I was catching up on the news this morning, scanning the Huffington Post web site, when I came across a headline that troubled me: “Tiger Woods Overdose? OD Listed on Hospital Chart.”
The story quotes the celebrity gossip web site TMZ as reporting that Tiger Woods was admitted to Health Central Hospital the day after Thanksgiving as an overdose.
“Sources connected with the hospital tell TMZ the admissions chart lists "OD" and that he was having trouble breathing,” it continued.
For now let’s leave aside the question of whether it is appropriate for news publications to be serving up all this titillating gossip about famous people’s private lives. I am more concerned that this type of report continues to feed the general public’s suspicion that once their health records are electronic, many more people will have access to them, increasing the likelihood that someone will look at them for reasons other than direct patient care. Under new accounting of disclosure rules, even explaining to people why 75 hospital employees had legitimate reasons to access their chart may be difficult.
I have been interviewing CIOs about the new data breach regulations going into effect as part of the HITECH Act.
Many CIOs are nervous about whether the audit log systems they have in place are sophisticated enough to proactively sense when records are being accessed inappropriately – for instance, by staffers who have no clinical or business reason for looking at them. The question is, other than more training, what do you do about staffers who do have good reason to look at records and then go blab to tabloids about what they have seen?
Some CIOs and chief security officers may be skeptical that the new data breach rules will be enforced any more heavily than HIPAA has been. Many have seen HIPAA enforcement as a joke. But if enforcement is ramped up, it could be painfully expensive for many hospitals both in real-dollar terms and in a public relations sense. As one CIO told me, “It’s pretty hard to argue with $1.5 million in fines. That makes the cost of a risk assessment look pretty reasonable.”