Return to Nicholas Johnson's Main Web Site

Return to Nicholas Johnson's Iowa Rain Forest ("Earthpark") Web Site

Return to Nicholas Johnson's Blog, FromDC2Iowa

Auditor to check safeguards used at University Hospitals

Audit in response to employee’s improper use of resources

Lyle Muller

The Gazette

January 30, 2007

[Note: This material is copyright by The Gazette, and is reproduced here as a matter of "fair use" for non-commercial, educational purposes only. Any other use may require the prior approval of The Gazette.]

  IOWA CITY — State Auditor David Vaudt said Monday he will audit security access to University Hospitals’ computer and information systems at the University of Iowa’s request. The move follows word earlier this month that an employee inappropriately used information or technology resources at the hospital.

  Vaudt said he will be in Iowa City this week to do some fact-finding while trying to determine the audit’s scope. He said that will take at least a few weeks.

  He said he won’t know how long the audit will take until he knows its scope. However, ‘‘my goal would be to accomplish it in a number of months,’’ Vaudt said.

  UI spokesman Steve Parrott said university officials want to separate the employee incident from a larger examination by Vaudt into safeguards for how information is handled at University Hospitals. That would include a look at who has access to documents and whether they should have that access, he said.

  The employee incident was an internal act, rather than someone hacking into computers, and access was not gained to protected information or patient records, Parrott said.

  He declined further comment. ‘‘It’s a personnel action so we have to maintain confidentiality about that,’’ he said.

  Vaudt said the audit’s scope could go beyond the incident. He said he will deliver his findings to the UI and state Board of Regents, which oversees Iowa’s public universities.

  Interim UI President Gary Fethke said the university constantly audits how it controls access to its information technology in an effort to protect electronic records and documents.

  Vaudt said Todd Stewart, the regents’ director of internal audit, will assist his office.