When I called Children’s Medical Center yesterday to inquire about the departure of the three executives (not knowing the News had already published that information), I asked why the FBI had been present for the affair. A source had told me as much. But there came from the hard-working Children’s media affairs personnel a strong denial: “Absolutely not. The FBI wasn’t at Children’s. No way. Whoever would have told you that?” I’m paraphrasing here. I felt pretty stupid for asking the question. Not a new feeling for me. But still.
Well, it turns out the FBI was recently roaming the halls of Children’s–but for an unrelated matter. An employee was caught stealing social security numbers, and the hospital fired that employee. Here, in part, is the May 30 letter that Richard Boyer, information privacy officer, sent to parents of the children whose information was stolen:
The purpose of this letter is to inform you of an incident that occurred at Children’s Medical Center of Dallas (“Children’s”) that resulted in the unauthorized disclosure of protected health information, including the social security numbers, of two patients by a former employee. The former employee had proper access to your child’s electronic medical record as part of her normal job responsibility. At this time, Children’s has no evidence that your or your child’s information was used in an unauthorized manner. …
Upon learning of the incident, Children’s conducted an investigation that resulted in the termination of the employee who was involved in the incident. Children’s also immediately reported the incident to federal law enforcement agencies to investigate the theft and to identify additional individuals who may have been affected. In addition, the Children’s internal leadership group is evaluating the existing processes and technical safeguards and will address these issues to strengthen existing security practices throughout the organization.