[BreachExchange] N.B. doctor fired for 'disturbing' snooping on files of 141 young women

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jul 14 20:25:17 EDT 2016


http://www.ctvnews.ca/canada/n-b-doctor-fired-for-disturbing-snooping-on-files-of-141-young-women-1.2987297

A Moncton, N.B., doctor who checked the medical files of more than 100
young women, including co-workers, waitresses and women he met at the gym
and bars, has been fired.

Dr. Fernando Rojas Lievano accessed 141 electronic patient files on 350
separate occasions -- all women, all between the ages of 13 and 39.

Dr. Ed Schollenberg, registrar of the College of Physicians and Surgeons of
New Brunswick, confirmed Thursday he received notice this week from the
local health authority that Rojas had been fired.

Schollenberg said there had been a "great deal of anxiety" among staff at
Moncton's Dr. Georges L. Dumont Hospital Centre about his potential return
to work. Rojas Lievano, 52, had been on various forms of leave since
shortly after the allegations came to light.

"They ... didn't want him to come back and they didn't want to work with
him," said Schollenberg.

Rojas admitted snooping on the women's files, according to a 2014 report by
the province's privacy commissioner, Anne Bertrand.

"He told (health authority) officials that he did not know who these women
were, except for those identified as co-workers and those he had worked
with or met in the Hospital in the past," Bertrand wrote.

"Dr. Rojas Lievano stated that he was looking at these patient files out of
personal interest and to find out their age. He admitted to having accessed
these files without the patients' consent or knowledge, and that he had no
professional reason to access their files."

Rojas Lievano, a Colombian-born radiation oncologist, had been suspended
for six months by both the local health authority and the provincial
licensing body, ending last Feb. 15, said Schollenberg. But Rojas Lievano
never returned to work after that suspension expired.

Jean-Rene Noel, communications director for the health agency, Vitalite
Health Network, would not confirm Rojas Lievano's status Thursday, only
confirming the agency's board of directors met on June 28.

He said measures have been taken to ensure such breaches do not happen
again, and acknowledged the toll the scandal has taken on the hospital.

"It was a difficult period for everyone, especially the people working in
the hospital," Noel said.

Schollenberg said that in many cases, Rojas Lievano learned nothing more
than a date of birth from the files, but other information was more
sensitive. He often returned to the same files more than once, according to
Bertrand's report.

Said Bertrand in her report: "In one case, Dr. Rojas Lievano accessed the
file of one single patient 27 times, namely accessing the same patient
record 6 times in the fall of 2010, 14 times in 2011, and 7 times in 2012."

Rojas Lievano met with senior officials in March 2013 to discuss about a
dozen breaches that came to light during a random audit, Bertrand said. Her
report said he was unable to explain himself, and acknowledged his actions
were "stupid."

"He stated he made a mistake," wrote Bertrand.

At least some of the women weren't notified until a year after the breaches
came to light, and some wondered about their personal safety, said Bertrand.

"The women patients who knew him or had interactions with him stated they
found his actions disturbing, but by the same token, they did not believe
he had bad intentions or wanted to cause them harm. Of those who did not
know him or had ever interacted with Dr. Rojas Lievano, they found the
accesses to their patient file also disturbing, a few wondered if they
should be worried for their safety, and some wondered if he was selling
their information such as to pharmaceutical companies."

Schollenberg said Rojas Lievano still has a licence to practice as a
hospital specialist, but cannot work unless a hospital is willing to employ
him.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160714/28bc3e49/attachment.html>


More information about the BreachExchange mailing list