Loss of Patient Information at University Hospital Reveals Risk of Acquiring Physician Practices

A picture is worth a thousand words, the saying goes. So it was no surprise that a University of Florida-Jacksonville plastic surgeon saved digital images of his patients. The problem was that the photographs were unsecured and stored on a computer, in violation of UF's privacy and security policies.

If that wasn't bad enough, the surgeon, who treated patients at Shands Jacksonville Medical Center, admitted that he gave the computer away. Although he was able to get it back, most of the data were lost when the operating system was nuked — not the correct way to dispose of protected health information (PHI), according to UF.

Lesson learned for compliance officials: The fact that UF had purchased the plastic surgeon's practice, including all his computer equipment that he personally acquired prior to joining UF, may have led to a mindset that the personal computer (PC) in question was still technically "his." Such physicians may also be more resistant to following your rules because they were formerly in private practice and are used to doing things their own ways.

UF made no attempt to hide the incident, which led to the plastic surgeon's resignation. On May 19, UF notified nearly 2,000 of his patients, issued a press release and posted a statement on its Web site describing what happened. It also made its privacy officer, David Behinfar, available to reporters to answer questions.