top of page
Last month, Magistrate Judge Eric Long issued a decision, Cook v. U.S. Dep't of Veteran Affairs, No. 19-2119, 2020 U.S. Dist. LEXIS 231763 (C.D. Ill. Nov. 12, 2020), affirming a decision by a disciplinary board of the Department of Veteran Affairs to remove Cook from federal employment. Cook was employed as a physician, and the reasons for his dismissal included using Facebook Messenger to consult a patient about her ailments and send her information about her prescriptions. Cook also had sexual intercourse with the patient. Departmental rules require that encryption products be used to provide access to sensitive information. The rules required Cook to only post "sensitive information to web-based collaboration tools restricted to those who have a need-to-know and when proper safeguards are in place for sensitive information." Id. at *15 (citing R. 307).
One of the reasons why Cook requested that his dismissal be reversed was that the board's findings were not supported by substantial evidence. His bases for this assertion included the fact that he did not initiate the contact with the patient through Facebook. Judge Long concluded that, "Cook implicitly encouraged Patient A to contact him through Facebook because he continued to offer medical advice and refill prescriptions through Facebook from October 2017 until May 2018. " Id. at *16. The fact that Facebook was not an encryption application approved by the Department of Veterans Affairs and Cook's failure to take measures to safeguard the patient's information constituted substantial evidence to support his dismissal.
You have to wonder if the Court would have ruled differently if Cook had enabled end-to-end encryption - a feature which is available for Facebook Messenger.
Health Information Technology for Economic and Clinical Health Act 42 U.S.C. §§300jj, et seq. (2009), the HITECH Act, was passed to encourage the use of health information technology.
Under the Act, healthcare organizations covered by HIPAA have to report data breaches which concern more than 500 people to the Department of Health and Human Services and the victims of the breach themselves, as well as give public notice of the breaches.
The Act also gives an individual the right to request a copy of their electronic health records (EHR).
bottom of page