Regulators fine five hospitals $675,000 for invasions of patient privacy.
SACRAMENTO, Calif. — At Marysville, Calif.’s Rideout Memorial Hospital, 17 security guards rifled through the personal health data of 33 patients, using computers to peer into what should have been private and protected electronic health records, state investigators said.
At the University of California, Los Angeles’ Ronald Reagan Medical Center, prying eyes invaded the digital lab records of a “deceased patient” — identified by some news accounts as Michael Jackson.
Last week, state regulators fined five hospitals $675,000 for these and other invasions of patient privacy. The disclosures were the latest to highlight the potential pitfalls of the national push to expand electronic health records.
Putting sensitive patient information on computers often means more people can get access to it. And human nature being what it is, some will take advantage.
Most Read Stories
“Technology can help us, but at the end of the day, there are human beings behind the machines,” aid Deven McGraw, the health privacy project director at the Center for Democracy and Technology.
Despite privacy concerns, the march toward electronic records continues — driven by the need for efficiency, cost savings and patient safety.
Advocates of digital records tout the technology as a valuable tool for improving the quality of care — by giving doctors and other health care providers instant access to patients’ medical charts.
The federal government has backed the effort with $36 billion in stimulus funds to help pay for health information systems.
Kaiser Permanente bills itself as an industry leader in electronic health records, despite its struggles to protect patient data.
Kaiser officials said the health system regularly monitors its employees’ digital trails “to discover inappropriate or unauthorized access” and requires all employees to comply with privacy policies.
Sometimes, though, written policies are no match for employees’ curiosity about patients — especially the rich and famous.
Last year, Kaiser fired 15 Southern California employees for illegally viewing the electronic file of the mother of eight who attained celebrity as the so-called “Octomom.”
When Michael Jackson showed up at the UCLA hospital on June 25, 2009, there was worldwide interest. When he died later that day, his fans wanted to know why.
While state investigators declined to identify the “deceased patient” that generated a $95,000 fine for the hospital, the Los Angeles Times said the breach stemmed from inappropriate access by four employees who “were curious”about information contained in the King of Pop’s medical records.
While paparazzi-hounded celebrities are natural targets, anyone could potentially fall victim to prying eyes, McGraw said.
“You don’t have to be a celebrity to have a neighbor who is very curious about you,” McGraw said. “It’s a problem for us ordinary folk as well. … People’s curiosity isn’t limited to famous people.”
Consumers, constantly warned about protecting their private data, are ever more wary of having their private lives invaded by digital snoops.
“This is serious stuff. If we want the public to trust these systems, (hospitals) have to do things to earn that trust,” McGraw said.
Electronic records do offer one advantage when it comes to privacy: a digital trail makes it easier to catch snoops.
In fact, the violations announced by state health investigators last Thursday were discovered through audits of computer records — and reported to the state by the institutions themselves.
When officials at Rideout Memorial discovered privacy breaches by 17 security guards, an investigation was launched and the findings reported, said Tresha Moreland, the hospital’s senior vice president for human resources.
The guards were mistakenly given access to medical records when they should have been given access only to patient names and room numbers. As a result of the investigation, Moreland said, some employees were fired.
Bobby Caina Calvan firstname.lastname@example.org.