DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Snooping in records has a history at UCLA

Posted on April 11, 2008 by Dissent

Charles Ornstein of the Los Angeles Times reports:

Though UCLA Medical Center has portrayed recent privacy breaches as the rare actions of rogue employees, the hospital has known since at least 1995 that staffers were peeking into the medical records of such prominent patients as Tom Cruise and Mariah Carey — and even spying on one another’s medical care, according to records and interviews.

James Duckstad, a former hospital assistant at UCLA, told The Times that he was one of a group of workers fired in 1995 after improperly looking at the computerized medical records of colleagues as well as celebrities including Cruise and Dom DeLuise.

Full story – Los Angeles Times 

Category: Health Data

Post navigation

← B.C. introduces law governing access, privacy of electronic health records
Navigenics #6 – “Privacy, Insurance, GINA and Ethics” →

5 thoughts on “Snooping in records has a history at UCLA”

  1. Anonymous says:
    April 11, 2008 at 9:01 am

    In my experience, hospitals often look the other way and don’t do anything to stop or even to minimize this. Personally, I asked IS departments at four hospitals to investigate the suspected or actual abuse of medical records access by employees. One hospital had no ability to monitor employee access to records at all. A second did, and after access logs demonstrated employee access of his own, his familiy and his colleagues’ medical records, HR refused to take action, leaving me as his director, with no alternatives except to verbally counsel him and to perform my own extra-diligence in monitoring his access. The other two had the ability to conduct log reviews, but neither did so on a regular basis, nor did they monitor every employee’s access for appropriateness. Only when a manager reported a specific quetionable situation did the IS department take any action at all.

    Again, in my experience, nurses especially were frequently interrupted while logged in, and the norm was to leave the terminal without taking time to log off. Nurses are constantly hounded, interrupted and punished – they are expected to be acting as fast as possible at all times. The culture of the work environment punishes them for taking time to perform all steps of any process – they seek, and they use any time saving mechanism possible, regardless of endangering access to medical records.

  2. Anonymous says:
    April 11, 2008 at 9:14 am

    I’m not surprised by what you report, but yes, it is disheartening and troubling. Thank you for sharing your experiences. My hospital-based work was pre-HIPAA, but even recent non-employment experiences with hospitals show me how loose things are in some respects.

    Then there are the little everyday things — like walking into a room at a doctor’s offices where blood is drawn for lab work, only to see numerous patient charts neatly lined up with the patients’ lab results neatly clipped to the front of the folders and easily readable by any patient walking into the room to get their own blood drawn. Staff didn’t even seem to notice or care that anyone could read what they seemed to routinely leave out for their convenience.

    Does HHS have a whistleblower’s hotline? And if so, would they even really do anything effective other than a slap on the wrist or “promise us that you won’t do this again?”

  3. Anonymous says:
    April 11, 2008 at 4:21 pm

    I’m not aware of any hotline (although HIPAA and JCAHO have them). At the level I worked at, my knowledge and detail would have been enough to specifically identify me as the reporter, and that’s where many entry and mid-level managers and directors find themselves stuck. There is no collective representation, they work at will (at whim), and they enjoy no whistle-blower protections. Senior administrators insulate themselves by requiring that information reported to them is heavily filtered and edited so that they have plausible deniability.

  4. Anonymous says:
    April 11, 2008 at 5:01 pm

    So what’s the solution? Whistle-blower protection may not be really effective. Do we need to have federal law make all employees mandated reporters, so that the employee can claim that they had no choice but to report the violation?

  5. Anonymous says:
    April 11, 2008 at 6:56 pm

    Good question, and I wish I knew the answer. Contact me via email if you are so inclined, and I’ll share more detail, including the specific situation which resulted in my retaliatory firing – it involved access of some medical records and state reporting.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.