DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Snooping in records has a history at UCLA

Posted on April 11, 2008 by Dissent

Charles Ornstein of the Los Angeles Times reports:

Though UCLA Medical Center has portrayed recent privacy breaches as the rare actions of rogue employees, the hospital has known since at least 1995 that staffers were peeking into the medical records of such prominent patients as Tom Cruise and Mariah Carey — and even spying on one another’s medical care, according to records and interviews.

James Duckstad, a former hospital assistant at UCLA, told The Times that he was one of a group of workers fired in 1995 after improperly looking at the computerized medical records of colleagues as well as celebrities including Cruise and Dom DeLuise.

Full story – Los Angeles Times 

Related posts:

  • Small-Scale Violations of Medical Privacy Often Cause the Most Harm
  • UCLA Health discloses network breach potentially affecting 4.5 million patients
  • UCLA Health System notifies 16,288 of stolen hard drive
  • UCLA Health notifying patients of stolen laptop containing personal health information; third breach report in as many months?
Category: Health Data

Post navigation

← B.C. introduces law governing access, privacy of electronic health records
Navigenics #6 – “Privacy, Insurance, GINA and Ethics” →

5 thoughts on “Snooping in records has a history at UCLA”

  1. Anonymous says:
    April 11, 2008 at 9:01 am

    In my experience, hospitals often look the other way and don’t do anything to stop or even to minimize this. Personally, I asked IS departments at four hospitals to investigate the suspected or actual abuse of medical records access by employees. One hospital had no ability to monitor employee access to records at all. A second did, and after access logs demonstrated employee access of his own, his familiy and his colleagues’ medical records, HR refused to take action, leaving me as his director, with no alternatives except to verbally counsel him and to perform my own extra-diligence in monitoring his access. The other two had the ability to conduct log reviews, but neither did so on a regular basis, nor did they monitor every employee’s access for appropriateness. Only when a manager reported a specific quetionable situation did the IS department take any action at all.

    Again, in my experience, nurses especially were frequently interrupted while logged in, and the norm was to leave the terminal without taking time to log off. Nurses are constantly hounded, interrupted and punished – they are expected to be acting as fast as possible at all times. The culture of the work environment punishes them for taking time to perform all steps of any process – they seek, and they use any time saving mechanism possible, regardless of endangering access to medical records.

  2. Anonymous says:
    April 11, 2008 at 9:14 am

    I’m not surprised by what you report, but yes, it is disheartening and troubling. Thank you for sharing your experiences. My hospital-based work was pre-HIPAA, but even recent non-employment experiences with hospitals show me how loose things are in some respects.

    Then there are the little everyday things — like walking into a room at a doctor’s offices where blood is drawn for lab work, only to see numerous patient charts neatly lined up with the patients’ lab results neatly clipped to the front of the folders and easily readable by any patient walking into the room to get their own blood drawn. Staff didn’t even seem to notice or care that anyone could read what they seemed to routinely leave out for their convenience.

    Does HHS have a whistleblower’s hotline? And if so, would they even really do anything effective other than a slap on the wrist or “promise us that you won’t do this again?”

  3. Anonymous says:
    April 11, 2008 at 4:21 pm

    I’m not aware of any hotline (although HIPAA and JCAHO have them). At the level I worked at, my knowledge and detail would have been enough to specifically identify me as the reporter, and that’s where many entry and mid-level managers and directors find themselves stuck. There is no collective representation, they work at will (at whim), and they enjoy no whistle-blower protections. Senior administrators insulate themselves by requiring that information reported to them is heavily filtered and edited so that they have plausible deniability.

  4. Anonymous says:
    April 11, 2008 at 5:01 pm

    So what’s the solution? Whistle-blower protection may not be really effective. Do we need to have federal law make all employees mandated reporters, so that the employee can claim that they had no choice but to report the violation?

  5. Anonymous says:
    April 11, 2008 at 6:56 pm

    Good question, and I wish I knew the answer. Contact me via email if you are so inclined, and I’ll share more detail, including the specific situation which resulted in my retaliatory firing – it involved access of some medical records and state reporting.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.