When Do Privacy Violations Become News?

You may have seen the breathless news reports about Kaiser Permanente’s disciplining of twenty-three employees for unauthorized access to Nadya Suleman’s electronic records. These violations of policy and ethics are being described as “security breaches” that threaten the public’s confidence in, and support for, the effort to modernize medical record keeping.

Please.

I’ll let you in on a dirty little secret that will come as no surprise to those of us who have worked in the medical field. Health care workers have always dabbled in medical record snooping.

Had Ms. Suleman given birth to eight babies in 1989, the odds are that her paper chart would have made the rounds of every medical record clerk, much of the nursing staff, and at least half of the physicians at her hospital. The difference is that no one would have been fired, suspended, or made to stand in the corner.

The truth is that what the Kaiser employees did was wrong, and they got caught because Kaiser has a robust electronic system in place that allowed them to identify the miscreants. Could they have cranked up the access controls even higher and saved these people from their own destructive curiosity? Perhaps; but if doing so makes it more difficult to get to critical information when it’s needed to render care, who would they be helping?

My point is that violation of an organization’s privacy policies by its employees is serious, but it’s not a security breach- and it shouldn’t be news. (Though I must say it did give me a valuable object lesson to share with our employees. Call it a teachable moment.)

Our patients need to trust us or they won’t come to us for care. We have to let them know that everyone in our organization is committed to protecting their privacy, and that we have modern, technological methods for ensuring that anyone who violates that trust suffers the consequences.

Our healthcare information technology is what makes that possible.

So, Senator Leahy, the health privacy problem predates the electronic health record. The EMR is, in fact, part of the solution.

I Advance Senior Care

I Advance Senior Care is the industry-leading source for practical, in-depth, business-building, and resident care information for owners, executives, administrators, and directors of nursing at assisted living communities, skilled nursing facilities, post-acute facilities, and continuing care retirement communities. The I Advance Senior Care editorial team and industry experts provide market analysis, strategic direction, policy commentary, clinical best-practices, business management, and technology breakthroughs.

I Advance Senior Care is part of the Institute for the Advancement of Senior Care and published by Plain-English Health Care.