top of page

Using Facebook to Transmit PHI Violates VA Rules

Last month, Magistrate Judge Eric Long issued a decision, Cook v. U.S. Dep't of Veteran Affairs, No. 19-2119, 2020 U.S. Dist. LEXIS 231763 (C.D. Ill. Nov. 12, 2020), affirming a decision by a disciplinary board of the Department of Veteran Affairs to remove Cook from federal employment. Cook was employed as a physician, and the reasons for his dismissal included using Facebook Messenger to consult a patient about her ailments and send her information about her prescriptions. Cook also had sexual intercourse with the patient. Departmental rules require that encryption products be used to provide access to sensitive information. The rules required Cook to only post "sensitive information to web-based collaboration tools restricted to those who have a need-to-know and when proper safeguards are in place for sensitive information." Id. at *15 (citing R. 307).

One of the reasons why Cook requested that his dismissal be reversed was that the board's findings were not supported by substantial evidence. His bases for this assertion included the fact that he did not initiate the contact with the patient through Facebook. Judge Long concluded that, "Cook implicitly encouraged Patient A to contact him through Facebook because he continued to offer medical advice and refill prescriptions through Facebook from October 2017 until May 2018. " Id. at *16. The fact that Facebook was not an encryption application approved by the Department of Veterans Affairs and Cook's failure to take measures to safeguard the patient's information constituted substantial evidence to support his dismissal.

You have to wonder if the Court would have ruled differently if Cook had enabled end-to-end encryption - a feature which is available for Facebook Messenger.


bottom of page