healthcare facilities should have a policy, process and procedure in place to track and monitor the access of all medical records. Those who violate those policies should expect nothing less than to be fired.

The Health Law Offices of Anthony C. Vitale’s highly skilled team of experienced professionals can help you to create a compliance program designed to meet your unique needs. Give us a call at 305-358-4500, or send an email to and let’s discuss how we might be able to assist you.

Material presented on the Health Law Offices of Anthony C. Vitale's website is intended for information purposes only.

It is not intended as professional advice and should not be construed as such.