UPDATE on Johns Hopkins case added below.
In the last few weeks, there have been numerous stories about insiders accused of abusing their access to government or corporate databases. A police chief in Iowa has been suspended while there’s an investigation into whether he misused his access to driver’s license and criminal history data. The Associated Press reported that a T-Mobile employee is accused of violating the privacy of millions of T-Mobile UK by selling their data to rival companies. In Australia, a former police officer “pleaded guilty to repeatedly using [a police] computer between 2006 and 2008 to get the details of women he had seen in public.” Also, it was revealed that President Obama’s nominee to head the Transportation Security Administration had been censured for misusing government database information for personal reasons.
Now, the Las Vegas Sun reports, “Private information about accident victims treated at University Medical Center has apparently been leaking for months, the Sun has learned, allegedly so ambulance-chasing attorneys could mine for clients.”
Sources say someone at UMC is selling a compilation of the hospital’s daily registration forms for accident patients. This is confidential information — including names, birth dates, Social Security numbers and injuries — that could also be used for identity theft.
Hospital officials knew of rumors of the leaks since the summer, but doubted them until provided evidence Thursday by the Sun. Now they’re scrambling to catch up to a crisis that may affect hundreds, if not thousands, of patients.
Selling — or even giving away — such information would violate federal patient-privacy laws and could result in fines and prison time. […]
UMC is the area’s only level one trauma center, so it draws the majority of Clark County’s seriously injured traffic accident victims. Learning the names of and personal information about these patients would be a boon for personal injury attorneys on the prowl for clients who could win payouts from insurance companies. […]
It is not known how many patient records have been printed from hospital computers and distributed to outsiders. But the source told the Sun it’s believed to have been going on for months.
Other information contained in the documents includes each patient’s address, employer, insurance information and details of the accident and injuries. […]
The source who provided the face sheets to the Sun is several degrees removed from the leak at UMC and did not know exactly where the documents came from. Many people knew about the leak and had tried to tell the hospital’s administrators, the source said, but no one had taken any action.
There have been previous reports of hospital workers violating the privacy of individuals, but mainly they’ve concerned celebrities’ private information. One case might be similar: In May, Johns Hopkins Hospital in Baltimore warned “more than 10,000 patients about a data theft after linking a woman working in the hospital’s patient registration area to fraud.” UPDATE: The Associated Press reports that Michelle Courtney Johnson, “who worked as a patient services coordinator for Johns Hopkins Medicine has been sentenced to 18 months in prison for stealing patient information.” Johns Hopkins learned that, “from August 2005 to April 2007, Johnson provided a conspirator with names, Social Security numbers and other identifying information of more than 100 current and former patients of Johns Hopkins. That information was used to apply for credit.”
In May, the California Department of Public Health issued a fine for breaches of octuplet mother Nadya Suleman’s medical privacy, the first such fine for a hospital under a patient privacy law passed last year. Last year, a former administrator at UCLA Medical Center charged with allegedly selling celebrity patients’ medical data to the media pleaded guilty. In October 2007, a New Jersey hospital suspended 27 employees for a month without pay for unauthorized accessing of the medical files of George Clooney and his girlfriend, who were being treated after a motorcycle accident. The hospital investigated after medical details were leaked to the media.There have been reports of medical identity theft, as well.