Kaiser Permanente Fires 15 Over Medical Record Snooping


The healthcare company Kaiser Permanente fired 15 employees and disciplined 8 more for snooping into the files of Nadya Suleman, the woman who recently gave birth to eight babies, according to a story in the LA Times this morning. The breaches into Suleman's electronic health records at Kaiser Permanente Bellflower Medical Center were discovered 10 days ago as a result of (probably increased) computer security monitoring of Suleman's records.

[Update: I had mistakenly listed the wrong hospital earlier - my apologies]

Kaiser Permanente, which has one of the largest electronic health record systems in the US, anticipated increased press and medical staff interest in Suleman's medical records and had instituted refresher courses for its staff in patient privacy laws. It should have also reminded its employees that accessing a person's electronic health record can be tracked - so you better have a valid reason for doing so.

I guess no amount of remedial training can overcome both curiosity and stupidity, as I noted here as well.

While Kaiser says that no one seems to have sought commercial advantage in looking at the records as in this case, I will be curious whether anyone who snooped will be prosecuted just the same.

If the US ever hopes for its citizens to have trust in the privacy of their electronic health records, aggressive prosecution for snooping is going to be required. Right now, it remains a joke.

Update 2: Kaiser in its press release says two employees were fired, and 13 resigned in lieu of termination.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City