A number of staff of a Los Angeles Hospital will likely lose their jobs for reading Britney Spears’ medical records.
The Los Angeles Times says workers at the UCLA medical centre looked at Spears’ confidential files when she was admitted to the hospital in January.Jeri Simpson, the hospital’s head of human resources, confirmed to the AP news agency that several staff would be disciplined or fired over the incident.”It’s very frustrating and it’s very disappointing,” she said.According to the Los Angeles Times, 13 staff – none of them doctors – will lose their jobs.
[source]It is very disconcerting to consider the fact that a dozen or so irresponsible trogs who happen to work for a major hospital have access to anyone’s medical records. It can’t possibly be the case that Britney Spears’ records are somehow more accessible than, say, yours or mine. It must, rather, be the case that the kind of protection that medical records get is based on a misplaced sense of trust for those with some kind of access. This is a guess, but I think a reasonable one.In a way, it is good that the stars are getting their medical records pilfered for fun and profit. Perhaps the outcry from this sort of event will lead to improvements in the way privacy is maintained.
I used to work for an electronic medical records company. The way we would secure the records is by recording any access to them. (Everyone knew access was logged; you want people to know their access is logged. They still had to log on to see any medical records.) You could designate a person’s medical records as sensitive (the entire record). In those cases the medical professional could still access the data, but they had to give a positive response that they knowingly were accessing sensitive information.The reasoning was that it was more important to let medical professionals access medical information that they may need and record the fact that they had done so than not allowing them to get at the information at all. Could more sophisticated checks be put in place -> eg only a select list of people could see a chart.? Yes, however that becomes very unweidly in a medical emergency where it is vital to know the information. (eg any known allergies, prior medical history, current medications, results of labs etc.)The penalties for violating HIPPA are very strict and taken seriously at hospitals.
As the commenter above points out, access to electronic medical records generally has a warning and access logging rather than a hard stop since while protecting people’s privacy is important, preventing people from accessing someone’s record when they have a legitimate need is considered far worse. The access logging generally is enough to scare off people who don’t have a legitimate need to look at the patient’s chart and it’s probably how they know who looked at it.
i’d be interested to know just what positions these people held, and what kind of network access they had.access logging is generally fairly easy, certainly easier than locking people out of a system, but there’s almost always some alternate way into the data store if you have the right sort of access. “systems administrator”: the only person in the corporation who, despite being paid little more than the unionized janitors, has more access to confidential information than the CEO does. after all, somebody has to maintain the actual back-end database these records get stuffed into…
At our hospital, every access is logged. Perhaps these folks don’t know that their hospital likely does this, or figure the payoff might be worth it.At least in my part of the country, losing a job basically means losing a house.