DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Snooping in records has a history at UCLA

Posted on April 11, 2008 by Dissent

Charles Ornstein of the Los Angeles Times reports:

Though UCLA Medical Center has portrayed recent privacy breaches as the rare actions of rogue employees, the hospital has known since at least 1995 that staffers were peeking into the medical records of such prominent patients as Tom Cruise and Mariah Carey — and even spying on one another’s medical care, according to records and interviews.

James Duckstad, a former hospital assistant at UCLA, told The Times that he was one of a group of workers fired in 1995 after improperly looking at the computerized medical records of colleagues as well as celebrities including Cruise and Dom DeLuise.

Full story – Los Angeles Times 

Related posts:

  • Small-Scale Violations of Medical Privacy Often Cause the Most Harm
  • UCLA Health discloses network breach potentially affecting 4.5 million patients
  • UCLA Health System notifies 16,288 of stolen hard drive
  • UCLA Health notifying patients of stolen laptop containing personal health information; third breach report in as many months?
Category: Health Data

Post navigation

← B.C. introduces law governing access, privacy of electronic health records
Navigenics #6 – “Privacy, Insurance, GINA and Ethics” →

5 thoughts on “Snooping in records has a history at UCLA”

  1. Anonymous says:
    April 11, 2008 at 9:01 am

    In my experience, hospitals often look the other way and don’t do anything to stop or even to minimize this. Personally, I asked IS departments at four hospitals to investigate the suspected or actual abuse of medical records access by employees. One hospital had no ability to monitor employee access to records at all. A second did, and after access logs demonstrated employee access of his own, his familiy and his colleagues’ medical records, HR refused to take action, leaving me as his director, with no alternatives except to verbally counsel him and to perform my own extra-diligence in monitoring his access. The other two had the ability to conduct log reviews, but neither did so on a regular basis, nor did they monitor every employee’s access for appropriateness. Only when a manager reported a specific quetionable situation did the IS department take any action at all.

    Again, in my experience, nurses especially were frequently interrupted while logged in, and the norm was to leave the terminal without taking time to log off. Nurses are constantly hounded, interrupted and punished – they are expected to be acting as fast as possible at all times. The culture of the work environment punishes them for taking time to perform all steps of any process – they seek, and they use any time saving mechanism possible, regardless of endangering access to medical records.

  2. Anonymous says:
    April 11, 2008 at 9:14 am

    I’m not surprised by what you report, but yes, it is disheartening and troubling. Thank you for sharing your experiences. My hospital-based work was pre-HIPAA, but even recent non-employment experiences with hospitals show me how loose things are in some respects.

    Then there are the little everyday things — like walking into a room at a doctor’s offices where blood is drawn for lab work, only to see numerous patient charts neatly lined up with the patients’ lab results neatly clipped to the front of the folders and easily readable by any patient walking into the room to get their own blood drawn. Staff didn’t even seem to notice or care that anyone could read what they seemed to routinely leave out for their convenience.

    Does HHS have a whistleblower’s hotline? And if so, would they even really do anything effective other than a slap on the wrist or “promise us that you won’t do this again?”

  3. Anonymous says:
    April 11, 2008 at 4:21 pm

    I’m not aware of any hotline (although HIPAA and JCAHO have them). At the level I worked at, my knowledge and detail would have been enough to specifically identify me as the reporter, and that’s where many entry and mid-level managers and directors find themselves stuck. There is no collective representation, they work at will (at whim), and they enjoy no whistle-blower protections. Senior administrators insulate themselves by requiring that information reported to them is heavily filtered and edited so that they have plausible deniability.

  4. Anonymous says:
    April 11, 2008 at 5:01 pm

    So what’s the solution? Whistle-blower protection may not be really effective. Do we need to have federal law make all employees mandated reporters, so that the employee can claim that they had no choice but to report the violation?

  5. Anonymous says:
    April 11, 2008 at 6:56 pm

    Good question, and I wish I knew the answer. Contact me via email if you are so inclined, and I’ll share more detail, including the specific situation which resulted in my retaliatory firing – it involved access of some medical records and state reporting.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ShinyHunters and team members arrested in France (1)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.