1. Health

Medical records breach at Tampa General, USF exposes woman's secrets

Jones, 29, thought her medical secrets were safe.
Jones, 29, thought her medical secrets were safe.
Published Jun. 29, 2013

TAMPA — Jennifer Jones didn't want her entire family to know about the baby girl she delivered five years ago at Tampa General Hospital and placed for adoption.

But a relative whose job as a nurse gave her access to the hospital's medical records went snooping and found out anyway.

The breach came to light only recently, after Jones' secret was aired at a family funeral. She contacted officials at Tampa General and the University of South Florida, which promptly fired the nurse over "inappropriate access" to a patient's records. Tampa General is USF's primary teaching hospital; the aunt was a USF employee.

The incident highlights how hard it is to secure health information when scores of workers have ready access to records. Jones' relative looked up her chart from a computer outside the hospital years after the birth.

Though many worry about anonymous hackers drilling into electronic medical records, this case shows that old-fashioned gossips remain a threat.

Officials at USF and Tampa General say they do their best to protect sensitive information, stressing that electronic records can be more secure than paper charts. But Jones is not satisfied with their apologies.

"The damage is done," said the 29-year-old, who is raising two sons out of the area. "I am the one who has to live with the fear of someone telling my children, or just knowing deep down that people that I don't know very well have a very deep dark secret of mine that I didn't want them to know. That's a scary feeling."

Jones was in labor when she checked into Tampa General in October 2008. The woman she had selected to adopt the baby stayed with her the entire time.

Jones and her longtime partner, David Harrison, wanted to keep the experience quiet, and thought they could since court records were sealed. But in 2010, his aunt, Nadine McNew, found out about Jones' 2008 birth and several others. She gave printouts to another family member, Jones said.

Tampa General and USF officials acknowledged the breach, but declined to discuss details, citing patient privacy laws.

University records show McNew worked at USF from November 2009 to August 2012. She was rehired in late 2012 and fired on June 6. The Times could not find a current address or phone number for McNew.

Officials at both institutions said they educate employees about federal laws protecting patient privacy. They warn that breaches will result in termination. Neither USF nor Tampa General planned policy changes as a result of this incident.

In late 2011, Tampa General adopted a new electronic record system that has some enhanced safeguards, spokesman John Dunn said. Employees' access can be limited by their job duties.

Keep up with Tampa Bay’s top headlines

Keep up with Tampa Bay’s top headlines

Subscribe to our free DayStarter newsletter

We’ll deliver the latest news and information you need to know every weekday morning.

You’re all signed up!

Want more of our free, weekly newsletters in your inbox? Let’s get started.

Explore all your options

Psychiatric records are also off-limits to many. But in other areas, access remains more open. Billing officials have to know examination details. Doctors, nurses and technicians aren't limited to records of just the patients on their unit, because unexpected medical needs can arise, said Dr. Jeffrey Lowenkron, CEO of the USF physician's group.

"What we are dependent upon is individual accountability to follow the rules that they all know we have," he said.

Today's electronic systems capture a digital "fingerprint" when somebody views a record. In many ways, Lowenkron noted, that's greater accountability than paper charts that can be opened, even stolen, without detection.

But the protections still fall short of most people's expectations, said Dr. Deborah Peel, founder and chair of Patient Privacy Rights, a Texas group that has lobbied Congress and others for better protections.

Peel described how her sister-in-law, after a bout with pneumonia, was at a party where she met someone uninvolved in her care who looked up her chest X-ray on his iPhone. "None of these systems were designed with patient privacy in mind, which has created a privacy disaster," Peel said.

There's not much patients can do, she added, other than leave town for sensitive procedures.

What happened to Jones is "really an everywoman kind of story," she added. "The exact same thing could happen to you."

Times researcher Carolyn Edds contributed to this report.


This site no longer supports your current browser. Please use a modern and up-to-date browser version for the best experience.

Chrome Firefox Safari Edge