Jim Carr from Security Magazine published an interesting article this week that exposes the long road that we still have to travel in the industry managing patient information within hospitals/organizations/enterprises. You can read the whole story here. The article doesn’t go into tremendous detail about how the employees got access to the information. However, it does illustrate the challenge Health Care providers have in balancing access to patient information to people "who need to know" while maintaining patient information privacy. This is further exacerbated by the changing roles and responsibilities in organizations and applications. Ben Worthen, from the Wall Street Journal created a blog post here that also reminds us of the fact that a number of security breaches occur from trusted employees.
"But lest you think the threat is more imagined than real, consider that
among companies that experienced a data breach in 2006, 23% said the
culprit was an insider, according to a survey by the Computing
Technology Industry Alliance. "
Additionally, towards the end of the article an argument is made to sanction Doctor’s who may have checked Britney’s information without having a direct need to see the data.