Indian Workers Threaten To Expose Confidential U.S. Medical Files
Workers in Bangalore, India, employed by Heartland Information Services, an Ohio medical transcription firm that handles patient records for several California hospitals, in October threatened to expose confidential information unless they received money from the company, San Francisco Chronicle columnist David Lazarus writes in his column. Heartland CEO Steven Mandell did not mention the incident, when he testified last month before California lawmakers about the industry's attempts to protect the privacy of outsourced data. The Medical Transcription Industry Alliance had asked Mandell to testify on the safety of outsourced information in front of California lawmakers at a March 9 privacy hearing. Sen. Liz Figueroa (D), who chaired the privacy hearing, said, "He lied to us. He could have said they had a situation just a few months earlier, and he didn't." Mandell said, "No one asked me about it. If anyone had asked me, I would have been more than willing to discuss it." On Thursday, he said that no patient files were ever at risk of being released and that the involved workers were identified and arrested by Indian police within 24 hours. According to a Nov. 6 internal company memo obtained by the Chronicle, the workers sent an anonymous e-mail to Heartland threatening to release patient records if their demands were not met, although the memo did not specify what the demands were. Mandell said one of workers wanted money, and another was unhappy with managers at the company. Mandell said that within hours of the e-mail, the company learned that a manager's office in Bangalore was broken into. Only training documents with medical procedure details were taken, not patient information, he said. After tracing the e-mail to a local Internet café and identifying which workers lived nearby, the company recovered the documents and Indian police arrested the workers. "No patient information was ever at risk. It was nothing more than disgruntled employees," Mandell said, adding, "This shows that the system works." Privacy advocates say such incidents indicate the potential danger of outsourcing information, Lazarus writes. The Heartland incident is "alarmingly similar" to an event last October, in which a Pakistani woman who was doing subcontracted transcription work for the University of California-San Francisco Medical Center threatened to post patient files online unless the university paid her money she said she was owed, Lazarus says. The woman included patient files with her e-mail, but withdrew her threat after another transcriptionist in UCSF's chain of subcontractors paid her (Lazarus, San Francisco Chronicle, 4/2).This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.