in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

HIPAA Laptop Encryption: Gig Harbor Psychologist Must Undergo Mental Health Evalation Over Suspended License

One of the most bizarre data breach stories I've heard over the years has reared its head again.  According to thenewstribune.com, disgraced psychologist Dr. Sunil Kakar will have to undergo a mental health evaluation if he wants to resume practice of his trade.  If you'll recall, the entire calamity could have been easily prevented via the use of HIPAA-compliant laptop encryption.

As part of my research into the story, I've come across a number of facts that I hadn't been privy to before.

Suspension and Mental Health Evaluation

When I originally covered the story, it was noted that the doctor had been suspended from practicing psychology because of the data breach.  I found it hard to believe at first, but then it was noted how over 600 patients would have to be assigned to new therapists and restart their ordeal (and hence revisit all over again their agonizing ordeal).  In light of this, it made sense to punish this doctor who allowed a prostitute to run away from his car with his laptop computer (Once more, I note how the use of PHI data encryption would have relegated this incident to a mere sexual peccadillo, which occurs quite often across the world).

However, it turns out that perhaps there is another reason why the doctor's license was suspended.  At the least, we know for a fact that it's one of the reasons why it continues to be suspended:
The state said Kakar also remains suspended because he failed to take part in a required substance abuse monitoring program ordered after an April 2011 incident for which he was charged with unprofessional conduct. [thenewstribune.com]
I've heard from personal friends that medical doctors can automatically lose their licenses for DUI/DWI charges; at minimum, they face severe disciplinary actions.  I've never looked into it, but if this is true, then it makes it harder to understand how Dr. Kakar even has the option of having his license reinstated.

Especially after I found out the below.

Laptop with PHI was Used as Temporary Payment

According to the dailymail.co.uk, the doctor had made it easy for his lady companion to take flight with the laptop full of patient data:
The allegations against Kakar stem from an incident that took place February 4 when the 46-year-old newly single doctor left his personal laptop with a hooker as collateral while he went to withdraw money from an ATM.

By the time Kakar returned to his car, both the woman and his laptop were gone.
I watch a lot of procedural TV dramas (and I've heard stories), and let me tell you, this is not something you do.  You just don't.  Plus, what is this thing about "collateral"?  This implies that she was free to take the laptop if, say, the doctor had run low on funds.

Does this sound like the actions of someone who's concerned about his patients' privacy?

Regulations Other than HIPAA

There's also one thing of note in this story: HIPAA/HITECH has, as far as I can tell, had no direct bearing on this case.  Yes, it was a HIPAA breach, and the Department of Health and Human Services has posted the case incident on their "Wall of Shame," seeing how more than 500 people were affected.

However, one should note that all actions against the doctor, at least those that show up in the media, appear to have been brought forward at the state, not federal, level.  One should remember that, while HIPAA is a very important regulation to comply with, laws also exist at the state level and these are a force to be dealt with as well.
Related Articles and Sites:
http://www.thenewstribune.com/2014/03/25/3115925/gig-harbor-psychologist-suspended.html?sp=/99/296/
http://seattletimes.com/html/localnews/2022044490_lostlaptopxml.html
 
<Previous Next>

Email Encryption: Doing It The Right Way (And The Wrong Way)

Cost of a Data Breach: MCCCD Data Breach Could Cost Up To $17.1 Million

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.