L.A. County coroner's staff improperly viewed Michael Jackson's death certificate
Los Angeles County coroner’s officials said today that they have looked into security breaches involving the investigation of Michael Jackson’s death, including hundreds of improper views of the pop star’s death certificate and the discovery of weaknesses in two other computer systems in which more sensitive records were stored.
At least a half-dozen coroner’s staff members were among those who inappropriately accessed Jackson’s death certificate, officials said today. Within two weeks of his death, the certificate had been viewed more than 300 times.
In some cases, staff members appear to have printed copies before it became a public record. Earlier this month, coroner’s officials warned employees to cease, cautioning that they had previously been admonished about the security hold on the Jackson case.
"There's only one person in the investigation of Mr. Jackson who needed to have a copy of the death certificate, and that was the investigator," said Craig Harvey, chief coroner investigator.
Harvey called any access of the Electronic Death Registration System for personal use “not appropriate.”
In a July 9 e-mail reviewed by The Times, a coroner’s captain told staff that future abuses of the system would result in disciplinary action. Staff members who had printed a copy of the death certificate were advised to destroy it.
Harvey said he learned that coroner’s employees were inappropriately accessing Jackson’s death certificate after he received a tip alleging that a funeral home employee created a fake death certificate for Jackson in the computer system.
Harvey did not uncover any fraudulent death certificate, but did discover the names of coroner's employees who had looked at the record even though they had no role in the Jackson investigation.
He said he had not contacted any law enforcement agency about the actions, saying he believed that internal rules had been broken, not any laws.
Death records in the EDRS system, which is state-supervised, can be accessed by anyone with a state-issued password, including employees at coroner’s offices, funeral homes, hospitals, and county and state registrar's offices. Users input information on death certificates that must be signed off on by doctors or coroners and made public by the state registrar.
Coroner's employees are supposed to look up cases "strictly in the performance of your official coroner duties,” according to the e-mail reviewed this month.
In addition to issues with the electronic access to Jackson’s death certificate, Harvey said that his office also had trouble securing two other computer systems in which they kept Jackson’s death investigation reports.
Investigation reports, which are not public records, typically are accessible only to investigators and other employees with office-issued passwords. Once employees log in, they can access others’ investigations — unless the reports are locked.
The investigator’s reports on Jackson's death were locked from the start, Harvey said, meaning access should have been available only to employees with the rank of captain or higher. Because of the high interest in Jackson, coroner’s officials took the added precaution of restricting access to only a few administrators. Harvey said the hard copy of the investigation was stored under lock and key.
Still, after the investigation started, they discovered vulnerabilities in the computer systems that might have allowed employees unauthorized access, Harvey said. He declined to say what those weaknesses were.
“We took extra steps to plug those holes,” he said.