Dedicated to providing the latest
HIPAA compliance news

Doctors Stand Accused of Using EHR to Steal Patients

Share this article on:

Two Pediatric pulmonologists from Valley Children’s Specialty Medical Group’s Madera, CA. Valley Children’s Hospital (VCH) have been accused of using their access rights to the hospital’s EHR to obtain contact information of patients, with a view to getting them to switch healthcare providers.

Two physicians – David Lee, MD and John Moua, MD – have been named in a lawsuit that alleges they used their access rights to hospital data “for personal gain and commercial advantage.” Dr. Paul Do and Dr. John Moua were allegedly “seeking to misappropriate patients” from the hospital, and move them to a Central California Faculty Medical Group run facility.

The physicians allegedly used Spanish-speaking interpreters to contact patients suffering from cystic fibrosis, and gave them misleading and false information about their current healthcare provider. They were allegedly informed that the hospital they were currently using to receive medical services was understaffed and could not continue to provide them with quality care, and even informed them that the hospital was closing. They were advised to follow physicians who had allegedly left employment at VCH and to move their medical records to a University Pediatric Specialists hospital.

VCH claims it has had its reputation damaged as a result of the doctors’ actions. A statement was issued confirming VCH is still fully operational and remains staffed and can continue to provide patients with quality care. Over 300 staff are employed by the hospital and it is recruiting more. VCH also pointed out that the new facility, where the doctors now practice pulmonology, “does not have an approved and funded cystic fibrosis facility.”

According to Valley Children’s Hospital, 164 patients were contacted and told about the physicians’ new employer and VCH considers the incident to be a HIPAA violation. The hospital referred to the incident as a “significant data breach”, and also claims unfair competition.  According to an email sent by the Central California Faculty Medical Group to the Fresno Bee, the physicians were within their rights to contact the patients to advise them of their change of employment, and that the two physicians had done nothing wrong. The statement said, “The physician-patient relationship exists between the patient and the physician, not the patient and the facility.”

VCH is obliged to report the incident to the Department of Health and Human Services’ Office for Civil Rights as the accessing of patient files without authorization and “for personal financial gain and commercial advantage,” is a serious violation of HIPAA Rules. A report is currently being prepared that will be sent to the OCR, and the California Department of Public Health has already been informed of the privacy breach.

The lawsuit seeks unspecified exemplary and punitive damages for misappropriation of trade secrets, intentional interference with prospective economic advantage, defamation, breach of contract, and unfair competition.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On