Breach into 'Octuplet Mom's' medical records highlights privacy issues again
Fifteen Kaiser Permanente employees have been fired and another eight disciplined for sneaking a peek at the medical records of octuplet mother Nadya Suleman, the Los Angeles Times reported Monday.
The incident puts the spotlight once again on what some critics say are security and privacy issues that threaten to stall the adoption of healthcare information technology.
The babies - six boys and two girls - were delivered at Kaiser's Bellflower Medical Center near Los Angeles on Jan. 26. Since then, they and their mother have been the subjects of media frenzy.
Computer breaches at Bellflower were discovered about 10 days ago and reported to state authorities and to Suleman, according to the Los Angeles Times, which quotes Kaiser spokesman Jim Anderson.
The breach is the latest in a spate of unauthorized looks into celebrity medical records.
A report by the American Health Information Management Association (AHIMA) - released in April 2008 following a rash of security violations that included the medical records of actor George Clooney and singer Britney Spears - asserted that employee training is critical for keeping records safe, and a lack of training may have been the cause of the health record breaches.
Dan Icenogle, MD, medical director and health law attorney, said the biggest problem with the advent of electronic health record systems is the failure of entities to understand and implement proper controls.
"It illustrates both sides of the issue," he said. "On the one hand, it's easier to access an EHR than paper records (if access security is not in place). On the other hand, because of log-in and audit features, it's possible to know every part of the record that was accessed, and by whom."
At a Senate Judiciary Committee hearing in January on healthcare IT measures in the economic stimulus package, Committee Chairman Sen. Patrick Leahy (D-Vt.) said many Americans would not seek medical treatment if they feared their sensitive health information would be disclosed without their consent.
"Today if you have an electronic health record, you have a health privacy problem," Leahy said. "We have to make sure personal privacy is protected."
At the same time, if providers see electronic health records as a privacy risk, they won't want to use them, Leahy said.