It seems an inevitable consequence of modern celebrity: when you go to the hospital, hospital workers will look at your records (even though they have no medical reason to). The latest example of this involved the infamous mother of octuplets, Nadya Suleman. It resulted in the firing of 15 hospital workers at Kaiser Permanente’s hospital in Bellflower, California. All these violations have been reported by Kaiser to the California Department of Public Health.
But this isn’t really news. The hospital records of other celebrities (like Britney Spears, Farrah Fawcett and Gianni Versace) also have been improperly accessed in recent years. The real issue raised by these events is: what lesson do we take away for compliance purposes to prevent it from happening in the future? The vigilant CIO sends these examples around to his/her staff to remind them of these pitfalls. And when you learn of celebrity in your midst, you should specifically warn staff not to pursue the records of individuals for matters that do not concern them on a professional basis; you might even consider special additional security precautions. There will always be more of these types of breaches, but it doesn’t have to happen at your company if you continually remind people about their obligations to maintain confidentiality.