DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Iowa hospitals crack down on employee snooping

Posted on August 24, 2010 by Dissent

Clark Kauffman of the Des Moines Register has a round-up of area hospitals that have fired employees for snooping in patient files:

In each of the cases, the workers had unfettered access to portions of patients’ medical records. Some allegedly used that access to snoop through the patient files out of purely personal interest, while others are accused of improperly sharing patient information with others.

  • Mahaska County Hospital fired a patient-orders coordinator for snooping. One of the patients whose data were improperly accessed was a volunteer at the hospital; the other was the ex-wife of the coordinator’s current boyfriend. Another patient-orders coordinator at the hospital was also fired for snooping; some of the patients whose records she improperly accessed were the mother of her adopted child, her ex-husband, her husband, and other relatives. The hospital did not seem to have uncovered the privacy breaches on their own and only seem to have found them when others filed complaints.
  • Keokuk Area Hospital fired an employee after she allegedly used Facebook to exchange public messages about a patient with another health care professional.
  • Mercy Hospital Medical Center of Des Moines fired an employee for snooping into patient files they had reportedly been cautioned not to access — files that related to the birth of a child at the hospital.
  • University of Iowa Hospitals fired a clerk in the phlebotomy clinic in a “loose lips” incident. According to the newspaper report, she allegedly told a co-worker, in the presence of several other hospital employees, about a patient who played on one of the university’s sports teams, revealing both his name and medical condition for which he was having blood drawn.

According to Kauffman:

In each of the cases, the workers had unfettered access to portions of patients’ medical records.

Security and access controls — as well as audits of access logs — are an essential part of good security and privacy controls. Although the hospitals may have done the right thing in terminating employees who violate patient privacy, and keeping in mind that in at least some cases, they did not discover breaches on their own, it would be nice to know what changes they have since made to prevent unfettered access.

Thanks to the reader who sent in this link.

Related posts:

  • Small-Scale Violations of Medical Privacy Often Cause the Most Harm
Category: Health Data

Post navigation

← UK: Royal Wolverhampton breached Data Protection Act – ICO
FAQ on the New Indiana "Abandoned Health Records" Act →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.