The Field Report with Tom Field

The Case for Background Screening

Hepatitis C Scandal Exposes Costly Hiring Flaws

How could this happen?

See Also: How to Take the Complexity Out of Cybersecurity

I received word last week that I'm one of 6,000 individuals who should be tested for hepatitis C amidst the healthcare scandal unraveling in Exeter, N.H.

You've heard the story, I'm sure. David Kwiatkowski, an itinerant medical technician, is accused of stealing anesthetic drugs from Exeter Hospital and contaminating syringes that were subsequently used on patients. Kwiatkowski also happened to have hep C, and so far, 30 patients have tested positive for this serious blood-borne infection. Thousands more - including me - have been asked to be tested if they had surgery during the time Kwiatkowski worked at the hospital.

That's enough to make you ask 'How could this happen,' right? With all the security around drugs, syringes and medical procedures, it's hard to imagine a technician getting away with needle-sharing in the hospital.

But worse, now comes news that this same guy has worked at 13 different hospitals since 2007, and he was fired by hospitals in two states before he even came to New Hampshire. UPMC Presbyterian in Pennsylvania terminated Kwiatkowski in May 2008 after he was found in an area of the hospital where he was not assigned to work. And the Arizona Heart Hospital in Phoenix says Kwiatkowski was fired in 2010 after he was found passed out in a men's locker room at the facility, with syringes and needles in his possession.

Risk Management

Again, I ask: How could this happen? And I'm not just talking about the alleged security breaches and infections. I'm talking about basic risk management: How could a technician even be hired after being fired at least twice by other hospitals? I mean, background screening, anyone?

It's frightening how little most organizations know, or seemingly care, about individuals they hire. I had the chance to speak recently with Lester Rosen, a background screening expert (and presenter of our new webinar, Risk Management: New Strategies for Employee Screening). We were talking specifically about how organizations should screen for false credentials (in the wake of the Yahoo/Scott Thompson scandal), but Rosen's words apply to any kind of pre-employment screening.

"The big message is going back to the basic rule of business, which is: Don't assume," Rosen says. "Or put another way - to borrow a phrase from the 1980s - trust but verify."

There was information out there to be found on Kwiatkowski. Both his firings had been reported to the staffing agencies that hired him, and in the Arizona case, the dismissal even was reported to the state. So, did Kwiatkowski's most recent employer fail to conduct its due diligence when it hired him, or did the previous employers fail to disclose this critical information during the screening process?

Or was this one of those gray area cases where Exeter Hospital assumed far too much about the staffing agency's screening procedures?

Staffing Agency Risks

Staffing agencies pose a unique challenge when it comes to screening.

"There are a lot of employers who will have excellent policies and procedures for due diligence when it comes to their own employees, but yet they will acquire someone from a temp agency of whom they know nothing about, and yet that temp has access to the IT, financials, access to clients," Rosen says. "There's a co-employment relationship; it gets complicated. It requires that the employer and the staffing firm work closely together to come up with a methodology where the employer is assured that they're getting safe, qualified workers coming on board."

Complicated, yes. But a lot less complicated than screening 6,000 patients for hepatitis C.

What happened in Exeter is a lesson for organizations of all sizes and sectors. You can't be too careful when making critical hires. It truly comes down to basic risk management. You've got to properly screen the people you hire, and you need to ensure your contractors screen their employees, too.

The alternative is, well, Exeter Hospital. You don't want to end up like this facility's leaders, staring at their constituents and their own mirrors, being forced to answer "How could this happen?"



About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.