Tiger Woods Data Breach?

Dec. 2, 2011
I was catching up on the news this morning, scanning the Huffington Post web site, when I came across a headline that troubled me: “Tiger Woods Overdose? OD Listed on Hospital Chart.”

I was catching up on the news this morning, scanning the Huffington Post web site, when I came across a headline that troubled me: “Tiger Woods Overdose? OD Listed on Hospital Chart.”

The story quotes the celebrity gossip web site TMZ as reporting that Tiger Woods was admitted to Health Central Hospital the day after Thanksgiving as an overdose.

“Sources connected with the hospital tell TMZ the admissions chart lists "OD" and that he was having trouble breathing,” it continued.

For now let’s leave aside the question of whether it is appropriate for news publications to be serving up all this titillating gossip about famous people’s private lives. I am more concerned that this type of report continues to feed the general public’s suspicion that once their health records are electronic, many more people will have access to them, increasing the likelihood that someone will look at them for reasons other than direct patient care. Under new accounting of disclosure rules, even explaining to people why 75 hospital employees had legitimate reasons to access their chart may be difficult.

I have been interviewing CIOs about the new data breach regulations going into effect as part of the HITECH Act.

Many CIOs are nervous about whether the audit log systems they have in place are sophisticated enough to proactively sense when records are being accessed inappropriately – for instance, by staffers who have no clinical or business reason for looking at them. The question is, other than more training, what do you do about staffers who do have good reason to look at records and then go blab to tabloids about what they have seen?

Some CIOs and chief security officers may be skeptical that the new data breach rules will be enforced any more heavily than HIPAA has been. Many have seen HIPAA enforcement as a joke. But if enforcement is ramped up, it could be painfully expensive for many hospitals both in real-dollar terms and in a public relations sense. As one CIO told me, “It’s pretty hard to argue with $1.5 million in fines. That makes the cost of a risk assessment look pretty reasonable.”

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?