DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CIO Fired After Others May Have Accessed Her EHR

Posted on October 14, 2010 by Dissent

Gerry Higgins writes:

A prominent CIO of a regional hospital system encountered the limitations of HIPAA and so-called “Protected Health Information (PHI)” when her boss fired her after a short medical leave of absence. After years working without taking vacation, a family catastrophe that affected her health prompted her to take a medical leave of absence.  She had a physician’s letter to justify the leave, which was sent to the Occupational Health section of the hospital system, and they guaranteed the information would be kept confidential. Upon her return, she was called into her supervisor’s office and was promptly terminated, even after years of excellent performance reviews.

Two co-workers in the Department of Clinical Informatics, which she had managed, told her that they were ordered by other executives in the hospital system for a copy of her Electronic Health Record – a flagrant abuse of PHI. There they found she had a history of depression, but she had managed the problem with Cognitive Behavioral Therapy, extensive psychotherapy and medication. Another employee in Human Resources, who recently left the department, told her that is was routine policy to share Physician’s letters supporting medical leave with the employee’s supervisor.

Read more on HealthSystemCIO.com.

That an employee’s supervisor may have access to any PHI or a doctor’s report has always been a workplace privacy issue across all settings, as I’ve blogged about on PogoWasRight.org at times.

I wonder whether the Chief Privacy Officer for the hospital was aware of this “routine policy” and had any input into it and why Human Resources does not make clear to employees requesting a medical leave that any doctors’ reports will be shared with their employer.

While I agree with some of the “lessons to be learned” that Gerry describes, there’s another lesson here for employers:   be transparent.

No related posts.

Category: Health Data

Post navigation

← HIPAA, Twitter, and the Siren's Call
VA monthly report for September reveals possible access control issue →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.