Pharmacy is a profession and an industry that is highly regulated, even in spite of the autonomy pharmacists enjoy in their practice. There are federal, state, and local laws and codes to which pharmacies are held accountable. These laws, rules, and regulations are mostly in place to protect the safety of patients and/or employees. One of the broader pieces of legislation still considered relatively recent is the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Among its many express rules are that patient confidentiality is to be maintained and that patient privacy must be protected.
Cohen et al evaluated employer responsibility for an employee’s unauthorized review of a patient’s confidential health record.1 Among the cases they reviewed was a $1.4 million verdict against Walgreens rendered and then upheld by the Indiana Court of Appeals. A Walgreens pharmacist had viewed the profile of a patient including their birth control records and then disclosed to the patient’s husband the identity of the father of the patient’s child. The pharmacist’s husband sent a text message to the patient, who was his former girlfriend. After investigation, Walgreens admitted that a HIPAA violation had occurred. Walgreens gave the pharmacist a formal warning and a mandate to re-complete HIPAA training, so early on the pharmacist seemed to have gotten off somewhat easily. However, the plaintiff (patient) sued the pharmacist and Walgreens for negligence, breach of privacy, and poor training (of the pharmacist). The monetary award in the verdict was the shared responsibility of the pharmacist, the pharmacist’s husband, and Walgreens.
Abiding by HIPAA is a very serious matter, as is the case with many other laws, rules, and regulations. Pharmacist managers are responsible for knowing the law, and that other persons reporting to them are familiar with and abiding by the law. Effective education and training of employees in pharmacy is absolutely critical.
Additional information about Compliance with Regulations and Regulatory Bodies can be found in Pharmacy Management: Essentials for All Practice Settings, 4e. If you or your institution subscribes to AccessPharmacy, use or create your MyAccess Profile to sign-in to Pharmacy Management: Essentials for All Practice Settings, 4e. If your institution does not provide access, ask your medical librarian about subscribing.
1Cohen LT, Millock PJ, Asheld B, Lane B. Are employers responsible for an employee’s unauthorized review of a patient’s confidential health information? J Am Coll Radiol. 2015;12:412-414.