Sunday, June 24, 2012

Doctor Fined For Downloading Patients’ Personal Information

A doctor was fined $20,000 by the Connecticut Medical Examining Board for the unauthorized download of information belonging to 339 patients.

In addition, his license was put on probation for six months while he completes training classes in physician ethics, patient confidentiality and compliance with HIPPA.
"Unauthorized accessing of patient information is a violation of the federal HIPAA law that my office is empowered to enforce." - Attorney General Richard Blumenthal
The doctor worked for a company that provides radiology services to the hospital. He was terminated on February 3rd and his access to hospital systems was terminated at that time.

However for one entire month (from February 4th to March 5th) the doctor illegally accessed the radiology application from his home using passwords stolen from other radiologists. He downloaded a total of 339 patients’ names, exam dates, exam descriptions, gender, age, medical record numbers, image files, and dates of birth.

The hospital only became aware of the privacy breach when patients complained the radiologist was calling them to offer medical services at another hospital.
Catch HIPAA privacy breaches before your customers complain. Download a white paper on HIPAA breach detection service that proactively identifies breaches of patient privacy, even those using stolen passwords - with no hardware and no on-site software.

A time consuming and exhaustive examination of radiology application's access logs eventually revealed the culprit based on his Internet Protocol (I.P.) address.

The doctor and the Connecticut Medical Examining Board worked out an agreement the doctor and which was formally presented and accepted by the examining board on June 19, 2012.

(a) Local Doctor Fined $20,000 - Valley Independent Sentinel, June 19, 2012
(b) Griffin Hospital Notifies Patients of Breach of Protected Health Information - Hospital website, March 29, 2010
(c) Update: Griffin Hospital Data Breach - Valley Independent Sentinel, March 29, 2010
(d) Patient data breach at Griffin Hospital - News 8, March 29, 2010

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at