Identity theft poses new threat for ED managers

Private information of staff and patients is at risk

At Southern Regional Medical Center in Riverdale, GA, the credit cards of one of the emergency nurses was stolen while she was at work, and the thieves used them all day. They knew nurses work long shifts and that if they removed the cards early in the day, they would have all day — and perhaps the night as well — to shop.

Kaiser Permanente South Bay Medical Center in Redondo Beach, CA, has sent letters to 25,000 members warning that two contract employees stole personal information from emergency and surgery patients’ records and ran up thousands of dollars in charges on fake credit cards.

Theft — petty or not — is alive and well in the ED. With identity theft becoming a more common threat throughout society, ED managers are standing up and taking notice.

"I think petty theft in the ED has always been an issue," says Gregory Henry, MD, FACEP, risk management consultant at Emergency Physicians Medical Group in Ann Arbor, MI. "That’s why you need secured places for staff’s possessions: purses, doctors’ bags, and so forth."

Henry says the incident at Southern Regional is not unusual. It’s more common, however, for items such as prescription pads to be stolen. "That’s why they are never left in rooms or on the tops of desks," he says. "We had one guy who had stolen scrip pads and was selling blank scrips for $10 apiece."

Protecting staff property

Many EDs provide staff with lockers for personal belongings, and combination locks are placed on them for extra security. Those measures may not be sufficient, however, Henry says.

"Lockers may do the job inside the staff room [with secured access], but lockers that others have access to won’t do it," he warns.

First, have limited access to staff areas, Henry advises. "We have a separate staff room with a door code on it," he shares. "You have to push the buttons for a three-digit code to gain access into the lounge, and that seems to solve a lot of problems."

At Montefiore Medical Center in the Bronx, NY, a similar system is in place.

"We have a common room which requires a key code to get in," says Alice "Bonnie" Corbett, RN, administrative nurse manager of the ED. All of the lockers are together, Corbett says. The lunch table is there, so staff members are in and out all day, she says. For that reason, they have a "double" system: a key code to get into the room, and individual locks on the lockers.

Beyond those types of measures, ED managers should seek to minimize loose items and wandering individuals, Henry says. "In general, anything small enough to go in a pocket, like medical instruments, should not be left in the room," he says. "Even the staff lounge should be spartan, he says. "If it can sprout legs, it will," he says.

As for visitors and well-wishers, "you should make sure they are either in a room with the patient or in the waiting room," he says. "Free-floating people in general are bad."

Safeguard computer information

While the information technology department may have overall responsibility for securing computer data, there are steps ED managers can take within their department to keep private information private, says Henry.

"The computer has actually allowed great theft," he says. That’s why the Health Insurance Portability and Accountability Act (HIPAA) says screens need to be blank after a number of seconds, Henry says. You also should have a flap or a cover on computers in your department, he adds.

Corbett agrees. "A hospital staff member here designed an actual flap with heavy rubber that goes over the computer screen," she says. "We also have individual computers for each physician, so you can see if someone [other than the designated individual] is sitting at it. And if they get up, they put the flap over the screen."

ED managers also must guard the paper printouts from computers, adds Henry. "When medical records are done, they should be put in locked boxes so they can be shredded," he advises.

The dangers of leaving computers unprotected are many, Henry says. For example, consider departments that use computerized physician order entry (CPOE) for prescriptions, he says. "A sophisticated patient could push the right set of codes and get whatever drugs they wanted off that," Henry says.

Patient privacy is a serious concern, of course. AIDS, for example, has a designated ICD-9-CM (International Classification of Diseases, Ninth Revision, Clinical Modification) code, notes Henry. "That could be used for extortion," he says. "Armed with that information, an extortionist could target a ritzy area, call everyone who has AIDS, and threaten to make the information public unless they are paid off."


For more information on preventing theft in the ED, contact:

  • Alice "Bonnie" Corbett, RN, Administrative Nurse Manager, Montefiore Medical Center Emergency Department, 1825 Eastchester Road, Bronx, NY 10461. Phone: (718) 904-2252.
  • Gregory Henry, MD, FACEP, Risk Management Consultant, Emergency Physicians Medical Group, 1850 Washtenaw Ave., Ann Arbor MI 48104. Phone: (734) 995-3764. Fax: (734) 995-2913. E-mail: