• United States



A sickening breach of privacy

Jan 13, 20113 mins
Data and Information Security

Three employees at Tucson’s University Medical Center got fired for allegedly peeking at medical records in the shooting rampage that killed six people and left Congresswoman Gabrielle Giffords fighting for life.

Here’s a snippet from The Arizona Daily Star:

Three employees at Tucson’s University Medical Center have been fired for violating patient privacy in connection with accessing confidential medical records in the high-profile shooting rampage that killed six people and left Congresswoman Gabrielle Giffords in critical condition, hospital officials said.

All the remaining injured patients from the shootings, including Giffords, are at UMC.

“The hospital has terminated three clinical support staff members this week for inappropriately accessing confidential electronic medical records, in accordance with UMC’s zero-tolerance policy onpatient privacy violations,” says a statement issued by UMC officials this morning.

A contracted nurse also was terminated by the nurse’s employer, officials say, and the families of the affected patients were notified.

We’ve seen this sort of thing before, and it’s always sickening. At the same time, it’s human.

Curiosity makes us do stupid things from time to time. If you work in a hospital and you have some famous patients, the urge to look at their confidential records must be overwhelming. It’s still wrong, though.

I can tell you I’d never do such a thing. But who knows what kind of stupidity I might engage in if curiosity were to disable my moral compass.

I’m glad I’m not in that position.

That’s where my sympathy ends.

Hospital officials were right to fire these people if they really did what they’re accused of. Curiosity will always tempt us to do dumb things, but in the end we know right from wrong and we have a choice.

The people that were fired allegedly made a bad choice.

This particular incident is getting headlines because it’s connected to a national tragedy. But it happens all the time.

At one hospital in my home state, several doctors have been fired for looking at the confidential records of celebrity patients. One doctor was fired publicly. Officials at that hospital called their policy of firing people for this sort of thing “public hangings.”

There’s plenty of identity and access management technology available to minimize these incidents.But in the end, if a reasonably smart person is burning with curiosity, they will find a way to break through the wall of privacy.

My cousin made this point once after my aunt and grandmother’s house was broken into: “If someone wants to get in badly enough, they’ll do it — even if you have an alarm system.”

That being the case, it comes down to how the organization responds to a breach of public trust.

In this case, officials at University Medical Center appear to have done the right thing.

–Bill Brenner