The news that dozens of hospital staffers accessed A-lister George Clooney's medical records has the blogosphere, and some patients' rights groups, buzzing. If Clooney's records could be made public, couldn't anyone's?
The story, in brief: On Sept. 21 Clooney and his girlfriend Sarah Larson took a spill from Clooney's motorcycle and had minor injuries. They were treated and released at the Palisades Medical Center in New Jersey.
The mecial records of the incident were leaked to the media and spread quickly around the Internet. It was later discovered that 40 employees of the hospital had accessed records of the couple's treatment. Twenty-seven employees have been suspended while an investigation continues. It's not yet clear who (if anyone at the hospital) leaked the records.
Several points here:
1. Anyone who accessed those records without a legitimate care-related purpose broke provisions of a law, called HIPAA, designed to ensure proper security of medical information. In other words, anyone who looked at Clooney's records without a professional purpose broke the law, even if they did not leak the information to the press.
2. By responding to the incident in such a punitive, high-profile way, the hospital is sending the right signal: Employee misuse of medical records is crime and the hospital takes it seriously. (Whether suspending 27 workers without pay before an investigation is complete is a matter for the lawyers to sort out.)
3. The incident exposes how human misjudgment can result in serious breach of the law and patient privacy. The chain of security is no stronger than its weakest link. And therefore. . .
4. . . .this incident says nothing about the security of online medical records. Staff illegally accessed (and apparently distributed) internally secure records. While online medical record security is the issue du jour, the Clooney Incident isn't about that.
Last week, Microsoft rolled out its new HealthVault program--which provides what the company says is technologically secure environment for consumers to store (and control) their own medical records.
Rep. Patrick Kennedy (D-R.I.) speaking at a HealthVaulot rollout lunch panel, recounted how years ago his medical records were sold to the media for $10,000. (The price was too low, he joked.) But the incident made clear to him the necessity of creating legal and technology structure to ensure patient record privacy.
Microsoft's high-profile product introduction--to be followed soon by a Google health record system, the industry buzz says--has raised vital questions about how patient records can remain private in a digital environment. Everybody at the HealthVault rollout seemed to agree that patient control of their medical records is a right, not a privilege.
The question of how records are handled--by whom and under what circumstances, and who gets punished how much for violations--is only going to get more exposure. All good.
- Font size
- Email This
- Bookmark
- Thank you for your input
- Save
- RSS
- Report Abuse
