Carlos Mayorga reports in the Daily Utah Chronicle, the U. of Utah student newspaper:
Officials in several U health science facilities are working to toughen enforcement of privacy policies and procedures after an audit in October 2007 revealed several key vulnerabilities in employees’ ability to protect patient information.
For two months in late 2007, four auditors in the U Internal Audit Department monitored strengths and weaknesses in protecting private patient information at different locations in the University Hospital, the Huntsman Cancer Hospital, the Huntsman Cancer Institute, the Moran Eye Center and the Orthopaedic Center.
[…]
On a visit to the School of Medicine, three auditors were able to enter without visible ID badges. They found that offices and cabinets were not locked and that they were able to take the files with patient information out and read them. One auditor was able to access a computer in an unlocked office. After 10 hours of attempts to access patient information, a staff member only questioned an auditor once.
Auditors were also able to access and read patient records at the main hospital and the Huntsman Cancer Hospital with no questions asked.
Full story – Daily Utah Chronicle