An Iowa nurse lost her job because of a HIPAA violation. She also forfeited her unemployment benefits for sharing the pregnancy state of a 17-year-old patient to a member of the family without obtaining the patient’s authorization. Erica Hulsing has been employed at Waverly Health Center in Waverly, Iowa as a registered nurse since September 2016. She received a call on April 17, 2025 from a family member of the patient asking about the patient’s admission to the hospital.
The patient specifically asked that her pregnancy condition be kept private, but Hulsing advised the member of the family that the patient is expecting a baby. Because of the disclosure, the patient and members of the family submitted complaints to the hospital with regard to the disclosure, starting an investigation. The hospital confirmed that Hulsing had given away highly sensitive data concerning a patient to someone who was not permitted to obtain that information, since the relative was not stated on her agreement form. The hospital decided that protected health information (PHI) had been disclosed to unauthorized people. The disclosure furthermore violated hospital guidelines on work conduct, which leads to dismissal for gross misconduct.
Under HIPAA, patients have the right to ask for the restricted disclosure of their health data, such as disclosures of their health data to members of their family. Although patients below 18 years old are viewed as minors, when a 17-year-old agrees to health treatment under state legislation, the Privacy Rule typically lets the minor observe their own privacy rights.
Hulsing mentioned that she was not aware that revealing the patient’s pregnancy condition to a relative broke the HIPAA Regulations. Hulsing requested unemployment benefits while her case was being evaluated, and she received $4,214 in benefits; nonetheless, Administrative Law Judge Duane Golden decided that Hulsing wasn’t eligible to get unemployment benefits because her behavior constituted employment-associated misconduct, and Hulsing was directed to refund the $4,214 she acquired.
Disclosing patient details to any unauthorized person can have critical effects for the medical specialist and the patient. Seeing that this case plainly shows, insufficient awareness about HIPAA requirements is not a legitimate excuse for a HIPAA violation. In this instance, the patient’s instruction for privacy must have been honored, and the disclosure was done solely with the patient’s permission.
Healthcare specialists must be sure that they know about the HIPAA requirements, and should make sure that they are informed about state and federal rules. Healthcare companies should ensure that they give complete HIPAA training to all staff members to make sure they understand their obligations under HIPAA, and should boost training through yearly refresher training classes to help avert HIPAA violations on the job.
