Kaiser fires 15 workers for snooping in octuplet mom's medical records
Another eight hospital employees disciplined for improperly accessing Nadya Suleman's files
Computerworld - A Kaiser Permanente hospital located in a Los Angeles suburb has fired 15 employees and reprimanded eight others for improperly accessing the personal medical records of Nadya Suleman, the California woman who gave birth to octuplets in January.
The unauthorized accessing of Suleman's electronic records at the medical center in Bellflower, Calif., violated a California law designed to safeguard the privacy of health care data, according to Kaiser spokesman Jim Anderson, who said the snooping incidents have been reported to the California Department of Public Health.
The improper activities were discovered as a result of increased network monitoring procedures that the hospital implemented in anticipation of the huge public interest in Suleman following the birth of the octuplets, Anderson said.
"We have known since she came into the hospital that at some point, this would be a fairly widely reported story," he said, adding that Kaiser also conducted extra training before Suleman was admitted to the hospital to remind employees about the importance of keeping patient data confidential.
Anderson said Suleman was first notified of the breaches about 10 days ago, initially to inform her that eight people had accessed her records without authorization. She later was told that Kaiser had found that an additional 15 employees had done so. There is little evidence thus far that any of the fired or disciplined workers accessed the files for any reason other than personal curiosity, Anderson said.
Suleman shot into the public and media spotlight when she became only the second person in the U.S. known to have delivered a set of living octuplets. At the time, Suleman was already the mother of six children — a fact that added an element of controversy to the births, fueling even more interest in her.
Data-snooping incidents such as the one at the Kaiser Permanente Bellflower Medical Center highlight the lack of adequate security controls that hospitals and other entities in the health care industry have for protecting patient records, said Deborah Peel, founder and chair of Patient Privacy Rights, a watchdog group in Austin.
"The state of health IT access controls is abysmal, atrocious and outdated," Peel said. She claimed that what happened at Kaiser "can and does happen" on a broad scale at hospitals across the U.S. because of their continued reliance on "primitive" security controls that haven't been updated in decades.
Unlike in industries such as the financial services sector, where role-based access control is the norm rather than the exception, a wide range of workers at health care providers can get access to patient data whether they need to have such access or not, according to Peel.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have. All Privacy White Papers | Webcasts