CBS News Logo Doctor removed patient records related to USA Gymnastics: university documents

EAST LANSING, Mich  -- A Michigan State University doctor resigned after learning the school was considering her termination because she didn’t disclose in 2015 that USA Gymnastics was investigating a fellow physician who has since been charged with molesting young gymnasts, according to records released to the Lansing State Journal. The documents obtained from Dr. Brooke Lemmen’s personnel file through the Freedom of Information Act reveal she also removed patient records at Dr. Larry Nassar’s request, the newspaper reported. Lemmen’s lawyer, Aaron Kemp, on Saturday disputed the claims made in the university documents.  Nassar was a sports doctor for Michigan State and USA Gymnastics, which trains Olympians and is headquartered in Indianapolis. Michigan State fired Nassar in September after he violated restrictions that were put in place in 2014 following a complaint. He was charged last month with sexually assaulting gymnasts who came to him for treatments for hip and back injuries. He’s also being sued by dozens of women and girls. Nassar, 53, has denied wrongdoing. Lemmen resigned from Michigan State in January. According to the documents given to the Lansing State Journal, Lemmen failed to disclose to Michigan State that Nassar had told her in 2015 that he was being investigated by USA Gymnastics. But Kemp said neither Nassar nor USA Gymnastics told her of allegations of sexual assault. In a Dec. 12 letter, College of Osteopathic Medicine Dean William Strampel wrote to Lemmen that not disclosing the USA Gymnastics investigation was “troubling” because she was one of four medical experts Michigan State used during a 2014 internal Title IX probe that cleared Nassar of sexual assault allegations. But Kemp said Lemmen also was not given details surrounding the university’s 2014 investigation. “In each instance, Dr. Lemmen was told there were questions regarding Dr. Nassar’s medical Continue Reading

Patient records more valuable to hackers than credit card details, NHS boss reveals

Patient records are at risk from hackers because they are now more valuable than credit card details, NHS bosses have revealed. Former deputy chair of NHS Digital Sir Nick Partridge said that while there were systems in place to try and combat hacks, the value of personal data meant there was an increased risk. "Systems are there but there's a growing understanding that patient records are now much more valuable on the dark web than credit card ratings," he said. "They sell for more money so we can only expect this level of cyber attack to increase in a very fragmented NHS and it's going to be a growing challenge". Sir Nick said that NHS Digital, the health service's internal IT provider, had... To continue reading this article Start your free trial of Premium Access all Premium articles  Subscriber-only events  Cancel any time Free for 30 days then only £2 per week Try Premium Access one Premium article per week Register for free To continue reading this article log in to your Telegraph account. Or register now, it's free. Register Log in Registered customers can access one Premium article per week HALF-PRICE OFFER Unlimited access to exclusive stories. Half price for one year. Access all Premium articles Subscriber only events Cancel any time Free for 30 days, then just £1 per week Start free trial Enjoy a year of Amazon Prime, worth £79, with an annual subscription Continue Reading

UVa patient records exposed for 17 months in malware attack

The University of Virginia Health System on Tuesday said that an unauthorized party outside the university may have had access to the medical records of nearly 2,000 patients over a period of 17 months in 2015 and 2016. Investigations by the FBI and the university determined that a UVa doctor’s laptop and other devices were infected with malicious software that allowed the third party to see what the physician was viewing on the devices in real time. On Dec. 23, 2017, the health system learned that the third party may have been able to view the patient information from May 3, 2015 to Dec. 27, 2016. The university is notifying the 1,882 patients who may have been affected. During that time, the physician conducted UVa Health System business from his devices, which included accessing medical records and other documents containing patient information, the university said. The investigations could not rule out that the third party may have been able to see some patient information, including names, diagnoses, treatment information, addresses and dates of birth. Patients’ Social Security numbers and financial information were not viewable, according to a news release. The FBI told UVa that the third party has been arrested and did not take, use or share patients’ information in any way. But as a precaution, UVa mailed letters to the affected patients on Tuesday. Patients who have questions can call (866) 291-7429. To help prevent such incidents in the future, the UVa Health System has enhanced the security measures required to remotely access patient information. Continue Reading

Aetna Disputes Report That Medical Director Ignored Patients’ Records

Aetna Inc. on Wednesday disputed a news report that a former medical director testified in a deposition related to a lawsuit that he did not examine patients' records before deciding whether to deny or approve care. CNN reported Sunday that a former medical director of the Hartford health insurer said under oath he never looked at patients’ records before approving or denying care. During a deposition, Dr. Jay Ken Iinuma, who served as medical director for Aetna for Southern California from March 2012 to February 2015, said he was following Aetna’s training, which called for nurses to review records and make recommendations to him. “We want to be 100 percent clear with our members, customers, partners and the public,” Aetna said in a statement posted on its website. “Dr. Iinuma’s deposition was taken out of context to create media and courtroom leverage, and is a gross misrepresentation of how the process actually works.” Aetna said medical records were an “integral part” of the clinical review process during Dr. Iinuma’s tenure at Aetna, consistent with his training. A CNN spokeswoman did not immediately respond to a request for comment. Aetna initially commented to CNN that its medical directors are trained to review all available medical information to make an informed decision. It added that medical directors “take their duties and responsibilities incredibly seriously.” California Insurance Commissioner Dave Jones has launched an investigation into allegations regarding Aetna's practices “in denying claims and requests for prior authorization for care.” The state agency also said it is investigating Aetna's utilization review process. “If a health insurer is making decisions to deny coverage without a physician ever reviewing medical records that is a significant concern and could be a violation of the law,” Jones said. The department is seeking information from Continue Reading

Longmont medical clinic hacked, patient records possibly compromised

Longs Peak Family Practice, a medical clinic in Longmont, suffered a data breach that was discovered in November and might have compromised patients’ personal information. Boulder law firm Caplan & Earnest on Wednesday issued a news release on behalf of the medical clinic that a forensic investigator discovered evidence of three instances of unauthorized access to the clinic’s computer network in November. The law firm and clinic couldn’t be reached for comment on Wednesday evening. The news release has been posted on the clinic’s website. The news release stated that there is no evidence that patient information was removed or accessed, but it is possible the hackers downloaded the information. The breach did not compromise credit card, billing or bank account information. However, patients’ names, birth dates, patient identification numbers, phone numbers, email addresses, social security numbers, insurance carrier, insurance payment codes with associated costs, driver’s license numbers and dates of service might have been stolen. Read the full story at Continue Reading

Gynecologist accused of sexual abuse seeking patients’ records for defense

A gynecologist accused of sexually abusing six women wants the full medical records for his former patients. Dr. Robert Hadden’s lawyer said in Manhattan Supreme Court Thursday that the DA’s office only submitted “very very redacted medical records” but the full set of documents are “absolutely essential” as they prep their defense. One of the six women making allegations against the former gynecologist at New York-Presbyterian Columbia Hospital has a serious STD, said the lawyer, Isabelle Kirshner. “It defies logic a doctor knowingly would, as charged by the prosecution,” perform a sex act on a patient he knows has an STD, Kirshner argued. Manhattan Supreme Court Justice Ronald Zwiebel asked for additional written arguments on the matter. Kirshner also said that medical records could help explain other alleged misconduct — like the DA’s claim that there were excessive breast examinations. “If the patient had a condition that required frequent breast examinations, it would have been appropriate to do so,” she added. Hadden is charged with sexually abusing the women in his Washington Heights and Upper East Side offices between Sept. 2011 and June 2012. Assistant District Attorney Laura Millendorf said that the proposed defense which may eventually be used at Hadden's trial “does not change what he’s entitled to or [WHAT IS] relevant at this time.” The case was adjourned to March for a decision on written arguments. Several women have sued Hadden for allegedly using his role as their doctor to violate them. Join the Conversation: Continue Reading

Peace activist exploited cancer patient, records show

The Louisville activist who was sentenced in federal court Monday to 15 months in prison for cashing her dead husband’s Social Security checks pleaded guilty in 2012 to exploiting a cancer patient for whom she was a caretaker.Jan Arnow opened credit cards using the woman’s name and used her existing credit cards; she also wrote checks on her account for more than $12,000, according to a complaint.Assistant Commonwealth’s Attorney Jeff Cooke said the woman, Dr. Daryll Anderson, later died of the disease.  He said Arnow was an acquaintance of Anderson, who was a physician.Some of the credit card transactions were in Europe, the records show.In that case, Arnow entered an Alford plea in state court in which she contested her guilt but acknowledged there was enough evidence to convict her.She received a four-year sentence for wanton exploitation of an adult, identify theft, fraudulent use of a credit card and unlawful taking, but was placed in a diversion program for five years. She also paid about $12,000 in restitution, Cooke said.She contended that the money she obtained from Anderson was a loan and that she had permission to use her credit cards. ► ​READ MORE: Respected peace activist imprisoned for fraudCourt records show that  Anderson initially gave Arnow power of attorney when she went into hospice in 2010 but that Anderson revoked it the next year when she realized Arnow was running up debts in her name.Arnow's diversion was revoked when she was indicted last year on the federal charges and failed to report them to her probation officer. She is set to be resentenced at 8:30 Thursday by Jefferson Circuit Judge Mitch Perry. The charges against her would have been dismissed if she had completed diversion.Her lawyer, Jonathan Dyar, declined to comment.Arnow, who was director of the Center for Interfaith Relations, launched the Institute for the Prevention of Youth Violence and fought genocide Continue Reading

UCHealth nurse fired for viewing 800 patient records

A nurse at Poudre Valley Hospital has been fired for viewing patients' medical records out of personal curiosity.University of Colorado Health, which operates PVH and Medical Center of the Rockies in Loveland, is notifying about 800 patients that an employee inappropriately accessed their electronic medical records.The employee was able to see patients’ names, addresses, phone numbers, dates of birth, insurance information and a description of the care and treatment received during a visit. The nurse was not able to access Social Security numbers or other personal, financial information, spokesman Dan Weaver said.Fort Collins: 30 new hangars planned at Fort Collins-Loveland airportLetters have been mailed to all affected patients, who should receive the letters in the next few days.UCHealth discovered the action through a regular audit of employees to ensure strict compliance with health privacy regulations.A subsequent investigation discovered the nurse was viewing patients' charts out of personal curiosity even though the nurse was not providing direct care to the patients.LOVELAND: Attempted robbery reported at Loveland SubwayWeaver said in a statement that employees are receiving additional training to re-emphasize they can only view health records of patients for whom they are caring. All employees will continue to receive annual training on how to properly access health care information.Weaver said there have been no similar breaches of patients' records since UCHealth was created in 2011, merging Poudre Valley Health System with University of Colorado Health.Patients who have questions can call 844-470-1755 to talk with UCHealth's director of compliance and privacy. Continue Reading

State Comptroller Thomas DiNapoli rejects outsourcing of patient records at SUNY Downstate

ALBANY - State Controller Thomas DiNapoli's office has rejected a $21.6 million contract to create a call center for SUNY Downstate Medical Center. Some of the services under the proposed contract with Eclipsys/Allscripts would have been provided from outside the country — and DiNapoli's team feared not enough was done to protect patient personal data. A source close to the controller said DiNapoli expressed "surprise and shock” that there was a major effort to approve “a contract that would outsource work overseas with the amount of unemployment in the U.S.” SUNY Downstate Medical Center was informed of the decision to reject the contract late last week in a letter from Charlotte Breeyear, DiNapoli's director of contracts. "Both state and federal law scrupulously protect the confidentiality of citizens' medical records," Breeyear wrote. "Our office is concerned that providing access to such personal data to an offshore call center would compromise patient confidentiality." The proposed contract would be on top of an existing $28.2 million software deal signed between the hospital and Eclipsys in 2006. The new deal would have expanded the software technology to Long Island College Hospital, which has merged with SUNY Downstate Medical Center. SUNY Downstate Medical Center spokesman Ron Najman said "we intend to work closely with the controller's office to fully address their concerns and, most importantly, to ensure patient confidentiality." He added that the center's preference is to always use local resources. In her rejection letter, Breeyear notes that even though Allscripts had acknowledged the "sensitivity" of using international resources, it only promised to use North American help "where available." "We believe the first priority must be adequately addressing and resolving the risk of violating patient confidentiality." She said given the importance of the contract, DiNapoli's office is prepared to discuss alternative solutions to Continue Reading

Bronx hospital employee sold patient records to scammers who made purchases at high-end retailers: officials

Patient financial records at Montefiore Medical Center were sold for $3-a-pop by an assistant clerk who compromised more than 12,500 patients’ files, officials said Friday. Bronx hospital worker Monique Walker, 32, was the source of the stolen information between January and June 2013 and filtered it to others to make purchases at Barneys, Bergdorf Goodman, Macy’s and other high-end retailers in Manhattan, attempting to avoid detection by using store credit and gift cards. At least $50,000 in fraudulent purchases stemming from the breach at the Bronx hospital have been identified, but prosecutors are still investigating the scope of the crime. Walker fed the bargain-rate names, Social Security numbers, credit card information, birth dates and other information to ringleader Fernando Salazar, 28, the Manhattan District Attorney’s office said. The buyers swept up in the probe include Patricia Charles, 43, Lawrence Davenport-Brown, 23 and Charde Lawrence, 28, of Staten Island, Ashly Garrett, 25, of Queens, Sasha Rivera, 31, of Brooklyn, and Crystal White, 32, of the Bronx. They all face charges including grand larceny, possession of a forged instrument, identity theft, unlawful possession of personal identification information and related counts. Montefiore said it is notifying affected patients by letter. They are offering free identity protection services to those patients and are “fully cooperating” with law enforcement. “The employee was fired, arrested and is now being prosecuted for this crime,” spokeswoman Lisa MacKenzie said in a statement. Join the Conversation: Continue Reading