Something about the State of New Hampshire sometimes attracts odd adherents to the “Live Free or Die” philosophy of which the state is proud. In the recently filed case of Beatrice M. Heghmann v. Kathleen Sebelius, Secretary of Health and Human Services, Nancy-Ann Deparle, Director, White House Office of Health Reform, and Charlene Frizzera, Administrator, Centers for Medicare and Medicaid Services, 09 CV 5880, filed by Ms. Heghmann’s husband Robert Heghmann in the U.S. District Court for the Southern District of New York, the Heghmann’s inartfully cobble together a number of perceived grievances emanating from the American Recovery and Reinvestment Act of 2009, colloquially known as the Stimulus Act or ARRA depriving Ms. Heghmann and “all others similarly situated” from constitutional protections of privacy and from medical privacy and security protections under the Health Insurance Portability and Security Act of 1996 (“HIPAA”). This complaint seems more designed to attract attention and notoriety to the Heghmanns than any serious challenge to the implementation of the provisions of ARRA.
Two recent and unrelated cases this month involved the unlawful access to private medical records and the posting of them on the internet on MySpace in order to inflict pain in the prosecution of family feuds. Both feuds involved Asian families. In Hawaii, Rhonda Wong-Fernandez, a 22 year old mother of three small children, plead guilty to a felony charge of unauthorized use of a computer to access confidential records. Ms. Wong Fernandez was a friend of the victim’s sister in law who was feuding with the victim. She obtained access to the medical records of the victim who was suffering from HIV at the Straub clinic and published them three times on MySpace. At one time she stated that “I hope she dies.” The victim did die in April. Although the prosecutor requested a one month jail sentence, the judge disagreed and sentenced her to one year in jail, five years probation and 200 hours of community service. The judge ordered her taken into custody immediately and refused a request to defer the start of her sentence until she could provide for her 5 month old child.
The front page of the New York Times today carried a story by Pam Belluck on a hospital’s promotional webcast of Shila Renee Mullins’s brain surgery to extract a malignant tumor, which raised conflicting opinion is about the wisdom, benefit and ethics of the public dissemination of personal medical information, even if consensual, and the public access to dramatic interventional medical procedures. Some hospitals are featuring twittering during operations in order to apprise relatives and others of the progress of thee procedure in real time.
The growing interoperability between medical devices and electronic medical records gives rise to new opportunities in the transmittal and collection of vital medical data. New vulnerabilities arise as well. Last month, the Internet Storm Center sponsored by SANS (SysAdmin, Audit, Network, Security Institute) warned that the Conflicker worm had infected approximately ten million internet devices including MRIs. SANS is a cooperative research and education organization that since 1989 has specialized in information security technology training and awareness.
The Conflicker worm attacks holes in Windows OS with advanced malware techniques. It is the largest worm infection since the SQL Slammer worm. Many of the infected devices were not designed for internet connectivity. The efficacy of the infection repair is complicated by a FDA regulation which limits the ability to issue an internet “patch” for 90 days, and apparent triumph of law over common sense in crisis with a unique and unanticipated need.
Shortly before Christmas a Santa Clara County, California jury entered a $38 Million Dollar Judgment Against Pfizer, Inc. for allegedly stealing clinical data from the Ischemia Research and Education Foundation ("IREF"), concerning its acute arthritic pain drug, Bextra. Pfizer pulled Bextra from the market in 2005, followig concerns about its safety for heart patients. Not long ago Pfizer entered into a $900,000,000.00 product liability settlement for Bextra and for Cerebrex, both Cox 2 inhibitor drugs that raised safety concerns. IREF filed its suit in 2004, claiming that Pfizer obtained access to the clinical data developed by IREF after its negotiations with IREF collapsed through the device of a contract with an IREF employee and statistican, Ping Hsu.
IREF is a non-profit research organization founded by Dr. Dennis Mangano, PhD, M.D., in 1987.IREF has developed a substantial data base of clinical information through the cooperation and participation of over 300 research centers around the world in the twenty plus years of its existence. There was apparently some evidence presented to the jury that Pfizer and Mr. Hsu destroyed or otherwise attemped a coverup of the use of the IREF information. Pfizer asserts that it has been unjustly caught up in the dispute between Mr. Hsu and IREF and denies any theft of the IREF information. It will likely appeal.
Wilcox Memorial Hospital in Kauai, Hawaii announced last month that a relative of a patient arrived at Wilcox with a horse to cheer up a patient at the hospital. The visitors reached the lobby where the front desk personnel had retired for the evening. The relative and the horse called from the lobby to announce their arrival and intention to visit the patient. They boarded an elevator and proceeded to the 3rd floor where they were met with security. Security seems to be a problem at Wilcox at a number of different levels. Back in 2005, the hospital informed 120,000 past and current patients that their names, addresses, Social Security numbers and medical records had been placed on an USB Flash Drive and was missing.
