Return to Nicholas Johnson's Main Web Site

Return to Nicholas Johnson's Iowa Rain Forest ("Earthpark") Web Site

Return to Nicholas Johnson's Blog, FromDC2Iowa

U of I requests review of hospital's data security

Erin Jordan

Des Moines Register

January 30, 2007

[Note: This material is copyright by the Des Moines Register, and is reproduced here as a matter of "fair use" for non-commercial, educational purposes only. Any other use may require the prior approval of the Des Moines Register.]

Iowa City, Ia. - The University of Iowa has asked the state auditor's office to investigate computer security at University Hospitals after an employee accessed private information of a former director.

U of I Interim President Gary Fethke said in a news release Monday he wanted the external review after an internal investigation showed a U of I employee violated the university's policy on acceptable use of information. Members of the Iowa Board of Regents said earlier this month the documents accessed belonged to John Colloton, former long-time director of the hospital.

"It's a way to get an external agency involved, to have an outside viewpoint," said Warren Jenkins, chief deputy state auditor.

Jenkins said it's too early to say when the audit will be done. However, the auditors will write a publicly available report to the U of I and the Board of Regents. Todd Stewart, a former state auditor who now works for the regents as internal audit director, may help with the review, Jenkins said.

The security breach, which the U of I began investigating in mid-December, did not expose confidential patient or employee records.

Regents President Michael Gartner told at least one legislator Jan. 11 that the breach involved documents stored on Colloton's computer.