Six medical workers have been fired from Cedars-Sinai hospital for illegally accessing patient records, the Los Angeles Times reported on Friday.
Cedars-Sinai officials sent the newspaper a statement saying that 14 patient records were “inappropriately accessed” between June 18 and June 24.
Four of the workers let go were employees of community physicians who have medical staff privileges at the hospital.
One of the members of staff was a medical assistant employed by Cedars-Sinai, and one was an unpaid student research assistant.
A hospital spokeswoman declined to name the patients whose data was breached, but she told the LA Times that all the affected patients have been notified.
I guess it’s not surprising to hear that employees would ignore strict patient privacy regulations at this hospital, in this city, above all others.
The lure of insider knowledge about celebrities is evidently too tempting for some healthworkers to avoid.
Some examples the LA Times points out:
- UCLA Health System workers in 2008 snooped into the medical records of Britney Spears, Farah Fawcett and Maria Shriver, among others. One former employee was convicted of selling celebrity medical information to the National Enquirer. UCLA agreed to pay $865,500 as part of a settlement with federal regulators.
- Employees at Kaiser Permanente’s Bellflower hospital pried into the records of “Octomom” Nadya Suleman, leading state regulators to levy a $250,000 fine.
- At Cedars-Sinai, a former employee was convicted in 2009 of stealing patient information to defraud insurance firms.
Cedars-Sinai in particular is known as Hollywood’s glamour hospital.
Juicy nuggets about incredibly famous people leak out of the place like … well, I can’t think of a simile that doesn’t include colostomy bags or syringes, but let’s just not go there.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 made such disclosures of celebrities’ maladies taboo in the US.
HIPAA set limits on what health information can be disclosed without the patient’s permission and instituted potential fines of up to $50,000 per violation.
In some instances, HIPAA violations can lead to criminal charges.
The LA Times reports that five of the Cedars-Sinai workers accessed a single patient record, while one looked at 14.
The violators will never again be allowed access to the hospital’s records, even if they manage to get hired by other health providers, the hospital said.
Three of the doctors had given their login credentials to employees – a violation of hospital policy.
The staffers used the credentials to access confidential patient records.
In one instance, a physician had requested login credentials for an employee to assist in billing.
Hospital officials haven’t detected any signs that the terminated employees committed any crimes, but they plan to notify law enforcement “out of an abundance of caution”, the LA Times reports.
I’m just glad I don’t work in healthcare. Obviously, I can’t resist this stuff.
Neither can healthcare workers, it seems.
It’s up to the physicians who are entrusted with this information to shield their employees from their human natures.
Hopefully, the additional privacy training the hospital plans to give to physicians, plus extra “safeguards and redundancies” to the computer system’s security, will help to keep staffers from prying into this irresistible (and potentially lucrative, if you sell it to a tabloid) privacy-abusing candy jar.Follow @NakedSecurity