Clooney Proves Private Health Records Not So Private
Despite a federal law, employees can and do look at your health records.
Oct. 11, 2007— -- Some 27 workers at a New Jersey hospital were suspended Wednesday after reportedly taking a peek at George Clooney's confidential medical records while the actor was being treated there following a motorcycle accident.
None of the employees, each suspended for four weeks, were doctors treating Clooney, administrators said, raising a host of questions about who can view private medical information and what measures are in place to protect patients' privacy.
Clooney was taken to Palisades Medical Center in North Bergen, N.J. Sept. 21 after he and passenger Sarah Larson were injured when the motorcycle he was driving collided with a car. Clooney broke a rib and Larson broke her foot.
Hospital administrators said the confidentiality breach was discovered after a routine audit.
"We conduct audits on a regular basis to make sure our systems are protecting individuals' rights," Eurice Rojas, the hospital's vice president of external affairs, told The Associated Press. "We conducted an audit immediately with respect to this situation and that resulted in [the investigation]."
Since 1996, when confidential medical information started getting stored on computer systems, insurance companies and hospitals have been required by federal law to maintain the privacy of health records.
"Privacy rules and the need for privacy exist to encourage individuals to seek medical care and be open and honest about their symptoms and concerns. Only through that open exchange can people get proper care," said Susan McAndrews, deputy director of health-information privacy at the Department of Health and Human Service's Office of Civil Rights.
Under the Health Insurance Portability and Accountability Act, or HIPAA, the department is charged with ensuring that insurance companies and health care providers don't violate the law by allowing unauthorized employees to gain access to patient records.
McAndrews said an employee's ability to get access to information about an individual patient depends largely on how closely the employee is involved in that person's treatment.