Hospitals Move to Tighten Data Security

Dom Nicastro, September 15, 2010

Mayo Clinic has fired an employee at a business center in Arizona because they accessed nearly 2,000 patient medical and financial records over a four-year period—just to take a peek, the Post-Bulletin of Rochester, MN, reports.

The employee accessed an estimated 1,700 patient records, Mayo spokesman Chris Gade told the Post-Bulletin. The employee's access rights covered all Mayo Clinic patient records at all Mayo sites.

Officials discovered the breach in mid-July. They did not release the name of the healthcare worker.

"This activity took place between 2006 and 2010. An internal investigation was immediately launched. Following a thorough review of the facts, the person was fired," Mayo said in a statement.

This isn't the first hospital to deal with a worker snooping at patient records.

Kaiser Permanente Bellflower Hospital in Los Angeles in May 2009 was assessed a $250,000 fine because 23 employees at a number of Kaiser facilities with access to electronic medical records unlawfully breached the privacy of a patient who gave birth to octuplets earlier in the year.

Snooping landed another in jail earlier this year. United States Magistrate Judge Andrew J. Wistrich sentenced a former UCLA Healthcare System employee who admitted snooping at patients' records to four months in prison April 27, according to the U.S. Attorney's Office in the Central District of California.

Huping Zhou, 47, of Los Angeles, admitted to illegally reading private and confidential medical records, mostly from celebrities and other high-profile patients, the federal California attorney's office said in a release.

Dom Nicastro Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
Facebook icon
LinkedIn icon
Twitter icon