Cases of identity theft steal headlines, but simple curiosity is the biggest culprit for security breaches inside hospitals and practices. Here’s how to prevent it — and how to catch the snoopers.

Electronic access to patient data has made it easier to look up information — sometimes too easy.

You’ve probably heard stories about employees or others tapping patient information systems for identity theft. But the more frequent problem is snooping — curious staff or others with system access who look at information they’re not authorized to see.

It sounds innocent, but HIPAA and an increasing number of state laws that cover disclosure of information breaches don’t make distinctions based on intent. An information breach is an information breach, which means physician practices not only have to find ways to keep gawkers away but also must be ready to carry out consequences — or face them — if a breach occurs.