Facebook
Fark
Digg
Reddit
StumblePatients at risk of identity theft may wait 60 days to find out
Legislative Committee on Health Care members, from left, Ellen Spiegel, Joe Hardy, Valerie Wiener and Marsheilah Lyons listen Wednesday as Kathy Silver delivers a report about recent lapses in patient confidentiality at UMC.
Thursday, Dec. 10, 2009 | 2 a.m.
Kathy Silver
Sun Coverage
Sun Archives
- At UMC, audits show privacy lapses are not new(11-24-2009)
- FBI looking at UMC records leak(11-21-2009)
- Hospital privacy leak could harm patients(11-20-2009)
Kathy Silver, CEO of University Medical Center, learned three weeks ago that names, birth dates and Social Security numbers for at least 21 patients were leaked from the hospital — a crime being investigated by the FBI.
But the hospital still has not disclosed the breach to the patients, Silver told a committee of legislators Wednesday. She spoke as if this was not a problem. The law allows 60 days from the time UMC learns of a security breach to inform patients, she said.
One victim says that is too long to wait to tell patients they may be at risk of identity theft.
The hospital should have disclosed the breach immediately, said a 40-year-old UMC patient whose personal information — the kind that can be used for identity theft — was leaked. The man, who went to the public hospital Nov. 1 after a motorcycle accident, learned his privacy had been breached only when a Las Vegas Sun reporter told him Wednesday afternoon.
The man was stunned and angry to learn from someone other than hospital officials that his data had been leaked. Hospital officials should have notified him “way sooner,” he said. “I would’ve given them two or three days after they initially found out. But this is a major thing — a priority thing!”
Silver was called before the state’s Legislative Committee on Health Care as a result of Sun stories that exposed an allegedly systemic leak of patient information at the hospital.
Silver assured the committee that the hospital is committed to uncovering the leak, and when the employee or employees are identified, “termination will be the least of their problems. It’s a serious situation.”
The FBI has launched an investigation into violations of the federal Health Insurance Portability and Accountability Act, better known as HIPAA — which includes penalties of up to $250,000 in fines and 10 years in jail.
The Sun reported the leak — the latest scandal to hit the beleaguered hospital — after the newspaper obtained 21 UMC patient “face sheets” — cover sheets that include overviews of each case — from a source who was concerned about the leak. The sheets were from Oct. 31 and Nov. 1 and were for people involved in traffic accidents.
The Sun’s source said he was several degrees removed from the leak and did not know how the records were being released from the hospital, but that they were allegedly being sold for months, or even years, to ambulance-chasing attorneys so they could mine for clients.
The legislative committee meets throughout the year to prepare for the next session. Silver spent about 20 minutes assuring legislators that she is taking the privacy breach seriously. But her responses may reveal a similar lack of rigor in addressing the problems that led to the breach in the first place.
UMC knew Nov. 19 that patients from two days had their information leaked, Silver told the panel. That puts 71 patients at risk, Silver said, but the number doubles when including family members or guarantors with information on the sheets.
When the hospital gets around to notifying the victims, they will learn that UMC will provide a year of credit monitoring.
Ashley Katz, executive director of the Texas-based advocacy group Patient Privacy Rights, said three weeks is a long time for patients to learn of the risk, although it’s within UMC’s legal limits for disclosure. The breach is going to hurt the community’s trust in the hospital, Katz said, and a delay in disclosing the problem to patients could compound it.
“That will affect its fundraising, who chooses to seek services there and its reputation,” Katz said.
By many accounts, information has been leaked for a long time. The source who told the Sun about the leak said it’s thought to have been taking place for months, or even years.
A UMC nurse told the Sun she was wined and dined years ago by attorneys who offered payment for private patient information. She said she refused. A paramedic also told the Sun that he’s been approached more than once outside of UMC by people offering cash for patient information. He said he also refused.
Silver told legislators it’s not known whether the leak was an isolated incident, a systemic problem or some kind of attempt to embarrass the hospital. She said she would wait for the FBI investigation to determine whether any other patients should be notified about the privacy breach. That could take months or years.
Silver did not tell legislators — and they did not ask — that she and a Clark County commissioner had heard rumors of the investigation before the Sun began its inquiry. Silver told the Sun she heard vague rumors about privacy information being leaked during the summer, but after a cursory inquiry she dropped the matter.
County Commissioner Lawrence Weekly, chairman of the hospital’s board of trustees, had been told about the security breach about 10 days before the Sun contacted him. But he said he didn’t do anything about it because he wasn’t sure leaking patient information was illegal.
Silver and Hope Hammond, Clark County’s chief privacy officer, assured the elected officials they are doing what they can to ensure there will be no more violations. Personal identification numbers will be used to track the use of hospital copy machines. Face sheets will also be modified to hide Social Security numbers and additional door locks and electronic controls will be added at the hospital.
The lawmakers were understated during Silver’s presentation. Sen. Valerie Wiener, D-Las Vegas, chairwoman of the committee, said her concern was that although it is important to train UMC’s staff to comply with patient privacy laws, the hospital also must be cognizant that some may intentionally breach the laws.
Discussion: comments so far…
Comments are moderated by Las Vegas Sun editors. Our goal is not to limit the discussion, but rather to elevate it. Comments should be relevant and contain no abusive language. Comments that are off-topic, vulgar, profane or include personal attacks will be removed. Full comments policy. Additionally, we now display comments from trusted commenters by default. Those wishing to become a trusted commenter need to verify their identity or sign in with Facebook Connect to tie their Facebook account to their Las Vegas Sun account. For more on this change, read our story about how it works and why we did it.
Only trusted comments are displayed on this page. Untrusted comments have expired from this story.
No trusted comments have been posted.
Post a comment
Most Popular
- Viewed
- Discussed
- E-mailed
- Coolican: Henderson officials out of loop on police brutality case, raising red flags
- See mug shots of 16 arrested in stolen-property police sting
- Lumberjacks — ‘Where the Big Boys Eat’ — hiring for North Las Vegas location
- Berkley draws stark contrasts with Heller over immigration
- Howard Miller, prominent lawyer and ‘true Las Vegas native,’ dies at 68
- Short memories may serve president
- Saying ‘No mas’ to government
- Police looking for man in white Ford Explorer
- Two dead after accident in downtown Las Vegas
- Hispanic Museum of Nevada settles into new home
Blogs
The Kats Report
Live color from the scene at Thomas & Mack Center: We have a wire job! Rebels win, and Louie Armstrong sings!
South Point owner Michael Gaughan's take on 'Vegas Stripped': 'I'll give it an 8' (4 Comments)
Author relishes writing the life story of ‘larger-than-life’ Oscar Goodman (3 Comments)
Elsewhere
Landowner: All roads could lead to Uxbridge casino
Revel reveals smoke-free casino opening
Cirque du Soleil show in Sands China casino to close this month
Meet the woman behind Sheldon Adelson
The Sun
Locally owned and independent for more than 50 years.
Kathy Silver has patients dying in her Emergency room, she promised to balance the budget (and hasn't), she turned the other cheek when this was brought to her attention months ago.
Granted, Valentine must have inherited a bunch of problems after Thom Reilly left (remember the Family & Youth Director?) but, C'mon...at what point does the County Manager keep holding on to such incompetence?
This is criminal.
This is sickening.
And this sorry UMC saga continues on.
Wasn't there some six-figure dude from Chicago named Lacy Thomas, who cut deals with Frasier Systems Group, a Chicago company, who worked there, too..? Did we forget about his criminal case..?
What about the $459 million in past-due debt UMC was owed between October and May, while UMC's three collection agencies only recovered just $2.9 million, or 0.6 percent, from former patients..? Are we just going to fork over more tax money for this ridiculous tripe..?
These UMC dolts are highly-paid incompetent Clark County government boobs. These county "administrators" have near "life-time" employment and their UMC salaries are the highest in Clark County while we have near bread lines for the rest of Clark County's unemployed people.
And are the Nevada licensed attorneys in this up to their eyeballs, too..?
Where's our esteemed Nevada Bar on this? Hiding? Looking the other way? Is it true nobody gets disbarred in Nevada?
I know personally know people who have had their identities stolen from elsewhere. Either way, it is a frightening experience to say the least. Is that how we treat our sick people..?
And didn't we just have a Clark County Recorder also caught selling info...?
What a Clark County government track record...yeecht.
These "traits" of highly paid government officials is abominable. This just follows the Federal investigation of all the phony Real Estate, Mortgage Broker, and Bank loan scams in Clark County.
Ten, no make that twenty, bucks says all these pathetic crumbs are "donators" to the same group of Politicos who are now or were previously running cover for their "illegally acting" big-dough pals in all of this.
The truth is Clark County was basically founded by the mob, basically grew with the mob, and basically still acts like the mob.
Shameful. Just pathetically shameful.
Check out the ridiculous "power buying" campaign contributions, that will tell the sorry "mob" tale, it always does...
(Heres the official Clark County link to do just that):
http://redrock.co.clark.nv.us/campaignfi............
If County Commissioner Lawrence Weekly, chairman of the hospital's board of trustees, is unsure about the legality of leaking patients' private information, why is this person a County Commissioner? It seems that he is not sufficiently qualified to hold such a position. He should be removed from the Commission immediately and sent back to school to learn about his job and a little bit about the law.
I agree with the other comments but am most outrage at the disregard for the Nevada resident who will be forced to pick up the tab for their mistakes. The UMC center should close! They waste our money with no regard to who supports them. AS long as their pay check at all levels is unaffected they will never care.
Corruption in Las Vegas?
"She said she would wait for the FBI investigation to determine whether any other patients should be notified about the privacy breach."
This clueless witch needs to be fired.
And while we are at it, as Chairman of the Clark County Commission, what is Rory-I-Want-To-Be-Governor Reid doing about all of the chaos at UMC? Why should the Reid family think he is qualified to be Governor if he cannot even make the County's senior management employees act in a way which is fully accountable to the public?
Can't be any worse than Metro giving out personal information, can it?
: {