HIPAA Laptop Encryption: Gig Harbor Psychologist Must Undergo Mental Health Evalation Over Suspended License.
One of the most bizarre data breach stories I’ve heard over the years has reared its head again. According to thenewstribune.com, disgraced psychologist Dr. Sunil Kakar will have to undergo a mental health evaluation if he wants to resume practice of his trade. If you’ll recall, the entire calamity could have been easily prevented via the use of HIPAA-compliant laptop encryption.
As part of my research into the story, I’ve come across a number of facts that I hadn’t been privy to before.
Suspension and Mental Health Evaluation
When I originally covered the story, it was noted that the doctor had been suspended from practicing psychology because of the data breach. I found it hard to believe at first, but then it was noted how over 600 patients would have to be assigned to new therapists and restart their ordeal (and hence revisit all over again their agonizing ordeal). In light of this, it made sense to punish this doctor who allowed a prostitute to run away from his car with his laptop computer (Once more, I note how the use of PHI data encryption would have relegated this incident to a mere sexual peccadillo, which occurs quite often across the world).
However, it turns out that perhaps there is another reason why the doctor’s license was suspended. At the least, we know for a fact that it’s one of the reasons why it continues to be suspended:
The state said Kakar also remains suspended because he failed to take part in a required substance abuse monitoring program ordered after an April 2011 incident for which he was charged with unprofessional conduct. [thenewstribune.com]
I’ve heard from personal friends that medical doctors can automatically lose their licenses for DUI/DWI charges; at minimum, they face severe disciplinary actions. I’ve never looked into it, but if this is true, then it makes it harder to understand how Dr. Kakar even has the option of having his license reinstated.
Especially after I found out the below.
Laptop with PHI was Used as Temporary Payment
According to the dailymail.co.uk, the doctor had made it easy for his lady companion to take flight with the laptop full of patient data:
The allegations against Kakar stem from an incident that took place February 4 when the 46-year-old newly single doctor left his personal laptop with a hooker as collateral while he went to withdraw money from an ATM.
By the time Kakar returned to his car, both the woman and his laptop were gone.
I watch a lot of procedural TV dramas (and I’ve heard stories), and let me tell you, this is not something you do. You just don’t. Plus, what is this thing about “collateral”? This implies that she was free to take the laptop if, say, the doctor had run low on funds.
Does this sound like the actions of someone who’s concerned about his patients’ privacy?
Regulations Other than HIPAA
There’s also one thing of note in this story: HIPAA/HITECH has, as far as I can tell, had no direct bearing on this case. Yes, it was a HIPAA breach, and the Department of Health and Human Services has posted the case incident on their “Wall of Shame,” seeing how more than 500 people were affected.
However, one should note that all actions against the doctor, at least those that show up in the media, appear to have been brought forward at the state, not federal, level. One should remember that, while HIPAA is a very important regulation to comply with, laws also exist at the state level and these are a force to be dealt with as well.