Britney Spears and George Clooney Records Breached by Insiders

You have probably heard about the recent experience Britney Spears and George Clooney had when their personal medical records were illegally viewed by hospital personnel.

Clooney was in a motorcycle accident that put him and his girlfriend in the Palisades Medical Center in New Jersey for a day. Some of the hospital personnel went through his personal medical records without authorization and were later suspended for doing so.

Spears was admitted to UCLA Medical Center for a mental evaluation where, like Clooney, her medical records were also illegally viewed by hospital staff. Nineteen employees were either fired, suspended or disciplined.

Unrelated to celebrity medical records, but a similarly disturbing breach of privacy, employees of the U.S. State Department viewed the private passport files of Hillary Clinton, Barack Obama, and John McCain.

But, let’s stick with medical records for now.

You would think basic common sense would dictate that going through someone’s private personal medical records, unless you specifically had a need in the direct healthcare of that person, is just wrong.

The fact of the matter is that so many people and institutions have access to medical records that the U.S. government rightfully instituted the Health Insurance Portability and Accountability Act (HIPAA). This act ensures the privacy of personal medical records by making it basically illegal to view a person’s medical records without strict authorization—a need to know only policy.

The recent medical record fiascos behind the hospital stays of Spears and Clooney bring to the forefront two seemingly opposing dynamics—the public’s insatiable appetite to know every detail of every second of popular celebrities’ lives, and the right of every U.S. citizen to the privacy of their medical records provided for by HIPAA.

Privacy is an important right of American life. Though some privacy laws may slightly differ for those in the public limelight, other important aspects of privacy, like medical records, are just as important for high-profile Americans as for every-day citizens.

What is disturbing is how many of these “peeps and snoops” of celebrity medical records come from within the organizations where healthcare was given—where HIPAA compliance and privacy should be a daily given among healthcare professionals and personnel.

According to the Los Angeles Times account of Spears’ experience, the hospital seemingly did everything it could to keep not only Spears’ records private, but all patient records private in accordance with HIPAA rules. Each hospital employee signs a statement pledging to adhere to confidentiality rules when they are hired; they are trained to know and understand HIPAA guidelines; passwords or PIN numbers are required to access records to monitor who is looking at records and for how long; and when necessary disciplining employees when rules are breached.

In fact, the morning Spears was to come into the hospital, a memo (that did not specifically name Spears) was issued reminding people of their responsibilities to keep patient records and information private.

The memo by chief compliance and privacy officer Carole A. Klove said (taken from Los Angeles Times), “Each member of our workforce, which includes our physicians, faculty, employees, volunteers and students, is responsible to ensure that medical information is only accessed as required for treatment, for facilitating payment of a claim or for supporting our healthcare operations. Please remember that any unauthorized access by a workforce member will be subject to disciplinary action, which could include termination.”

Even with all of that more than 20 unauthorized people viewed Spears’ records compromising her medical privacy, breaching security systems, and blatantly disregarding hospital expectations and their own sense of right and wrong.

The bottom line is that all of the hospital and government regulations, training and discipline can’t stop individuals from looking at private medical records. They help create expectations, provide training and guidance, and action when rules are broken, but it will always come down to individuals simply respecting others private information as if it were their own.

This entry was posted on Wednesday, March 19th, 2008 at 3:25 pm and is filed under Personal Health Records. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.