Patient Privacy Breaches: Sexual, Creepy, and Illegal

Michael J. Sacopulos, JD


March 06, 2014

In This Article

Blatant Misuse of Private Health Information to Make a Pass at a Customer

A Canadian pharmacist vastly overstepped his boundaries with patient data by using a patient's information to try to build a relationship with her on Facebook, reports Canadian Privacy Commissioner Jill Clayton. Clayton says that the Calgary pharmacist misused health information for personal purposes when he called the woman twice in 2012 after she filled prescriptions with him.[2] Apparently, his telephone efforts were unsuccessful. He next moved to the venue of social media, where he sent a friend request to her on Facebook.

In a news release, Commissioner Clayton stated that "health information systems are for health care, not matchmaking." Clayton also rebuked Amani Pharmacy for not training the pharmacist properly in how to treat personal information.

Amani Pharmacy has been ordered to review its training and security systems. The pharmacist, whose identity was not disclosed, is no longer working at the pharmacy.

Situations such as this may be avoided by using a 4-step approach. First, have policies in place that mandate strict confidentiality. Next, train staff on those policies. Step 3, trust but verify: With a minimal amount of effort, you can check to see whether electronic information is being inappropriately accessed. Finally, impose accountability. If you find a policy violation, the employee should receive some degree of discipline for that violation.

Prostitute Takes Laptop, Psychologist Loses License

Dr. Sunil Kakar, a Gig Harbor, Washington, psychologist, had his license suspended after a prostitute stole his laptop.[3] The computer contained private information from 652 patients whom Dr. Kakar had seen via contracts with the Department of Social and Health Services.

On Valentine's Day, 2013, Dr. Kakar found himself filing a police report with the Gig Harbor police department. According to the report, someone stole his laptop from his unlocked vehicle. He stated that the incident could have happened over the previous 2 weeks, but he did not notice his laptop was missing until that morning. This tale of fiction soon unraveled.

Later, Dr. Kakar revealed to police that he had met someone by the name of Ivy on the dating Website T&A in mid-January. The two began texting back and forth, and on January 20, Ivy came to Dr. Kakar's home, where sexual relations were exchanged for $450. Then, on January 25, Dr. Kakar met Ivy for dinner and had sexual relations afterward, but he did not give her any money.

Finally, on the 28th, they had another date. Dr. Kakar stopped at an ATM with Ivy, but he had insufficient funds. This news did not sit well with Ivy.

Dr. Kakar admitted to police that he left his laptop with Ivy, as a token of goodwill for not paying her on the 25th. He got the laptop back from her on the 29th, and the two met up for dinner on the 30th. Dr. Kakar met with Ivy on February 2 and stopped at the ATM -- which again displayed that he had insufficient funds.

Dr. Kakar's laptop was in his vehicle, and this is when he believes Ivy took it from him. He confronted her about the missing laptop, but she denied all accusations. Then. on February 11, he called her for sex and paid her $200. Afterwards, she told him she had forgotten something in her car and left. That was the last time Dr. Kakar ever laid eyes on Ivy.

This brings us back to the morning of Valentine's Day, where Dr. Kakar alerted police to the missing laptop. Because the computer had been registered with Apple, police were able to track it via the serial number with incoming items at local pawn shops. Police were able to recover the laptop from a Cash America store. Store records showed that it had been pawned by Teyana Dorsey -- aka Ivy. When police turned on the laptop, they discovered that the username had been changed to T. Dorsey, with no password. The laptop immediately accessed Dr. Kakar's emails, which contained personal and sensitive data.

Dr. Kakar sent out a letter apologizing to his clients, in which he wrote, "I am extremely sorry for this situation and understand it may cause concern, embarrassment and inconvenience...I take client confidentiality very seriously."

Lesson for doctors: As more and more professionals are switching from desktop computers to laptops and tablets, these devices need to be protected in case of theft or loss. Access to a computer should only be granted through a strong password. In addition, email should be locked in an encrypted fashion. Finally, your personal device should be set to lock-out after a short period, to prevent curious passersby from logging on.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.