Physician, staffers plead guilty to unauthorized EMR access in AR celebrity's death

Dr. Jay Holland and two other former staffers at St. Vincent Health System in Little Rock, AR, pleaded guilty this week to misdemeanor criminal violations of HIPAA privacy regulations for unauthorized access to the electronic records of local TV news anchor Anne Pressly, who died five days after being severely beaten by an intruder in her home. All three admitted to peeking at Pressly's medical records out of curiosity. They each face up to a year in prison and fines of as much as $50,000.

Dr. Deborah Peel, founder of the Patient Privacy Rights Foundation, who loves to email reporters and supporters with her thoughts on privacy breaches and threats that some EMR systems pose, weighed in on this case; she believes it highlights many of the flaws inherent in current EMR systems. "Facebook users can keep people from seeing their walls, but patients can't keep anyone from seeing their electronic medical records," she writes.

"The problem is bad technology," Peel explains. "Every U.S. hospital allows thousands of employees access to hundreds of thousands or millions of electronic patient records without informed consent. Because HIT systems are so poorly designed, VERY FEW snoops are ever caught." While the threat of jail may discourage some would-be miscreants, Peel says, digital rights management like the kind used to prevent illegal sharing of music, could keep wandering eyes out in the first place.

For more on the St. Vincent case:
- check out this Arkansas News story
- read what the FBI had to say in this press release