MINNEAPOLIS (FOX 9) - George Floyd's confidential medical information at Hennepin County Medical Center was improperly accessed multiple times by employees, according to an attorney representing Floyd's family.
When Floyd was brought to the emergency room of Hennepin Healthcare, he was listed under a pseudonym, “Bronze Tennessee.” This is a practice done in high profile cases to conceal a patient’s identity.
A source with direct knowledge told FOX 9, Hennepin Healthcare performed an audit and discovered that a total of 18 people accessed Floyd’s private health information under the name “Bronze Tennessee.” The internal investigation found five of those cases were legitimate medical reasons, but 13 of those employees — which includes three nurses, a lab technician, a social worker, and a paramedic — have been fired by Hennepin Healthcare.
The terminated employees may still seek a grievance or arbitration.
Since it was a violation of HIPAA, the federal health care privacy law, the hospital was required to contact Floyd’s next of kin. According to attorney Antonio Romanucci, Floyd's family received a letter notifying them of the data breach. The legal team is "exploring all of our remedies" in response to the data breach.
"When George Floyd was desperate for a breath, the city of Minneapolis pushed on his neck further. And even after death, he was abused and mistreated by the system. Shameful," said Romanucci in a statement.
In a statement, Hennepin Healthcare stated it does not comment on specific cases due to patient confidentiality. However, the organization stated it is routine to conduct privacy access audits. Access to medical records is logged and if a violation of patient confidentiality occurred disciplinary action, including termination, can be taken.
Floyd died on Memorial Day after he was taken into custody by Minneapolis police. During the arrest, an officer held a knee on Floyd's neck for more than eight minutes, while Floyd repeatedly said he could not breathe.
Full statement from Hennepin Healthcare
"It is the practice of the Hennepin Healthcare Information Privacy Department to conduct privacy access audits. Access to the Hennepin Healthcare electronic medical record by our workforce is tracked and logged, which supports our auditing efforts. Any breach of patient confidentiality is taken seriously and thoroughly investigated. If it is determined that a violation has occurred, disciplinary action up to and including termination can be used. Additionally, Hennepin Healthcare complies with federal information privacy regulations which require notification to patients about a confirmed privacy breach. To maintain patient confidentiality, we do not comment on specific cases."