Patient Privacy Breaches: Sexual, Creepy, and Illegal

Michael J. Sacopulos, JD


March 06, 2014

In This Article

Porn Stars Deserve Privacy, Too

Every day seems to bring word of new healthcare privacy breaches. A physician's laptop goes missing in Illinois. A practice's system is hacked in Maryland. Old patients' charts turn up in a landfill in Ohio. Some of these breaches are not only frightening in terms of their ramifications, but they come across like plots of crime shows on TV. Here are some of the dramatic examples.

Porn Star HIV Test Database Leaked

Although porn stars are not typically known for their privacy concerns, they do often use stage names to keep their true identities confidential. In 2011, however, their personal lives were broadcast for the world to see, when medical test results and personal details about thousands of current and former porn performers were leaked.[1]

The patient database of the private health clinic that conducts sexually transmitted disease (STD) tests for California's porn industry was hacked. Porn Wikileaks, a Website that owns up to its name, posted a list of what it claimed were the real names of more than 15,000 performers, both past and present. That 15,000 was a very significant number, considering that there were only about 1200 to 1500 performers working at the time. This leak "outed" the stars to any curious Web surfer, causing an uproar in the industry...or so I am told.

Many of the names came from the database of the Adult Industry Medical Health Care Foundation (AIM), which has since closed. AIM conducted the majority of STD tests for the porn industry, and currently working performers got tested at least once every 28 days. Several porn performers said that the information on Porn Wikileaks must have come from AIM's database because they had only used the stage names that were posted on Porn Wikileaks once, and that was when they had registered for testing at AIM.

Not only were real names leaked onto the site, but many entries also included the performers' addresses, family members' information, copies of state identification, and even Google Maps pictures of their homes.

Lesson for doctors: There are multitudes of ways to protect patient data from being hacked. For starters, find out what software is running on your network's computer by using a port scanner. Conduct regular back-ups of your data to ensure that everything is working properly. Store back-up files off line to ensure security. Use encryption software to encrypt all company data in transit -- for example, email messages.

Other recommended advice: Install the latest versions of antivirus software to protect against viruses, particularly the new, ingenious ones that get delivered to your inbox. Taking the previous step one step further, use anti-adware and spyware to protect against illegal programs that track Internet use or monitor your keystrokes.

In addition, you can install intrusion-detection software to alert you when someone tries to access your system illegally. Furthermore, install a firewall to maintain a secure interface between the computers in your practice and the server. Finally, develop a consciousness among your employees about the ripple effects of hacking.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.