Sophos Cloud Optix
Six medical workers have been fired from Cedars-Sinai hospital for illegally accessing patient records, the Los Angeles Times reported on Friday.
Cedars-Sinai officials sent the newspaper a statement saying that 14 patient records were “inappropriately accessed” between June 18 and June 24.
Four of the workers let go were employees of community physicians who have medical staff privileges at the hospital.
One of the members of staff was a medical assistant employed by Cedars-Sinai, and one was an unpaid student research assistant.
A hospital spokeswoman declined to name the patients whose data was breached, but she told the LA Times that all the affected patients have been notified.
I guess it’s not surprising to hear that employees would ignore strict patient privacy regulations at this hospital, in this city, above all others.
The lure of insider knowledge about celebrities is evidently too tempting for some healthworkers to avoid.
Some examples the LA Times points out:
- UCLA Health System workers in 2008 snooped into the medical records of Britney Spears, Farah Fawcett and Maria Shriver, among others. One former employee was convicted of selling celebrity medical information to the National Enquirer. UCLA agreed to pay $865,500 as part of a settlement with federal regulators.
- Employees at Kaiser Permanente’s Bellflower hospital pried into the records of “Octomom” Nadya Suleman, leading state regulators to levy a $250,000 fine.
- At Cedars-Sinai, a former employee was convicted in 2009 of stealing patient information to defraud insurance firms.
Cedars-Sinai in particular is known as Hollywood’s glamour hospital.
Juicy nuggets about incredibly famous people leak out of the place like … well, I can’t think of a simile that doesn’t include colostomy bags or syringes, but let’s just not go there.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 made such disclosures of celebrities’ maladies taboo in the US.
HIPAA set limits on what health information can be disclosed without the patient’s permission and instituted potential fines of up to $50,000 per violation.
In some instances, HIPAA violations can lead to criminal charges.
The LA Times reports that five of the Cedars-Sinai workers accessed a single patient record, while one looked at 14.
The violators will never again be allowed access to the hospital’s records, even if they manage to get hired by other health providers, the hospital said.
Three of the doctors had given their login credentials to employees – a violation of hospital policy.
The staffers used the credentials to access confidential patient records.
In one instance, a physician had requested login credentials for an employee to assist in billing.
Hospital officials haven’t detected any signs that the terminated employees committed any crimes, but they plan to notify law enforcement “out of an abundance of caution”, the LA Times reports.
I’m just glad I don’t work in healthcare. Obviously, I can’t resist this stuff.
Neither can healthcare workers, it seems.
It’s up to the physicians who are entrusted with this information to shield their employees from their human natures.
Hopefully, the additional privacy training the hospital plans to give to physicians, plus extra “safeguards and redundancies” to the computer system’s security, will help to keep staffers from prying into this irresistible (and potentially lucrative, if you sell it to a tabloid) privacy-abusing candy jar.
Image of Hollywood sign courtesy of
Vacclav/Shutterstock.com.
Being as this is in a "Hollywood Reality World", I wonder if the investigations will also include determining if the movie star's press secretaries may also be involved to boost their client's visibility in the tabloid press. It's not unheard of in that world, who's well known saying is "there's no such thing as bad publicity".
HIPAA has had unintended consequences. It intended, among other things, to prohibit just such snooping and disclosure of confidential information as was described in this article. Unfortunately, the fear of incurring sanctions and fines has led to the inability to access medical records for legitimate purposes, such as to find out the medical history of a patient who for some reason is unable to disclose it himself. Also, a referring hospital can often not obtain feedback on the outcome of a patient whose care began at the referring hospital and was completed at a referral center. Such feedback could be quite useful in guiding the care of future patients with similar conditions.
It is abuse of the medical records, as described by this author, and the fines and publicity attendant to such crimes, that hinder the legitimate use of medical information, and that does not benefit anyone.
hospital workers are held to a higher level of accountability than the president of the USA ?
"I guess it's not surprising to hear that employees would ignore strict regulations against patient privacy at this hospital…"
Regulations against patient privacy? Surely you meant something else.
Thanks for pointing it out Nigel, it’s now fixed.
Surely these staff were not 'let go' but summarily dismissed – they were given the sack.
The term 'let go' suggests they were allowed tom leave of their own free will but I trust they were dismissed from their jobs with no benefits or compensation.