TRENDING:

Fine in Marketing-Related Breach

Radiologist Used Patient Information to Seek Business Marianne Kolbasuk McGee (HealthInfoSec) • June 22, 2012    
Fine in Marketing-Related Breach

A radiologist formerly affiliated with a Connecticut hospital has agreed to pay a $20,000 civil fine as part of a settlement with the state's medical examining board for inappropriately accessing patient information to use in marketing his services (see: Breach Motivated by Marketing).

See Also: ISO/IEC 27001: The Cybersecurity Swiss Army Knife for Info Guardians

Gerald Micalizzi of Bridgeport, Conn., formerly affiliated with Griffin Hospital in Derby, Conn, agreed to pay the penalty and have his license put on probation for six months, during which time he needs to "successfully complete coursework in physician ethics, patient confidentiality and HIPAA compliance," according to the June 19 consent order issued by the state of Connecticut Dept. of Public Health.

The state alleged, and Micalizzi did not contest, that from Feb. 4, 2010, to March 5, 2010, the radiologist, using his home computer, "improperly accessed numerous patient records" from Griffin Hospital's Picture Archiving and Communications System, using the user name and password of other physicians without their consent.

According to a Griffin Hospital statement issued not long after the breach was discovered two years ago, an internal investigation found that the physician gained unauthorized access and scanned the PACS directory listings of 957 patients who had radiology studies performed at the hospital. During that one-month period, the doctor selected and downloaded the image files of 339 of these patients.

Micalizzi was formerly a member of the Griffin Hospital medical staff who had been employed by the radiology group with which Griffin Hospital contracted for its radiology professional services. During that time, the radiologist was authorized to access to the PACS.

The physician's employment with the radiology group was terminated on Feb. 3, 2010. That resulted in the loss of his medical staff appointment at Griffin Hospital and his authorization to access the PACS. At the same time as the physician's PACS access was terminated, his access password was revoked, according to the hospital statement.

The hospital was tipped off about the unauthorized data access in late February 2010 when it began receiving inquiries from patients regarding unsolicited contact by Micalizzi, who offered to perform professional services at another area hospital despite the patients' interest in having those services provided at Griffin Hospital.

Previous
Pension Plan Leads Breach Roundup
Next
The Customer's Role Fighting Fraud

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.



Around the Network

Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.