Sexting in surgery, Facebook post among latest problems
Executive Summary
Healthcare data is vulnerable to hackers in several ways. The threat is changing the role of some healthcare managers.
The Federal Bureau of Investigation (FBI) recently warned healthcare providers of the danger.
Health data is more valuable to hackers than credit card numbers.
Encryption is your friend.
Two recent examples show how electronic communications still can be a headache for risk managers in healthcare.
In the first incident, a woman who was being treated for a sexually transmitted infection at the University of Cincinnati (UC) Medical Center is suing the hospital for more than $25,000 in damages for invasion of privacy, emotional distress, malice, and negligence. She alleges that an employee posted her medical records to Facebook, according to the lawsuit filed in Hamilton Common Pleas Court. The woman’s lawsuit claims that a screen shot of her medical record showing her name and her diagnosis of syphilis was posted to Facebook in September 2013. The photo also was emailed to some Facebook users, the lawsuit claims.
In addition to suing the hospital, the woman also is suing two employees, only one of them named, of UC Medical Center and her ex-boyfriend. The lawsuit claims that the employees posted her records online at the request of the ex-boyfriend. It also alleges that UC Medical Center negligently supervised the named employee and has not done enough to identify the second.
"As a result of the inaction (of the hospital) ... the plaintiff’s medical records are still in the possession of the other (unknown) employee and the plaintiff is receiving phone calls harassing her and her child," the lawsuit says.
UC Medical Center CEO Lee Ann Liska sent a memo to the hospital’s employees in which she acknowledged the lawsuit and its claims. The memo, which was reported in several media outlets, also reminds employees that "the unauthorized access or viewing of medical records, or the unauthorized sharing of PHI [protected health information], is a serious violation of federal medical privacy laws and regulations and cause for immediate termination." It is not known if any employees were disciplined or dismissed.
MD accused of sexting in surgery
In another case, the Washington State Medical Board suspended a Seattle anesthesiologist after investigating allegations that he "sexted" during surgery, at one point sending 45 sexually explicit messages during a single operation. The board suspended Arthur Zilberstein’s license for a "lack of focus" and putting patients at risk during cesarean deliveries, labor epidurals, an appendectomy, and other procedures, according to a Washington state medical board’s statement of charges.
The board also investigated claims that Zilberstein sent X-rated selfies, wearing his hospital scrubs and badge with his genitals exposed.
"Oh. And my partner walked in as I was pulling up my scrubs. I’m pretty sure he caught me," Zilberstein wrote in one text message, according to the board.
Doctor tested patient
The statement of charges included claims that the doctor sent multiple sex-related messages to the same woman, a patient, and invited her to visit the hospital for sex.
He told her she could park in the doctor’s lot instead of paying for parking, according to the claims, and the pair allegedly arranged to meet in the doctor’s lounge or hospital call room for sexual encounters.
In addition, the statement of charges says Zilberstein obtained the unnamed woman’s medical records "not for medical purposes, but in order to view images of the patient for his own sexual gratification."
The Washington state health department investigated after receiving two complaints, one from a patient and another from a healthcare professional, the report notes. Zilberstein is appealing the suspension.
