Breach, Threat Management, Data Security, Incident Response, Network Security, TDR

Octomom’s hospital records accessed, 15 workers fired

Updated Tuesday, March 31, 2009 at 5:27 p.m. EST

A Los Angeles-area hospital recently fired 15 workers for accessing the medical records of octuplet mother Nadia Suleman without permission, a spokesman confirmed to Tuesday.

Eight other employees face other unspecified disciplinary action for their role in the incident, which took place at Kaiser Permanente Bellflower Medical Center, said the spokesman, Jim Anderson.

Suleman gained widespread media attention after giving birth to her octuplets on Jan. 26 at the hospital.

Hospital officials told the Los Angeles Times that the breach was discovered during computer monitoring and the hospital was able to determine which employees had medical reason to access Suleman's files. Anderson did not indicate what type of hospital employees accessed the records but said there is no indication that the information was sold or accessed for any reason other than curiosity.

John Linkous, product evangelist at security and compliance management provider eIQnetworks, told in an email Tuesday the employees who accessed Suleman's files were most likely hospital personnel who had access to patient records but were not allowed to look at them at will.

Anderson said the incident was reported to the California Department of Public Health.

If this was the case, the breach would be an example of a good and bad-news scenario for the hospital in terms of information security, Linkous said. It would mean hospital policy was not followed by these employees, but that the facility did have the appropriate controls in place to ensure the breach of patient health care records could be detected.

Alternately, the hospital may have lacked proper access controls altogether, or failed to configure them properly, thus resulting in the breach, he added.

"Was it a failure of technology-based privacy controls, or was it an abuse of privilege?" Linkous said.

Last year, similar high-profile breaches occurred at UCLA Medical Center, resulting in a number of firings after it was discovered that employees were snooping on the medical records of Britney Spears, Farrah Fawcett and California First Lady Maria Shriver.

In response, California Gov. Arnold Schwarzenegger signed two bills into law last October that imposed harsher penalties on hospital workers who inappropriately access patient data.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.