Hospital employees in Iowa punished for patient data breach
The University of Iowa (UI) Hospitals and Clinics has disciplined eight employees for inappropriately accessing patient health records.

The employees, including the one who was fired and the others who received unpaid suspensions, were not identified, due to the fact that the investigation is ongoing, hospital spokesman Tom Moore told the Iowa City Press.

If more violations are discovered, there will be further punishments, Moore said.

“UI Hospitals and Clinics is fully committed to assuring the highest possible degree of patient confidentiality and data security,” according to UI Hospitals CEO Ken Kates. “This breach of confidentiality is totally unacceptable and very disappointing.”

Hospital officials said that privacy laws prevent them from discussing how many patient records were accessed, how they were accessed or information about the employees, the Iowa City Press reported.

Moore said that the patient or patients were notified. He noted that such incidents at UI are rare, but usually involve acquaintances or celebrities when they do occur.

The breaches were discovered during a routine review of computer access conducted to ensure compliance with patient privacy.

UI also said that there would be increased training, adding that all staff and volunteers are required to sign a statement attesting to their understanding of privacy regulations as part of annual training.