Technology
e-Newsletter
Intelligence Unit Special Reports Special Events Subscribe Sponsored Departments Follow Us

Twitter Facebook LinkedIn RSS

Dealing with Data Breaches

Greg Freeman for HealthLeaders Media, January 23, 2012
Are you a health leader?
Qualify for a free subscription to HealthLeaders magazine.

This article appears in the January 2012 issue of HealthLeaders magazine.

You pick up the phone and someone tells you that a laptop containing thousands of patient files was left behind on the morning train. Or you learn that your own employees have been snooping into sensitive patient records for fun and profit. Or you discover that, for some odd reason, patient records have been posted on a completely unrelated public website for anyone to see, and they've been there for nearly a year.

Each of these scenarios has played out for some unfortunate healthcare executive, and they hold lessons in how to avoid such disasters, plus the best way to respond to such a crisis. Some of the most notorious HIPAA violations occurred within the UCLA Health System at the UCLA Medical Center, where singer Britney Spears was hospitalized in early 2008. After the Los Angeles Times reported that employees had been caught perusing Spears' records with no legitimate reason, the hospital confirmed the HIPAA violations, fired 13 employees, and took disciplinary action against others. It also suspended six physicians.

David Feinberg, MD, MBA, who became CEO for UCLAHS in 2007, says that the experience was a wake-up call for the health system, and that conditions have changed dramatically since then.

"It definitely was a crisis that we turned into a great opportunity," says Feinberg. "We had a very, very lax culture around privacy, and because we happened to treat an A-list of celebrities, it got national attention. But the reality was we were sloppy not only with celebrities, but also with a nurse looking at another nurse's records to see if she was really sick yesterday. That was our culture."

When the Spears case and other alleged violations came to light, the health system disclosed in April 2008 that it had discovered that several employees had snooped into the patient records of dozens of celebrities, including Spears, Tom Cruise, and Maria Shriver.

1 | 2 | 3 | 4 | 5

Comments are moderated. Please be patient.

1 comments on "Dealing with Data Breaches"


Stephen Dailey (1/18/2012 at 12:16 PM)
David: One component of Data Breeches that you did not comment upon is those breaches that do not occur at the provider faciilty and staff level. As a consultant for the Blue Cross and Blue Shield Association in 1994 and 1995 it was routine to access and use Hillary Clinton's Health Insurance Records to introduce staff to the National Accounts Claim System. I recall what I was shown in her insurance claims but will not share it. I was horrified. If health professionals have difficulty keeping their mouths shut and maintaining confidentiality, imagine the mountain 3rd party insurance payors must climb with simple claims examiners looking at records. Sure there are by now changes in policy in place but just imagine. Stephen Giles Dailey, FACHE 3729 Rhetts Landing Belleville, IL 62221