Two hospitals in Anoka County have fired 32 employees for accessing the medical records of patients without permission or a legitimate reason to do so. The employees accessed the medical records of certain patients that were hospitalized due to a massive drug overdose stemming from a party; the overdoses were considered a high-profile case. The HIPAA privacy regulations require hospitals to apply a “minimum necessary” rule, i.e., employees are only permitted to access information that they have a need to know in order to perform their job duties. The HIPAA Security Rule also requires hospitals and other covered entities to have the capability to audit employees’ access. The HIPAA Privacy Rule also requires hospitals and other covered entities to have appropriate disciplinary policies in place when violations of the rule are found. For questions regarding HIPAA compliance or for assistance with developing a HIPAA Privacy or Security compliance program, please contact a Wachler & Associates attorney at 248-544-0888.