A woman was fined for illegally accessing patient records while working at National University Hospital (NUH). The incident highlights the importance of data privacy and the potential consequences of unauthorized access. Here's a breakdown of the case and its implications.
The Incident:
Norkamelia Osman, 34, accessed the medical records of 11 patients without authorization while employed as a customer service associate at NUH. She used the hospital's 'EPIC' system, which manages patient data and appointments.
The Charges:
Norkamelia pleaded guilty to violating the Computer Misuse Act. She faced a fine of $5,000, reflecting the severity of the offense.
The Access:
Norkamelia's job granted her access to the 'EPIC' system, but she used it to view records of individuals outside her professional responsibilities. This included personal information about herself, her family members, and colleagues.
The Discovery:
An anonymous tip led NUH to investigate. A colleague of Norkamelia discovered her unauthorized access and reported it. The colleague had been contacted by Norkamelia on Instagram and WhatsApp, where she inquired about personal details.
The Explanation:
Norkamelia admitted to the police that she accessed the records to rekindle a relationship with the colleague. She had lost touch during the pandemic and wanted to reconnect.
The Impact:
The prosecutor emphasized the breach of trust and the potential harm caused by unauthorized access to sensitive information. However, they also acknowledged Norkamelia's remorse and cooperation, considering her a first-time offender.
The Lesson:
This case underscores the need for strict data privacy measures in healthcare institutions. It also highlights the importance of employee training and awareness regarding data security.
