Peeking at George Clooney

So apparently George Clooney was in a motorcycle accident recently (it was news to us, too) and he and his companion were taken to a northern New Jersey hospital for treatment. Well, it seems that the state of Clooney's rib (world's sexiest rib?) is quite a juicy piece of info -- and someone leaked it to the press. The hospital investigated the leak and says it found 27 people -- doctors and nurses included -- who had accessed Clooney's file without authorization. And now those 27 people have been suspended for a month without pay.

Does the punishment fit the infraction? And would the penalty have been this severe if the file in question hadn't been someone famous? For his part, Clooney says he'd prefer that the hosptial would resolve the issue without the suspensions.

A related question: do electronic health records make this kind of unauthorized access more or less likely? Presumably any system handling this kind of info would be encrypted and have strict access controls. But as people have come to find in the digital age, electronic information seems to live forever -- and even secure systems fail (every other month there seems to be a breach in some sort of database containing sensitive info). Or, to put it a different way, should you trust Microsoft to keep your health information safe?

Earlier on blog.bioethics.net:
+ Bush: "[Electronic Health Records Must Be] Secure & Private (Except When They Aren't)
+ HIPAA Gutted Again - the Sound and Fury of Patient Privacy Laws in the U.S.

-Greg Dahlmann

posted Oct 10, 2007 | link | jump to the comments (5)

tags: electronic health records, privacy

comments

First off George Clooney’s flies should never have been an object of show-and-tell. How his file was passes around should be more of an object of security for the hospital to look into. How were these files accessed so easily? Who let twenty-seven people look at them? What can the hospital do in order to make sure that this doesn’t happen again? Then the nurses and doctors should have been penalized. First off, suspended for a month without pay? That’s a little extreme, Mr. Clooney says so himself. Second, if he wasn’t famous then this never would have happened. All of the hype of George Clooney being in the hospital probably peeked some interest. These records even though they were under lock and key in the computer were still able to be accessed by different people with differing levels of security all without much problem. This tells us that even though there was some security on the computer, that security is just not enough anymore. Either companies with electronic databases need to start updating their security regularly or they need to find another alternative. Granted, I’m sure that this type of information was being leaked when all records were kept on paper in files, its just all a matter of how secure your hospital is. I think that if used and maintained properly that files should be safer then on paper, just because of the plain and simple fact that papers can get lost and shredded, and any other numerous irreversible terrible things that can happen with irresponsible workers.

- by Sam Cox on Oct 10, 2007 at 5:33 PM | link

This article raises some interesting questions. Is it really a good idea to make digital records of medical records. A plan for medical records to be converted to digital records was actually proposed by the Bush administration, but upon review it was shown that the plan lacked sufficient protection plans. Take this along with Dahlmann's question of digital record security, and it seems that electronic records are probably not a good idea. Plus (on a political note) I am a little suspicious about Bush proposing a plan that would electronically record everyone's medical files; this could prove to be very convenient when trying to track someone or maybe invade their privacy...maybe.
But anyway to answer some of Dahlmann's questions:
i don't really think that the punishment fit the crime in concern with the 27 doctors and nurses who were suspended, but i don't really know everything about what they saw and accessed and what they did with what they accessed.
yes it seems that an electronic system would make privacy invasions more likely because like he says so many systems fail all the time.

- by michael pradella on Oct 10, 2007 at 10:46 PM | link

HIPAA began the whole electronic record push and is from 1996. It's about anything but "privacy."

The electronic medical record and digital storage of images is a good thing - but like all tools needs to be used properly.

The whole coding and reporting of medical care has grown into the usual government "leviathan" (remember Magaziner's defense to the lawsuit against him and Hillary Clinton for the way they ran the Health Care Task Force?). We still hope that the EMR will help us do better than we have in the past. Although I believe that most clinicians will disagree with the the "quality" markers used, see today's NEJM article about child health care.

However, I don't think that this incident proved anything about electronic records other than the hospital had the ability to monitor who accessed the records.

- by Beverly Nuckols on Oct 11, 2007 at 12:58 PM | link

anyone concerned about their own health privacy should go to www.patientprivacyrights.org

- by Shawn on Oct 11, 2007 at 1:43 PM | link

I don't think this raises any novel questions. As someone who lives in a relatively small town and both works in the medical field and is a patient owing to a chronic genetic disease, I can tell you that you don't need to be internationally famous to have any number of people take an interest in your medical records. Some out of concern, some out of curiosity. I'm completely blanking on the article many years ago in which someone counted up all of the hospital staff that had legitimate access to medical records and those that had easy though illegitimate access. The numbers were staggeringly high. Hospitals try to keep the records secure from outside people but those in the hospital are, generally, trusted to look at only those records they need in order to do their jobs. Whether the records are paper based or computer based, we're still going to have to rely on the workers in hospitals to treat them appropriately.

Hacking databases from outside a hospital aside (because that's about the only truly novel thing that making hospital records raises....and it could easily be solved by not putting the system that maintains those records online). The problems with the privacy and confidentiality of medical records has and will come down to the people who must maintain those records and those people who have access to them. We simply have to do a better job of teaching the concepts and making clear what the responsibilities are for people who choose to go into healthcare.

Personally, I think the people who got caught rooting around in records they didn't have any reason to view should count themselves fortunate not to have lost their jobs entirely. While it wouldn't have made headlines if it weren't someone famous, this is exactly the sort of thing that has and will make me choose a different hospital for my care.

- by Chris on Oct 11, 2007 at 8:44 PM | link

contribute a comment

Your contributions to the conversation are very much appreciated. We do have a few simple guidelines, though. Be civil. Stay on topic. We reserve the right to remove comments that violate the aforementioned guidelines. One more thing: comments are moderated, so it may take a little while for your comment to be posted. Thanks.

what is this?

A 'Nature Top 50' science blog by the editors, staff and friends of The American Journal of Bioethics. Science writes: "To follow the latest twists in ... science stories with social impact, dive into this Web log"

The original story behind this blog

What people are saying about blog.bioethics.net

recently on blog.bioethics.net

Common Ground on Abortion? Not Likely.

President Obama isn't really asking for much. Really it's quite simple: both sides of the issue, conservatives and liberals, must give up a little bit... (more)

Caplan: Think Big on Health Care

Arthur Caplan reminded us last week not to get bogged down in the details and to "think big" on health care. To read more about... (more)

Follow-up on The Wild West of Nanotechnology

Today, The Scientist has revealed more about the scandal involving nanoscientist Chiming Wei which was first written about here on bioethics.net. This scandal has brought... (more)

My Mommy Is My Daddy Is My Mommy

Stem cell research has the potential to change the standard gendered parental relationships by making it possible for women to produce sperm and eggs from... (more)

Be Careful What You Wish For

In collaboration with Nanotech-Now.com and Lifeboat Foundation, Tihamer Toth-Fejel comments as this month's guest columnist about the prospect of a much less ominous future for... (more)

this blog's feed

  • Subscribe
    • XML
    • Google Reader or Homepage
    • Add to My Yahoo!
    • Subscribe with Bloglines
    • Subscribe in NewsGator Online
    • Add to My AOL
    • Convert RSS to PDF
    • Add to Technorati Favorites!
    • Add to your phone
    • Get RSS Buttons

info

archives

tags

Blog Information Profile for bioethics