All of us have the expectation that our medical records, those personal things about us and our families, are safe from prying eyes. Federal law (HIPAA) protects our privacy and mandates quite strict standards, leading to all those forms you have to sign when you go to the doctor. In these days of the electronic medical record, how safe are those records? As I type this I could, if I so chose, call up on my computer the personal details of every single patient in the hospital. What’s to keep me from doing that? Not much, it turns out, other than my own conscience.
A recent story in the Los Angeles Times, discussed in detail on Dr. Bob Wachter’s excellent blog, shows that, for many people, the temptation to snoop was too much: when Britney Spears was recently in the UCLA hospital, a total of 53 hospital staffers inappropriately looked at her record, 14 of them physicians. Perhaps the bigger scandal is how the miscreants (and all of them knew they were violating both HIPAA and UCLA policy) were treated: none of the doctors were fired, half the nonphysicians were sacked, raising the question of equal treatment for the same crime.
This is not a new problem, of course. I spent much of my career at the Mayo Clinic, an institution well-known for decades for its famous patients, and where the charts of those people were kept well protected. Of course it is relatively easy to guard a physical record, a folder of paper; the electronic medical record is a different matter. Although I am all in favor of the electronic version, this case tells us we must take great pains to secure the data. The case also suggests we don’t treat doctors and nurses the same, and as Dr. Wachter says, that’s not right.