A medical assistant and five other medical personnel have been fired from their positions after inappropriately accessing records of patients — reportedly including Kim Kardashian — at Cedars-Sinai Medical Center in Los Angeles. The reality TV starlet gave birth in the hospital on June 15 to a girl named North, her first child with rapper Kanye West. The alleged breach of her records took place sometime between June 18 and June 24. While the LA Times states that the hospital would not release the names of the patients affected, TMZ reports that Kardashian was notified that she was one of the victims.

The culprits have not been named, but one was a medical assistant employed by the hospital, four were employees of outside physicians whose patient records were housed in the hospital’s electronic records system and the other was an unpaid student research assistant working in the hospital. One of the perpetrators accessed 14 records inappropriately, but the others looked at only one — most likely Kardashian’s. That was enough, however, to cost them their jobs.

Betrayals of privacy like this are taken seriously because the Health Insurance Portability and Accountability Act limits what health information can be disclosed without a patient’s permission. Violations of this law can result in criminal charges and fines of up to $50,000 per incident. There’s not yet any indication that the culprits released any of the information they accessed, but reportedly private details of the birth did leak to the press — one way or another.

This case highlights the need for medical assistants to protect patients’ privacy. Handling patient records is typically one of a medical assistant’s primary duties, and they should treat the information in them as highly sensitive, accessing it only for professional purposes and safeguarding it by following office rules regarding computer passwords and other protective measures.

Even if the information isn’t used for criminal activity like identity theft or insurance fraud, the mere breach of privacy can have dire consequences for both a medical assistant and his or her employer. In a 2008 case similar to the one at Cedars-Sinai, an employee of UCLA Medical Center was convicted of selling the medical information of celebrities such as Britney Spears and Farrah Fawcett to the National Enquirer. She faced a maximum punishment of 10 years in prison, three years of supervised release and a $250,000 fine, but she died before sentencing. On top of that, UCLA had to pay more than $800,000 in penalties. A year later, Kaiser Permanente’s Bellflower hospital forked over more than $400,000 in fines when employees inappropriately accessed patient records, including those of “Octomom” Nadya Suleman.

(Sources: LA Times, TMZ, New York Daily News)