Five workers and a student research assistant at Cedars-Sinai Medical Center have been fired over privacy breaches involving patient medical records.
Cedars-Sinai officials said in a statement that 14 patient records were “inappropriately accessed” between June 18 and June 24. Six people were fired over the breach: four were employees of community physicians who have medical staff privileges at the hospital, one was a medical assistant employed by Cedars-Sinai, and one was an unpaid student research assistant.
Reality television star Kim Kardashian gave birth to her daughter with rapper Kanye West at the hospital on June 15. A hospital spokeswoman declined to identify the patients whose records were accessed but said that all patients involved had been notified of the breach.
Representatives of Kardashian and West did not respond to requests for comment Friday.
Five of the workers accessed a single patient record; the other one looked at 14. The people involved will be permanently denied access to Cedars-Sinai records even if they go on to work for other health providers, the hospital said.
Community physicians have access to the hospital’s electronic record system but are supposed to log in only for purposes related to the care of their own patients. Cedars-Sinai officials said three community physicians — Dr. Sam Bakshian, Dr. Abraham Ishaaya, and Dr. Shamim Shakibai — had given their user names and passwords to employees in violation of hospital policy, and the employees used the log-ins to access confidential patient records. In the other case, a doctor’s employee had been granted a separate user ID and password at the physician’s request, to assist in billing.
David Blake, Cedars-Sinai’s chief privacy officer, said in a statement that the hospital has “a high standard for security” and that “unauthorized access to any patient’s record is, quite simply, unacceptable.”
The federal Health Insurance Portability and Accountability Act sets limits on what health information can be disclosed without a patient’s permission. Violations can lead to fines of up to $50,000 per violation and, in some cases, to criminal charges.
Hospital officials said there was no indication in this case that the fired workers had committed any crimes, but that they planned to notify law enforcement “out of an abundance of caution.”
Breaches of patient records — particularly celebrity records — have been a recurring problem for Los Angeles hospitals. UCLA Health System found itself at the center of a scandal in 2008 involving workers who snooped into the medical records of Britney Spears, Farah Fawcett and Maria Shriver, among others. One former employee was convicted of selling celebrity medical information to the National Enquirer. UCLA agreed to pay $865,500 as part of a settlement with federal regulators.
Employees at Kaiser Permanente’s Bellflower hospital pried into the records of “Octomom” Nadya Suleman, leading state regulators to levy a $250,000 fine.
At Cedars-Sinai, a former employee was convicted in 2009 of stealing patient information to defraud insurance firms.
As a result of the incident, the hospital said it is providing more privacy training to physicians and adding extra “safeguards and redundancies” to the computer system’s security.