User login
Physicians don’t feel safe with some patients: Here’s how to reduce the danger
“I talked to him about whether he was okay seeing me and he said yes,” Dr. Cheng said. “But I remained vigilant and conscious of what the patient was doing the whole time so he couldn’t take advantage of the situation.”
Dr. Cheng never turned his back to the patient and even backed out of the exam room. That encounter passed without incident. However, a urologist Dr. Cheng knew from residency wasn’t so fortunate. Ronald Gilbert, MD, of Newport Beach, Calif., was shot and killed by a patient in his office. The patient blamed him for complications following prostate surgery 25 years earlier.
In 2022, a gunman in Tulsa, Okla., blamed his physician for pain from a recent back surgery and shot and killed him, another physician, and two others in a medical building before taking his own life.
Nearly 9 in 10 physicians reported in a recent Medscape poll that they had experienced one or more violent or potentially violent incidents in the past year. The most common patient behaviors were verbal abuse, getting angry and leaving, and behaving erratically.
About one in three respondents said that the patients threatened to harm them, and about one in five said that the patients became violent.
Experts say that many factors contribute to this potentially lethal situation: Health care services have become more impersonal, patients experience longer wait times, some abuse prescription drugs, mental health services are lacking, and security is poor or nonexistent at some health care facilities.
Violence against hospital workers has become so common that a bill was introduced in 2022 in Congress to better protect them. The Safety From Violence for Healthcare Employees Act includes stiffer penalties for acts involving the use of a dangerous weapon or committed during a public emergency and would also provide $25 million in grants to hospitals for programs aimed at reducing violent incidents in health care settings, including de-escalation training. The American Hospital Association and American College of Emergency Physicians support the bill, which is now before the House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security.
The worst day of their lives
“You have people who already are having the worst day of their lives and feeling on edge. If they already have a short fuse or substance abuse issues, that can translate into agitation, violence, or aggression,” said Scott Zeller, MD, vice president of acute psychiatry at Vituity, a physician-owned multispecialty group that operates in several states.
Health care workers in psychiatric and substance abuse hospitals were 10 times more likely to experience nonfatal injuries by others in 2018 than were health care workers in ambulatory settings, according to an April 2020 Bureau of Labor Statistics report. In addition, health care workers were five times more likely to suffer a workplace violence injury than were workers overall in 2018.
Psychiatrists who responded to the poll were the specialists most likely to report that they encountered violent patients and potentially violent patients. “Historically, inpatient psychiatry, which requires more acute care and monitoring, is considered the most dangerous profession outside of the police,” said Dr. Zeller.
Emergency physicians have reported an uptick in violence from patients; 85% said in a survey by ACEP in 2022 that they believed the rate of violence in emergency departments has increased over the past 5 years, whereas 45% indicated that it has greatly increased.
Some doctors have been threatened with violence or actually killed by family members. Alex Skog, MD, president-elect of ACEP’s Oregon chapter, told HealthCare Dive that “a patient’s family member with a gun holster on his hip threatened to kill me and kill my entire family after I told his father that he needed to be admitted because he had coronavirus.”
“I’ve been scared for my safety as well as the safety of my family,” Dr. Skog said. “That was just not something that we were seeing 3, 4, or 5 years ago.”
Many patients are already upset by the time they see doctors, according to the poll.
“The most common reason patients are upset is that they’re already in a lot of pain, which can be expressed as anger, hostility, or aggression. They’re very anxious and afraid of what’s happening and may be thinking about the worst-case scenario – that a bump or lump is cancer,” Dr. Zeller said.
Patients may also get upset if they disagree with their doctors’ diagnosis or treatment plan or the doctor refuses to prescribe them the drugs or tests they want.
“One doctor commented recently: ‘After over 30 years in this business, I can say patients are worse now than at any point in my career. Entitled, demanding, obnoxious. Any denial is met with outrage and indignity, whether it’s an opioid request or a demand for MRI of something because they ‘want to know.’ ”
An orthopedic surgeon in Indiana lost his life after he refused to prescribe opioids to a patient. Her angry husband shot and killed the doctor in the parking lot only 2 hours after confronting him in his office.
Decreased physician-patient trust
“When doctors experience something frightening, they become more apprehensive in the future. There’s no doubt that after the first violent experience, they think of things differently,” said Dr. Zeller.
More than half of the doctors who reported experiencing at least one violent or potentially violent incident in the poll said they trusted patients less.
This diminished trust can negatively impact the physician-patient relationship, said the authors of a recent Health Affairs article.
“The more patients harm their health care providers, intentionally or unintentionally, the more difficult it will be for those providers to trust them, leading to yet another unfortunate pattern: physicians pulling back on some of the behaviors thought to be most trust-building, for example, talking about their personal lives, building rapport, displaying compassion, or giving out their personal cell phone numbers,” the article stated.
What doctors can do
Most doctors who experienced a violent or potentially violent incident said they had tried to defuse the situation and that they succeeded at least some of the time, the poll results show.
One of the best ways to defuse a situation is to be empathetic and show the person that you’re on their side and not the enemy, said Dr. Cheng,.
“Rather than making general statements like ‘I understand that you’re upset,’ it’s better to be specific about the reason the person is upset. For example: ‘I understand that you’re upset that the pharmacy didn’t fill your prescription’ or ‘I understand how you’re feeling about Doctor So-and-so, who didn’t treat you right,’ ” Dr. Cheng stated.
Dr. Zeller urged physicians to talk to patients about why they’re upset and how they can help them. That approach worked with a patient who was having a psychotic episode.
“I told the staff, who wanted to forcibly restrain him and inject him with medication, that I would talk to him. I asked the patient, who was screaming ‘ya ya ya ya,’ whether he would take his medication if I gave it to him and he said yes. When he was calm, he explained that he was screaming to stop the voices telling him to kill his parents. He then got the help he needed,” said Dr. Zeller.
Dr. Cheng was trained in de-escalation techniques as an Orange County reserve deputy sheriff. He and Dr. Zeller recommended that physicians and staff receive training in how to spot potentially violent behavior and defuse these situations before they escalate.
Dr. Cheng suggests looking at the person’s body language for signs of increasing agitation or tension, such as clenched fists, tense posture, tight jaw, or fidgeting that may be accompanied by shouting and/or verbal abuse.
Physicians also need to consider where they are physically in relation to patients they see. “You don’t want to be too close to the patient or stand in front of them, which can be seen as confrontational. Instead, stand or sit off to the side, and never block the door if the patient’s upset,” said Dr. Cheng.
He recommended that physician practices prepare for violent incidents by developing detailed plans, including how and when to escape, how to protect patients, and how to cooperate with law enforcement.
“If a violent incident is inescapable, physicians and staff must be ready to fight back with whatever tools they have available, which may include fire extinguishers, chairs, or scalpels,” said Dr. Cheng.
A version of this article originally appeared on Medscape.com.
“I talked to him about whether he was okay seeing me and he said yes,” Dr. Cheng said. “But I remained vigilant and conscious of what the patient was doing the whole time so he couldn’t take advantage of the situation.”
Dr. Cheng never turned his back to the patient and even backed out of the exam room. That encounter passed without incident. However, a urologist Dr. Cheng knew from residency wasn’t so fortunate. Ronald Gilbert, MD, of Newport Beach, Calif., was shot and killed by a patient in his office. The patient blamed him for complications following prostate surgery 25 years earlier.
In 2022, a gunman in Tulsa, Okla., blamed his physician for pain from a recent back surgery and shot and killed him, another physician, and two others in a medical building before taking his own life.
Nearly 9 in 10 physicians reported in a recent Medscape poll that they had experienced one or more violent or potentially violent incidents in the past year. The most common patient behaviors were verbal abuse, getting angry and leaving, and behaving erratically.
About one in three respondents said that the patients threatened to harm them, and about one in five said that the patients became violent.
Experts say that many factors contribute to this potentially lethal situation: Health care services have become more impersonal, patients experience longer wait times, some abuse prescription drugs, mental health services are lacking, and security is poor or nonexistent at some health care facilities.
Violence against hospital workers has become so common that a bill was introduced in 2022 in Congress to better protect them. The Safety From Violence for Healthcare Employees Act includes stiffer penalties for acts involving the use of a dangerous weapon or committed during a public emergency and would also provide $25 million in grants to hospitals for programs aimed at reducing violent incidents in health care settings, including de-escalation training. The American Hospital Association and American College of Emergency Physicians support the bill, which is now before the House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security.
The worst day of their lives
“You have people who already are having the worst day of their lives and feeling on edge. If they already have a short fuse or substance abuse issues, that can translate into agitation, violence, or aggression,” said Scott Zeller, MD, vice president of acute psychiatry at Vituity, a physician-owned multispecialty group that operates in several states.
Health care workers in psychiatric and substance abuse hospitals were 10 times more likely to experience nonfatal injuries by others in 2018 than were health care workers in ambulatory settings, according to an April 2020 Bureau of Labor Statistics report. In addition, health care workers were five times more likely to suffer a workplace violence injury than were workers overall in 2018.
Psychiatrists who responded to the poll were the specialists most likely to report that they encountered violent patients and potentially violent patients. “Historically, inpatient psychiatry, which requires more acute care and monitoring, is considered the most dangerous profession outside of the police,” said Dr. Zeller.
Emergency physicians have reported an uptick in violence from patients; 85% said in a survey by ACEP in 2022 that they believed the rate of violence in emergency departments has increased over the past 5 years, whereas 45% indicated that it has greatly increased.
Some doctors have been threatened with violence or actually killed by family members. Alex Skog, MD, president-elect of ACEP’s Oregon chapter, told HealthCare Dive that “a patient’s family member with a gun holster on his hip threatened to kill me and kill my entire family after I told his father that he needed to be admitted because he had coronavirus.”
“I’ve been scared for my safety as well as the safety of my family,” Dr. Skog said. “That was just not something that we were seeing 3, 4, or 5 years ago.”
Many patients are already upset by the time they see doctors, according to the poll.
“The most common reason patients are upset is that they’re already in a lot of pain, which can be expressed as anger, hostility, or aggression. They’re very anxious and afraid of what’s happening and may be thinking about the worst-case scenario – that a bump or lump is cancer,” Dr. Zeller said.
Patients may also get upset if they disagree with their doctors’ diagnosis or treatment plan or the doctor refuses to prescribe them the drugs or tests they want.
“One doctor commented recently: ‘After over 30 years in this business, I can say patients are worse now than at any point in my career. Entitled, demanding, obnoxious. Any denial is met with outrage and indignity, whether it’s an opioid request or a demand for MRI of something because they ‘want to know.’ ”
An orthopedic surgeon in Indiana lost his life after he refused to prescribe opioids to a patient. Her angry husband shot and killed the doctor in the parking lot only 2 hours after confronting him in his office.
Decreased physician-patient trust
“When doctors experience something frightening, they become more apprehensive in the future. There’s no doubt that after the first violent experience, they think of things differently,” said Dr. Zeller.
More than half of the doctors who reported experiencing at least one violent or potentially violent incident in the poll said they trusted patients less.
This diminished trust can negatively impact the physician-patient relationship, said the authors of a recent Health Affairs article.
“The more patients harm their health care providers, intentionally or unintentionally, the more difficult it will be for those providers to trust them, leading to yet another unfortunate pattern: physicians pulling back on some of the behaviors thought to be most trust-building, for example, talking about their personal lives, building rapport, displaying compassion, or giving out their personal cell phone numbers,” the article stated.
What doctors can do
Most doctors who experienced a violent or potentially violent incident said they had tried to defuse the situation and that they succeeded at least some of the time, the poll results show.
One of the best ways to defuse a situation is to be empathetic and show the person that you’re on their side and not the enemy, said Dr. Cheng,.
“Rather than making general statements like ‘I understand that you’re upset,’ it’s better to be specific about the reason the person is upset. For example: ‘I understand that you’re upset that the pharmacy didn’t fill your prescription’ or ‘I understand how you’re feeling about Doctor So-and-so, who didn’t treat you right,’ ” Dr. Cheng stated.
Dr. Zeller urged physicians to talk to patients about why they’re upset and how they can help them. That approach worked with a patient who was having a psychotic episode.
“I told the staff, who wanted to forcibly restrain him and inject him with medication, that I would talk to him. I asked the patient, who was screaming ‘ya ya ya ya,’ whether he would take his medication if I gave it to him and he said yes. When he was calm, he explained that he was screaming to stop the voices telling him to kill his parents. He then got the help he needed,” said Dr. Zeller.
Dr. Cheng was trained in de-escalation techniques as an Orange County reserve deputy sheriff. He and Dr. Zeller recommended that physicians and staff receive training in how to spot potentially violent behavior and defuse these situations before they escalate.
Dr. Cheng suggests looking at the person’s body language for signs of increasing agitation or tension, such as clenched fists, tense posture, tight jaw, or fidgeting that may be accompanied by shouting and/or verbal abuse.
Physicians also need to consider where they are physically in relation to patients they see. “You don’t want to be too close to the patient or stand in front of them, which can be seen as confrontational. Instead, stand or sit off to the side, and never block the door if the patient’s upset,” said Dr. Cheng.
He recommended that physician practices prepare for violent incidents by developing detailed plans, including how and when to escape, how to protect patients, and how to cooperate with law enforcement.
“If a violent incident is inescapable, physicians and staff must be ready to fight back with whatever tools they have available, which may include fire extinguishers, chairs, or scalpels,” said Dr. Cheng.
A version of this article originally appeared on Medscape.com.
“I talked to him about whether he was okay seeing me and he said yes,” Dr. Cheng said. “But I remained vigilant and conscious of what the patient was doing the whole time so he couldn’t take advantage of the situation.”
Dr. Cheng never turned his back to the patient and even backed out of the exam room. That encounter passed without incident. However, a urologist Dr. Cheng knew from residency wasn’t so fortunate. Ronald Gilbert, MD, of Newport Beach, Calif., was shot and killed by a patient in his office. The patient blamed him for complications following prostate surgery 25 years earlier.
In 2022, a gunman in Tulsa, Okla., blamed his physician for pain from a recent back surgery and shot and killed him, another physician, and two others in a medical building before taking his own life.
Nearly 9 in 10 physicians reported in a recent Medscape poll that they had experienced one or more violent or potentially violent incidents in the past year. The most common patient behaviors were verbal abuse, getting angry and leaving, and behaving erratically.
About one in three respondents said that the patients threatened to harm them, and about one in five said that the patients became violent.
Experts say that many factors contribute to this potentially lethal situation: Health care services have become more impersonal, patients experience longer wait times, some abuse prescription drugs, mental health services are lacking, and security is poor or nonexistent at some health care facilities.
Violence against hospital workers has become so common that a bill was introduced in 2022 in Congress to better protect them. The Safety From Violence for Healthcare Employees Act includes stiffer penalties for acts involving the use of a dangerous weapon or committed during a public emergency and would also provide $25 million in grants to hospitals for programs aimed at reducing violent incidents in health care settings, including de-escalation training. The American Hospital Association and American College of Emergency Physicians support the bill, which is now before the House Judiciary Subcommittee on Crime, Terrorism, and Homeland Security.
The worst day of their lives
“You have people who already are having the worst day of their lives and feeling on edge. If they already have a short fuse or substance abuse issues, that can translate into agitation, violence, or aggression,” said Scott Zeller, MD, vice president of acute psychiatry at Vituity, a physician-owned multispecialty group that operates in several states.
Health care workers in psychiatric and substance abuse hospitals were 10 times more likely to experience nonfatal injuries by others in 2018 than were health care workers in ambulatory settings, according to an April 2020 Bureau of Labor Statistics report. In addition, health care workers were five times more likely to suffer a workplace violence injury than were workers overall in 2018.
Psychiatrists who responded to the poll were the specialists most likely to report that they encountered violent patients and potentially violent patients. “Historically, inpatient psychiatry, which requires more acute care and monitoring, is considered the most dangerous profession outside of the police,” said Dr. Zeller.
Emergency physicians have reported an uptick in violence from patients; 85% said in a survey by ACEP in 2022 that they believed the rate of violence in emergency departments has increased over the past 5 years, whereas 45% indicated that it has greatly increased.
Some doctors have been threatened with violence or actually killed by family members. Alex Skog, MD, president-elect of ACEP’s Oregon chapter, told HealthCare Dive that “a patient’s family member with a gun holster on his hip threatened to kill me and kill my entire family after I told his father that he needed to be admitted because he had coronavirus.”
“I’ve been scared for my safety as well as the safety of my family,” Dr. Skog said. “That was just not something that we were seeing 3, 4, or 5 years ago.”
Many patients are already upset by the time they see doctors, according to the poll.
“The most common reason patients are upset is that they’re already in a lot of pain, which can be expressed as anger, hostility, or aggression. They’re very anxious and afraid of what’s happening and may be thinking about the worst-case scenario – that a bump or lump is cancer,” Dr. Zeller said.
Patients may also get upset if they disagree with their doctors’ diagnosis or treatment plan or the doctor refuses to prescribe them the drugs or tests they want.
“One doctor commented recently: ‘After over 30 years in this business, I can say patients are worse now than at any point in my career. Entitled, demanding, obnoxious. Any denial is met with outrage and indignity, whether it’s an opioid request or a demand for MRI of something because they ‘want to know.’ ”
An orthopedic surgeon in Indiana lost his life after he refused to prescribe opioids to a patient. Her angry husband shot and killed the doctor in the parking lot only 2 hours after confronting him in his office.
Decreased physician-patient trust
“When doctors experience something frightening, they become more apprehensive in the future. There’s no doubt that after the first violent experience, they think of things differently,” said Dr. Zeller.
More than half of the doctors who reported experiencing at least one violent or potentially violent incident in the poll said they trusted patients less.
This diminished trust can negatively impact the physician-patient relationship, said the authors of a recent Health Affairs article.
“The more patients harm their health care providers, intentionally or unintentionally, the more difficult it will be for those providers to trust them, leading to yet another unfortunate pattern: physicians pulling back on some of the behaviors thought to be most trust-building, for example, talking about their personal lives, building rapport, displaying compassion, or giving out their personal cell phone numbers,” the article stated.
What doctors can do
Most doctors who experienced a violent or potentially violent incident said they had tried to defuse the situation and that they succeeded at least some of the time, the poll results show.
One of the best ways to defuse a situation is to be empathetic and show the person that you’re on their side and not the enemy, said Dr. Cheng,.
“Rather than making general statements like ‘I understand that you’re upset,’ it’s better to be specific about the reason the person is upset. For example: ‘I understand that you’re upset that the pharmacy didn’t fill your prescription’ or ‘I understand how you’re feeling about Doctor So-and-so, who didn’t treat you right,’ ” Dr. Cheng stated.
Dr. Zeller urged physicians to talk to patients about why they’re upset and how they can help them. That approach worked with a patient who was having a psychotic episode.
“I told the staff, who wanted to forcibly restrain him and inject him with medication, that I would talk to him. I asked the patient, who was screaming ‘ya ya ya ya,’ whether he would take his medication if I gave it to him and he said yes. When he was calm, he explained that he was screaming to stop the voices telling him to kill his parents. He then got the help he needed,” said Dr. Zeller.
Dr. Cheng was trained in de-escalation techniques as an Orange County reserve deputy sheriff. He and Dr. Zeller recommended that physicians and staff receive training in how to spot potentially violent behavior and defuse these situations before they escalate.
Dr. Cheng suggests looking at the person’s body language for signs of increasing agitation or tension, such as clenched fists, tense posture, tight jaw, or fidgeting that may be accompanied by shouting and/or verbal abuse.
Physicians also need to consider where they are physically in relation to patients they see. “You don’t want to be too close to the patient or stand in front of them, which can be seen as confrontational. Instead, stand or sit off to the side, and never block the door if the patient’s upset,” said Dr. Cheng.
He recommended that physician practices prepare for violent incidents by developing detailed plans, including how and when to escape, how to protect patients, and how to cooperate with law enforcement.
“If a violent incident is inescapable, physicians and staff must be ready to fight back with whatever tools they have available, which may include fire extinguishers, chairs, or scalpels,” said Dr. Cheng.
A version of this article originally appeared on Medscape.com.
States cracking down harder on docs who sexually abuse patients
It’s the latest example of states taking doctor sexual misconduct more seriously after longstanding criticism that medical boards have been too lenient.
The law, which takes effect in January 2023, requires the state’s medical board to permanently revoke these doctors’ licenses instead of allowing them to petition the board for reinstatement after 3 years.
“Physician licenses should not be reinstated after egregious sexual misconduct with patients. The doctor-patient relationship has to remain sacrosanct and trusted,” said Peter Yellowlees, MD, a professor of psychiatry at the University of California, Davis.
Although the vast majority of the nation’s estimated 1 million doctors don’t sexually abuse patients, the problem is a national one.
The Federation of State Medical Boards defines sexual misconduct as the exploitation of the physician-patient relationship in a sexual way. The exploitation may be verbal or physical and can occur in person or virtually.
The FSMB conducted a 2-year review of how medical boards handled cases of sexual misconduct, issuing a report in 2020 that contained 38 recommended actions.
Four states in addition to California have enacted laws that incorporate some FSMB recommendations. These include revoking doctors’ licenses after a single egregious act of sexual misconduct (including sexual assault), regardless of whether the physician was charged or convicted; increased reporting by hospitals and doctors of sexual misconduct; and training of physicians to recognize and report sexual misconduct.
The four state laws are:
- Georgia’s HB 458. It was signed into law in May 2021, and it authorizes the medical board to revoke or suspend a license if a physician is found guilty of sexually assaulting a patient in a criminal case. Doctors are required to report other doctors who have sexually abused patients and to take continuing medical education (CME) units on sexual misconduct.
- Florida’s SB 1934. This legislation was signed into law in June 2021, and it bars physicians charged with serious crimes such as sexual assault, sexual misconduct against patients, or possession of child pornography from seeing patients until those charges are resolved by the legal system.
- West Virginia’s SB 603. Signed into law in March 2022 it prohibits the medical board from issuing a license to a physician who engaged in sexual activity or misconduct with a patient whose license was revoked in another state or was involved in other violations.
- Tennessee HB 1045. It was signed into law in May 2021, and authorizes the medical board, upon learning of an indictment against a physician for a controlled substance violation or sexual offense, to immediately suspend the doctor’s ability to prescribe controlled substances until the doctor’s case is resolved.
A published study identified a total of 1,721 reports of physician sexual misconduct that were submitted to the National Practitioner Data Bank between 2000 and 2019. The annual incidence of sexual misconduct reports averaged 10.8 per 100,000 U.S. physician licensees, said the researchers.
In a groundbreaking 2016 investigation, the Atlanta Journal-Constitution reviewed thousands of documents and found more than 2,400 doctors whose sexual misconduct cases clearly involved patients since 1999.
Physician sexual misconduct is likely underreported
The actual incidence of physician-patient sexual misconduct is likely higher as a result of underreporting, according to the researchers.
Because a substantial power differential exists between patients and their physicians, the researchers noted, it follows that patient victims, like other sexual assault victims, may be unwilling or unable to report the incident in question.
Many violations involving physician sexual misconduct of patients never came to the attention of state regulators, according to the Journal-Constitution investigation. Reporting showed that hospitals, clinics, and fellow doctors fail to report sexual misconduct to regulators, despite laws in most states requiring them to do so.
Media investigations highlight medical board shortcomings
Public pressure on the California Medical Board increased after the Los Angeles Times investigated what happened to doctors who surrendered or had their licenses revoked after being reported for sexual abuse with patients. The Times revealed in 2021 that the board reinstated 10 of 17 doctors who petitioned for reinstatement.
They include Esmail Nadjmabadi, MD, of Bakersfield, Calif., who had sexually abused six female patients, including one in her mid-teens. The Times reported that, in 2009, he pleaded no contest to a criminal charge that he sexually exploited two or more women and surrendered his medical license the following year.
Five years later, Dr. Nadjmabadi petitioned the medical board to be reinstated and the board approved his request.
The California board has also reinstated several doctors who underwent sex offender rehabilitation. Board members rely heavily on a doctor’s evidence of rehabilitation, usually with the testimony of therapists hired by the doctor, and no input from the patients who were harmed, according to the Times’ investigation.
High-profile sexual misconduct or abuse cases involving Larry Nassar, MD, and Robert Anderson, MD, in Michigan; Richard Strauss, MD, in Ohio; and Ricardo Cruciani, MD, in New York, added to the mounting criticism that medical boards were too lenient in their handling of complaints of sexual misconduct.
Another state tackles sexual misconduct
Ohio’s medical board created an administrative rule stating that licensed physicians have a legal and ethical duty to report colleagues for sexual misconduct with patients and to complete a 1-hour CME training. Failure to report sexual misconduct complaints can lead to a doctor being permanently stripped of his license.
This happened to Robert S. Geiger, MD, in 2016 after not reporting his colleague James Bressi, MD, to the medical board after receiving complaints that Dr. Bressi was sexually abusing female patients at their pain clinic.
Dr. Bressi was convicted of sexual misconduct with a patient, stripped of his medical license, and sentenced to 59 days in prison.
“I think all of these reforms are a step in the right direction and will help to deter doctors from committing sexual misconduct to some extent,” said California activist Marian Hollingsworth, cofounder of the Patient Safety League.
But there’s room for improvement, she said, since “most states fall short in not requiring medical boards to notify law enforcement when they get a complaint of doctor sexual misconduct so the public can be aware of it.”
A version of this article first appeared on Medscape.com.
It’s the latest example of states taking doctor sexual misconduct more seriously after longstanding criticism that medical boards have been too lenient.
The law, which takes effect in January 2023, requires the state’s medical board to permanently revoke these doctors’ licenses instead of allowing them to petition the board for reinstatement after 3 years.
“Physician licenses should not be reinstated after egregious sexual misconduct with patients. The doctor-patient relationship has to remain sacrosanct and trusted,” said Peter Yellowlees, MD, a professor of psychiatry at the University of California, Davis.
Although the vast majority of the nation’s estimated 1 million doctors don’t sexually abuse patients, the problem is a national one.
The Federation of State Medical Boards defines sexual misconduct as the exploitation of the physician-patient relationship in a sexual way. The exploitation may be verbal or physical and can occur in person or virtually.
The FSMB conducted a 2-year review of how medical boards handled cases of sexual misconduct, issuing a report in 2020 that contained 38 recommended actions.
Four states in addition to California have enacted laws that incorporate some FSMB recommendations. These include revoking doctors’ licenses after a single egregious act of sexual misconduct (including sexual assault), regardless of whether the physician was charged or convicted; increased reporting by hospitals and doctors of sexual misconduct; and training of physicians to recognize and report sexual misconduct.
The four state laws are:
- Georgia’s HB 458. It was signed into law in May 2021, and it authorizes the medical board to revoke or suspend a license if a physician is found guilty of sexually assaulting a patient in a criminal case. Doctors are required to report other doctors who have sexually abused patients and to take continuing medical education (CME) units on sexual misconduct.
- Florida’s SB 1934. This legislation was signed into law in June 2021, and it bars physicians charged with serious crimes such as sexual assault, sexual misconduct against patients, or possession of child pornography from seeing patients until those charges are resolved by the legal system.
- West Virginia’s SB 603. Signed into law in March 2022 it prohibits the medical board from issuing a license to a physician who engaged in sexual activity or misconduct with a patient whose license was revoked in another state or was involved in other violations.
- Tennessee HB 1045. It was signed into law in May 2021, and authorizes the medical board, upon learning of an indictment against a physician for a controlled substance violation or sexual offense, to immediately suspend the doctor’s ability to prescribe controlled substances until the doctor’s case is resolved.
A published study identified a total of 1,721 reports of physician sexual misconduct that were submitted to the National Practitioner Data Bank between 2000 and 2019. The annual incidence of sexual misconduct reports averaged 10.8 per 100,000 U.S. physician licensees, said the researchers.
In a groundbreaking 2016 investigation, the Atlanta Journal-Constitution reviewed thousands of documents and found more than 2,400 doctors whose sexual misconduct cases clearly involved patients since 1999.
Physician sexual misconduct is likely underreported
The actual incidence of physician-patient sexual misconduct is likely higher as a result of underreporting, according to the researchers.
Because a substantial power differential exists between patients and their physicians, the researchers noted, it follows that patient victims, like other sexual assault victims, may be unwilling or unable to report the incident in question.
Many violations involving physician sexual misconduct of patients never came to the attention of state regulators, according to the Journal-Constitution investigation. Reporting showed that hospitals, clinics, and fellow doctors fail to report sexual misconduct to regulators, despite laws in most states requiring them to do so.
Media investigations highlight medical board shortcomings
Public pressure on the California Medical Board increased after the Los Angeles Times investigated what happened to doctors who surrendered or had their licenses revoked after being reported for sexual abuse with patients. The Times revealed in 2021 that the board reinstated 10 of 17 doctors who petitioned for reinstatement.
They include Esmail Nadjmabadi, MD, of Bakersfield, Calif., who had sexually abused six female patients, including one in her mid-teens. The Times reported that, in 2009, he pleaded no contest to a criminal charge that he sexually exploited two or more women and surrendered his medical license the following year.
Five years later, Dr. Nadjmabadi petitioned the medical board to be reinstated and the board approved his request.
The California board has also reinstated several doctors who underwent sex offender rehabilitation. Board members rely heavily on a doctor’s evidence of rehabilitation, usually with the testimony of therapists hired by the doctor, and no input from the patients who were harmed, according to the Times’ investigation.
High-profile sexual misconduct or abuse cases involving Larry Nassar, MD, and Robert Anderson, MD, in Michigan; Richard Strauss, MD, in Ohio; and Ricardo Cruciani, MD, in New York, added to the mounting criticism that medical boards were too lenient in their handling of complaints of sexual misconduct.
Another state tackles sexual misconduct
Ohio’s medical board created an administrative rule stating that licensed physicians have a legal and ethical duty to report colleagues for sexual misconduct with patients and to complete a 1-hour CME training. Failure to report sexual misconduct complaints can lead to a doctor being permanently stripped of his license.
This happened to Robert S. Geiger, MD, in 2016 after not reporting his colleague James Bressi, MD, to the medical board after receiving complaints that Dr. Bressi was sexually abusing female patients at their pain clinic.
Dr. Bressi was convicted of sexual misconduct with a patient, stripped of his medical license, and sentenced to 59 days in prison.
“I think all of these reforms are a step in the right direction and will help to deter doctors from committing sexual misconduct to some extent,” said California activist Marian Hollingsworth, cofounder of the Patient Safety League.
But there’s room for improvement, she said, since “most states fall short in not requiring medical boards to notify law enforcement when they get a complaint of doctor sexual misconduct so the public can be aware of it.”
A version of this article first appeared on Medscape.com.
It’s the latest example of states taking doctor sexual misconduct more seriously after longstanding criticism that medical boards have been too lenient.
The law, which takes effect in January 2023, requires the state’s medical board to permanently revoke these doctors’ licenses instead of allowing them to petition the board for reinstatement after 3 years.
“Physician licenses should not be reinstated after egregious sexual misconduct with patients. The doctor-patient relationship has to remain sacrosanct and trusted,” said Peter Yellowlees, MD, a professor of psychiatry at the University of California, Davis.
Although the vast majority of the nation’s estimated 1 million doctors don’t sexually abuse patients, the problem is a national one.
The Federation of State Medical Boards defines sexual misconduct as the exploitation of the physician-patient relationship in a sexual way. The exploitation may be verbal or physical and can occur in person or virtually.
The FSMB conducted a 2-year review of how medical boards handled cases of sexual misconduct, issuing a report in 2020 that contained 38 recommended actions.
Four states in addition to California have enacted laws that incorporate some FSMB recommendations. These include revoking doctors’ licenses after a single egregious act of sexual misconduct (including sexual assault), regardless of whether the physician was charged or convicted; increased reporting by hospitals and doctors of sexual misconduct; and training of physicians to recognize and report sexual misconduct.
The four state laws are:
- Georgia’s HB 458. It was signed into law in May 2021, and it authorizes the medical board to revoke or suspend a license if a physician is found guilty of sexually assaulting a patient in a criminal case. Doctors are required to report other doctors who have sexually abused patients and to take continuing medical education (CME) units on sexual misconduct.
- Florida’s SB 1934. This legislation was signed into law in June 2021, and it bars physicians charged with serious crimes such as sexual assault, sexual misconduct against patients, or possession of child pornography from seeing patients until those charges are resolved by the legal system.
- West Virginia’s SB 603. Signed into law in March 2022 it prohibits the medical board from issuing a license to a physician who engaged in sexual activity or misconduct with a patient whose license was revoked in another state or was involved in other violations.
- Tennessee HB 1045. It was signed into law in May 2021, and authorizes the medical board, upon learning of an indictment against a physician for a controlled substance violation or sexual offense, to immediately suspend the doctor’s ability to prescribe controlled substances until the doctor’s case is resolved.
A published study identified a total of 1,721 reports of physician sexual misconduct that were submitted to the National Practitioner Data Bank between 2000 and 2019. The annual incidence of sexual misconduct reports averaged 10.8 per 100,000 U.S. physician licensees, said the researchers.
In a groundbreaking 2016 investigation, the Atlanta Journal-Constitution reviewed thousands of documents and found more than 2,400 doctors whose sexual misconduct cases clearly involved patients since 1999.
Physician sexual misconduct is likely underreported
The actual incidence of physician-patient sexual misconduct is likely higher as a result of underreporting, according to the researchers.
Because a substantial power differential exists between patients and their physicians, the researchers noted, it follows that patient victims, like other sexual assault victims, may be unwilling or unable to report the incident in question.
Many violations involving physician sexual misconduct of patients never came to the attention of state regulators, according to the Journal-Constitution investigation. Reporting showed that hospitals, clinics, and fellow doctors fail to report sexual misconduct to regulators, despite laws in most states requiring them to do so.
Media investigations highlight medical board shortcomings
Public pressure on the California Medical Board increased after the Los Angeles Times investigated what happened to doctors who surrendered or had their licenses revoked after being reported for sexual abuse with patients. The Times revealed in 2021 that the board reinstated 10 of 17 doctors who petitioned for reinstatement.
They include Esmail Nadjmabadi, MD, of Bakersfield, Calif., who had sexually abused six female patients, including one in her mid-teens. The Times reported that, in 2009, he pleaded no contest to a criminal charge that he sexually exploited two or more women and surrendered his medical license the following year.
Five years later, Dr. Nadjmabadi petitioned the medical board to be reinstated and the board approved his request.
The California board has also reinstated several doctors who underwent sex offender rehabilitation. Board members rely heavily on a doctor’s evidence of rehabilitation, usually with the testimony of therapists hired by the doctor, and no input from the patients who were harmed, according to the Times’ investigation.
High-profile sexual misconduct or abuse cases involving Larry Nassar, MD, and Robert Anderson, MD, in Michigan; Richard Strauss, MD, in Ohio; and Ricardo Cruciani, MD, in New York, added to the mounting criticism that medical boards were too lenient in their handling of complaints of sexual misconduct.
Another state tackles sexual misconduct
Ohio’s medical board created an administrative rule stating that licensed physicians have a legal and ethical duty to report colleagues for sexual misconduct with patients and to complete a 1-hour CME training. Failure to report sexual misconduct complaints can lead to a doctor being permanently stripped of his license.
This happened to Robert S. Geiger, MD, in 2016 after not reporting his colleague James Bressi, MD, to the medical board after receiving complaints that Dr. Bressi was sexually abusing female patients at their pain clinic.
Dr. Bressi was convicted of sexual misconduct with a patient, stripped of his medical license, and sentenced to 59 days in prison.
“I think all of these reforms are a step in the right direction and will help to deter doctors from committing sexual misconduct to some extent,” said California activist Marian Hollingsworth, cofounder of the Patient Safety League.
But there’s room for improvement, she said, since “most states fall short in not requiring medical boards to notify law enforcement when they get a complaint of doctor sexual misconduct so the public can be aware of it.”
A version of this article first appeared on Medscape.com.
Florida doc dies by suicide after allegedly drugging and raping patients
according to a police statement.
A week later, a Collier County Sheriff’s deputy found Dr. Salata’s body near his Naples home with a gunshot wound to the head, according to police. The medical examiner later ruled it a suicide.
Dr. Salata co-owned Pura Vida Medical Spa in Naples with his wife Jill Salata, a certified family nurse practitioner. They specialized in cosmetic treatment and surgery.
Naples police said that they arrested Dr. Salata after two female patients accused the doctor of allegedly drugging and raping them while they were still unconscious.
Both victims described being given nitrous oxide, also called laughing gas, for sedation and pain from the cosmetic procedure. The first victim, age 51, said Dr. Salata prescribed alprazolam (Xanax) to take before the procedure and then also gave her nitrous oxide and tequila, causing her to black out, according to NBC2 News.
The second victim, age 72, told police that as the nitrous oxide was wearing off, she found Dr. Salata performing sexual intercourse. The victim felt shocked after the sedation subsided about what had taken place, contacted police, and submitted to a sexual assault examination, according to the police statement.
At Dr. Salata’s November 22 hearing before Judge Michael Provost, a prosecutor asked the judge whether Dr. Salata should surrender his firearms; Provost reportedly dismissed the idea.
“It is disappointing and frustrating that Dr. Salata has escaped justice,” said one victim’s attorney, Adam Horowitz, in a blog post. “Yet, we are relieved that no other women will be assaulted by Dr. Salata again. It took tremendous courage for my client to tell her truth. She was ready to hold him accountable in court.”
Horowitz says he plans to file a civil lawsuit on behalf of his client against Dr. Salata’s estate. The Naples police are continuing their investigation into the victims’ cases, which now includes a third woman, said spokesman Lt. Bryan McGinn.
Meanwhile, the Pura Vida Medical Spa has closed permanently and its website has been deleted. One reviewer named Soul F. wrote on the spa’s Yelp page: “And now may God have mercy on this rapist’s soul. Amen.”
A version of this article first appeared on Medscape.com.
according to a police statement.
A week later, a Collier County Sheriff’s deputy found Dr. Salata’s body near his Naples home with a gunshot wound to the head, according to police. The medical examiner later ruled it a suicide.
Dr. Salata co-owned Pura Vida Medical Spa in Naples with his wife Jill Salata, a certified family nurse practitioner. They specialized in cosmetic treatment and surgery.
Naples police said that they arrested Dr. Salata after two female patients accused the doctor of allegedly drugging and raping them while they were still unconscious.
Both victims described being given nitrous oxide, also called laughing gas, for sedation and pain from the cosmetic procedure. The first victim, age 51, said Dr. Salata prescribed alprazolam (Xanax) to take before the procedure and then also gave her nitrous oxide and tequila, causing her to black out, according to NBC2 News.
The second victim, age 72, told police that as the nitrous oxide was wearing off, she found Dr. Salata performing sexual intercourse. The victim felt shocked after the sedation subsided about what had taken place, contacted police, and submitted to a sexual assault examination, according to the police statement.
At Dr. Salata’s November 22 hearing before Judge Michael Provost, a prosecutor asked the judge whether Dr. Salata should surrender his firearms; Provost reportedly dismissed the idea.
“It is disappointing and frustrating that Dr. Salata has escaped justice,” said one victim’s attorney, Adam Horowitz, in a blog post. “Yet, we are relieved that no other women will be assaulted by Dr. Salata again. It took tremendous courage for my client to tell her truth. She was ready to hold him accountable in court.”
Horowitz says he plans to file a civil lawsuit on behalf of his client against Dr. Salata’s estate. The Naples police are continuing their investigation into the victims’ cases, which now includes a third woman, said spokesman Lt. Bryan McGinn.
Meanwhile, the Pura Vida Medical Spa has closed permanently and its website has been deleted. One reviewer named Soul F. wrote on the spa’s Yelp page: “And now may God have mercy on this rapist’s soul. Amen.”
A version of this article first appeared on Medscape.com.
according to a police statement.
A week later, a Collier County Sheriff’s deputy found Dr. Salata’s body near his Naples home with a gunshot wound to the head, according to police. The medical examiner later ruled it a suicide.
Dr. Salata co-owned Pura Vida Medical Spa in Naples with his wife Jill Salata, a certified family nurse practitioner. They specialized in cosmetic treatment and surgery.
Naples police said that they arrested Dr. Salata after two female patients accused the doctor of allegedly drugging and raping them while they were still unconscious.
Both victims described being given nitrous oxide, also called laughing gas, for sedation and pain from the cosmetic procedure. The first victim, age 51, said Dr. Salata prescribed alprazolam (Xanax) to take before the procedure and then also gave her nitrous oxide and tequila, causing her to black out, according to NBC2 News.
The second victim, age 72, told police that as the nitrous oxide was wearing off, she found Dr. Salata performing sexual intercourse. The victim felt shocked after the sedation subsided about what had taken place, contacted police, and submitted to a sexual assault examination, according to the police statement.
At Dr. Salata’s November 22 hearing before Judge Michael Provost, a prosecutor asked the judge whether Dr. Salata should surrender his firearms; Provost reportedly dismissed the idea.
“It is disappointing and frustrating that Dr. Salata has escaped justice,” said one victim’s attorney, Adam Horowitz, in a blog post. “Yet, we are relieved that no other women will be assaulted by Dr. Salata again. It took tremendous courage for my client to tell her truth. She was ready to hold him accountable in court.”
Horowitz says he plans to file a civil lawsuit on behalf of his client against Dr. Salata’s estate. The Naples police are continuing their investigation into the victims’ cases, which now includes a third woman, said spokesman Lt. Bryan McGinn.
Meanwhile, the Pura Vida Medical Spa has closed permanently and its website has been deleted. One reviewer named Soul F. wrote on the spa’s Yelp page: “And now may God have mercy on this rapist’s soul. Amen.”
A version of this article first appeared on Medscape.com.
10 new ways docs could face legal troubles post Roe
Doctors in states where abortion is legal are likely to be the next target for antiabortion activists who want to deter residents from seeking abortions across state lines, say legal experts.
Antiabortion legislators in several states are mounting efforts to clamp down on out-of-state abortions, which they view as a legal loophole.
Nineteen states have already banned the use of telemedicine to prescribe medication abortion by requiring the clinician to be physically present when the medication is administered. These states include Arizona, Louisiana, Tennessee, and Texas, which also recently criminalized sending abortion pills through the mail.
Some state legislators plan to introduce legislation based on a Texas abortion ban enacted last year in which private citizens can sue anyone who assists state residents in obtaining an out-of-state abortion.
Meanwhile, legislators in states including New York where abortion is legal have introduced bills to shield doctors involved in reproductive care from possible negative actions by medical malpractice companies and professional misconduct charges.
This news organization asked legal experts for advice on how doctors can protect themselves and still provide appropriate medical care in this rapidly changing legal landscape. Here’s what they had to say.
1. What if patients from states where abortion is banned want to come to my practice in a legal state? What should I be aware of?
“Doctors should do what they think is medically necessary, but they should be aware of potential criminal and/or civil consequences in a patient’s home state, especially if those states have staked out more extreme positions on abortion such as Texas, Oklahoma, and Louisiana,” says Katherine Florey, JD, a professor at the University of California, Davis, School of Law.
The patient’s home state would need to have criminal laws in place that would explicitly ban residents from obtaining out-of-state abortions. “Probably the greater risk on the criminal front is that many states have existing laws that don’t specify their geographical reach but that could be construed to allow for criminal jurisdiction over out-of-state providers who help residents in obtaining an abortion,” she says.
However, criminal laws would be harder to enforce because of constitutional obstacles that would require the U.S. Supreme Court to resolve in a court case. Another barrier is that criminal law typically requires that a significant element of the offense take place in the prosecuting state, says Ms. Florey.
2. Am I likely to be sued by a patient from a state with an abortion ban?
“It’s more likely that states with abortion bans will pursue civil liability cases, particularly in states such as Texas and Oklahoma that allow private individuals to pursue lawsuits against individuals providing or assisting with abortions.”
Such liability is particularly appealing to antiabortion states because it allows them to target abortion care providers rather than the women seeking abortions, an approach that might be both more politically palatable and more effective in achieving abortion-restriction goals, says Ms. Florey.
“It’s not just the threat of jail time that can deter physicians from providing abortions. They can face significant career consequences from civil liability, including being reported to their medical licensing boards and having their malpractice insurance premiums increase,” says Ms. Florey.
3. What if I provide ‘abortion pill’ prescriptions by telemedicine to a patient in another state?
Doctors need to know what the rules are in the patient’s home state because states generally regard where the patient is located as where telemedicine is legally conducted, says Ms. Florey. “It’s more problematic to conduct telemedicine in states where it’s illegal. It could be viewed legally as if the doctor were prescribing a medication abortion in the patient’s state.”
Ms. Florey also advises doctors to find out whether the patient’s home state bans medication abortions. “The courts or states could decide that the physician is practicing in the jurisdiction where the patient is located even if care is provided remotely. In that case, the doctor would have to comply with all the laws of that state.”
She recommends that doctors counsel patients seeking medication abortions to come to the state where abortion is legal and get on their computers there.
“It’s not a perfect solution, but it provides more legal protection than providing medication abortion across state lines,” says Ms. Florey.
4. Can doctors be sued by patients for not informing them of the full range of treatment options, including abortion, when their health is at risk?
If the doctor is in a state that has banned abortion and the procedure is illegal, they can’t recommend something that the law doesn’t allow, says Ms. Florey.
It’s a tough call for doctors in states where abortion is illegal because they could get into legal trouble if they counsel a woman to get an abortion and the court later deems it was not medically necessary, says Ms. Florey.
But doctors could also get into legal trouble if they don’t counsel a woman to get an abortion if her life is in danger and she meets the exception in the abortion ban.
“Ultimately, I think doctors have to follow their conscience and best medical judgment but recognize the legal hazards that exist. If a physician is seeing a lot of out-of-state patients from a single jurisdiction (such as a neighboring state), it would be best to consult with an attorney from that state,” advises Ms. Florey.
5. If a patient from another state comes to me (in a legal state) for abortion care, am I required to provide them with any warnings, information, and so on?
Doctors may be required by some antiabortion states to mention certain risks, especially to the mother’s mental health, that could arise from abortions even if they are not well-supported by evidence, says Ms. Florey.
If a warning is required in a patient’s home state and there were complications from the procedure or the patient became depressed, it could be grounds for a civil lawsuit, says Ms. Florey.
“There is a Montana case, for example, where the plaintiff sued for malpractice after having an abortion. She alleged that she was given medically inaccurate information about the fetus’s HIV status, but she also claimed that she wasn’t informed that she might become depressed as a result of the abortion,” says Ms. Florey. (The case was ultimately decided on a different ground.)
6. What about complications from abortion care that I provided to a patient from another state? What are my responsibilities and risks? Can I be sued for malpractice when the patient returns to her home state?
If physicians can’t monitor the patients after their visit and something goes wrong, the doctors are at greater risk of negligence and being sued for malpractice in the patient’s home state, says Ms. Florey.
She recommends that doctors ask patients to stay for monitoring after the procedure. “I realize that may not be possible for all patients, but it’s a much safer alternative,” says Ms. Florey.
Otherwise, if the doctor communicates with the patient about the complications in her antiabortion state, the state’s courts could view the doctor as having ties to the state and claim they have jurisdiction in the case and apply the state’s laws, says Ms. Florey.
“Criminal jurisdiction would be more of stretch because the central conduct happened out of state, but states could still try to prosecute a case,” she says.
7. If a patient comes to me from another state, are there any residency requirements, or does the person need to find residence in my state for a period of time? Am I responsible for knowing their arrangements?
Generally, as a constitutional principle, a person can go to another state and have the services that a resident is entitled to, says Ms. Florey.
“States can’t normally discriminate against patients from out of state, so it’s not a residency requirement unless a state imposes one. If a state did that, it would probably be unconstitutional,” she says.
It would be less risky legally, though, if a patient remains in the state where she received abortion care for a significant period of time, says Ms. Florey.
8. How can I protect the privacy of patients’ medical records if they received an abortion or other reproductive care in the state?
To some extent, HIPAA accommodates state laws that mandate reporting of patient information, says Lisa C. Ikemoto, JD, also a professor at the UC Davis School of Law.
The Privacy Rule doesn’t require doctors to disclose protected health information about a patient when state laws require reporting. But the rule allows them to disclose private health information when there’s a court order such as a warrant or subpoena, says Ms. Ikemoto.
“Providers should make sure that patient information remains in records that are HIPAA protected. Some states, including California, have enacted privacy laws that are more protective of patient information,” she says.
The Department of Health & Human Services issued new guidance in June for health care professionals to clarify what the Privacy Rule requires them to report in light of the restrictive abortion laws.
9. I practice in a state where abortion is legal. Can I be extradited to another state if I’m prosecuted for crimes relating to reproductive health services?
Yes, generally, if your state allows it, says Ms. Florey. States have a constitutional obligation to extradite citizens of a different state if that person’s home state asks for that, but states do not have to extradite their own citizens.
However, traditionally, states have cooperated with extradition requests and most states have laws in place providing for extradition in those circumstances, which they could change to exempt abortion providers.
A handful of states – Connecticut, New York, Delaware, and New Jersey – have passed laws specifically shielding medical providers from being prosecuted under abortion restrictions passed in other states.
Governors in Massachusetts, Minnesota, New Mexico, and Nevada have issued executive orders saying they will not extradite abortion providers to states that have banned abortion provision, and that state employees will generally not comply with those out-of-state investigations.
10. Should I increase my malpractice insurance in anticipation of more potential legal problems from patients coming to me from antiabortion states?
Yes, I would recommend that doctors increase their malpractice coverage because of the increased legal risks they could face.
“It’s possible that a state might file a lawsuit against out-of-state abortion providers. Criminal prosecution is also a possibility, but the obstacles to prosecuting a case against an out-of-state provider would be considerable, especially if their home state has passed laws shielding abortion providers,” says Ms. Florey.
Individual malpractice claims or some sort of private enforcement action in a state that has established one would be more likely, she adds.
Ms. Florey advises doctors to monitor this rapidly evolving area of law. “Everything I am saying today could change with a single Supreme Court case. There will also be this kind of push/pull as antiabortion states try to crack down on out-of-state residents who provide or assist in abortion and physicians’ home states that try to protect them from legal consequences.”
A version of this article first appeared on Medscape.com.
Doctors in states where abortion is legal are likely to be the next target for antiabortion activists who want to deter residents from seeking abortions across state lines, say legal experts.
Antiabortion legislators in several states are mounting efforts to clamp down on out-of-state abortions, which they view as a legal loophole.
Nineteen states have already banned the use of telemedicine to prescribe medication abortion by requiring the clinician to be physically present when the medication is administered. These states include Arizona, Louisiana, Tennessee, and Texas, which also recently criminalized sending abortion pills through the mail.
Some state legislators plan to introduce legislation based on a Texas abortion ban enacted last year in which private citizens can sue anyone who assists state residents in obtaining an out-of-state abortion.
Meanwhile, legislators in states including New York where abortion is legal have introduced bills to shield doctors involved in reproductive care from possible negative actions by medical malpractice companies and professional misconduct charges.
This news organization asked legal experts for advice on how doctors can protect themselves and still provide appropriate medical care in this rapidly changing legal landscape. Here’s what they had to say.
1. What if patients from states where abortion is banned want to come to my practice in a legal state? What should I be aware of?
“Doctors should do what they think is medically necessary, but they should be aware of potential criminal and/or civil consequences in a patient’s home state, especially if those states have staked out more extreme positions on abortion such as Texas, Oklahoma, and Louisiana,” says Katherine Florey, JD, a professor at the University of California, Davis, School of Law.
The patient’s home state would need to have criminal laws in place that would explicitly ban residents from obtaining out-of-state abortions. “Probably the greater risk on the criminal front is that many states have existing laws that don’t specify their geographical reach but that could be construed to allow for criminal jurisdiction over out-of-state providers who help residents in obtaining an abortion,” she says.
However, criminal laws would be harder to enforce because of constitutional obstacles that would require the U.S. Supreme Court to resolve in a court case. Another barrier is that criminal law typically requires that a significant element of the offense take place in the prosecuting state, says Ms. Florey.
2. Am I likely to be sued by a patient from a state with an abortion ban?
“It’s more likely that states with abortion bans will pursue civil liability cases, particularly in states such as Texas and Oklahoma that allow private individuals to pursue lawsuits against individuals providing or assisting with abortions.”
Such liability is particularly appealing to antiabortion states because it allows them to target abortion care providers rather than the women seeking abortions, an approach that might be both more politically palatable and more effective in achieving abortion-restriction goals, says Ms. Florey.
“It’s not just the threat of jail time that can deter physicians from providing abortions. They can face significant career consequences from civil liability, including being reported to their medical licensing boards and having their malpractice insurance premiums increase,” says Ms. Florey.
3. What if I provide ‘abortion pill’ prescriptions by telemedicine to a patient in another state?
Doctors need to know what the rules are in the patient’s home state because states generally regard where the patient is located as where telemedicine is legally conducted, says Ms. Florey. “It’s more problematic to conduct telemedicine in states where it’s illegal. It could be viewed legally as if the doctor were prescribing a medication abortion in the patient’s state.”
Ms. Florey also advises doctors to find out whether the patient’s home state bans medication abortions. “The courts or states could decide that the physician is practicing in the jurisdiction where the patient is located even if care is provided remotely. In that case, the doctor would have to comply with all the laws of that state.”
She recommends that doctors counsel patients seeking medication abortions to come to the state where abortion is legal and get on their computers there.
“It’s not a perfect solution, but it provides more legal protection than providing medication abortion across state lines,” says Ms. Florey.
4. Can doctors be sued by patients for not informing them of the full range of treatment options, including abortion, when their health is at risk?
If the doctor is in a state that has banned abortion and the procedure is illegal, they can’t recommend something that the law doesn’t allow, says Ms. Florey.
It’s a tough call for doctors in states where abortion is illegal because they could get into legal trouble if they counsel a woman to get an abortion and the court later deems it was not medically necessary, says Ms. Florey.
But doctors could also get into legal trouble if they don’t counsel a woman to get an abortion if her life is in danger and she meets the exception in the abortion ban.
“Ultimately, I think doctors have to follow their conscience and best medical judgment but recognize the legal hazards that exist. If a physician is seeing a lot of out-of-state patients from a single jurisdiction (such as a neighboring state), it would be best to consult with an attorney from that state,” advises Ms. Florey.
5. If a patient from another state comes to me (in a legal state) for abortion care, am I required to provide them with any warnings, information, and so on?
Doctors may be required by some antiabortion states to mention certain risks, especially to the mother’s mental health, that could arise from abortions even if they are not well-supported by evidence, says Ms. Florey.
If a warning is required in a patient’s home state and there were complications from the procedure or the patient became depressed, it could be grounds for a civil lawsuit, says Ms. Florey.
“There is a Montana case, for example, where the plaintiff sued for malpractice after having an abortion. She alleged that she was given medically inaccurate information about the fetus’s HIV status, but she also claimed that she wasn’t informed that she might become depressed as a result of the abortion,” says Ms. Florey. (The case was ultimately decided on a different ground.)
6. What about complications from abortion care that I provided to a patient from another state? What are my responsibilities and risks? Can I be sued for malpractice when the patient returns to her home state?
If physicians can’t monitor the patients after their visit and something goes wrong, the doctors are at greater risk of negligence and being sued for malpractice in the patient’s home state, says Ms. Florey.
She recommends that doctors ask patients to stay for monitoring after the procedure. “I realize that may not be possible for all patients, but it’s a much safer alternative,” says Ms. Florey.
Otherwise, if the doctor communicates with the patient about the complications in her antiabortion state, the state’s courts could view the doctor as having ties to the state and claim they have jurisdiction in the case and apply the state’s laws, says Ms. Florey.
“Criminal jurisdiction would be more of stretch because the central conduct happened out of state, but states could still try to prosecute a case,” she says.
7. If a patient comes to me from another state, are there any residency requirements, or does the person need to find residence in my state for a period of time? Am I responsible for knowing their arrangements?
Generally, as a constitutional principle, a person can go to another state and have the services that a resident is entitled to, says Ms. Florey.
“States can’t normally discriminate against patients from out of state, so it’s not a residency requirement unless a state imposes one. If a state did that, it would probably be unconstitutional,” she says.
It would be less risky legally, though, if a patient remains in the state where she received abortion care for a significant period of time, says Ms. Florey.
8. How can I protect the privacy of patients’ medical records if they received an abortion or other reproductive care in the state?
To some extent, HIPAA accommodates state laws that mandate reporting of patient information, says Lisa C. Ikemoto, JD, also a professor at the UC Davis School of Law.
The Privacy Rule doesn’t require doctors to disclose protected health information about a patient when state laws require reporting. But the rule allows them to disclose private health information when there’s a court order such as a warrant or subpoena, says Ms. Ikemoto.
“Providers should make sure that patient information remains in records that are HIPAA protected. Some states, including California, have enacted privacy laws that are more protective of patient information,” she says.
The Department of Health & Human Services issued new guidance in June for health care professionals to clarify what the Privacy Rule requires them to report in light of the restrictive abortion laws.
9. I practice in a state where abortion is legal. Can I be extradited to another state if I’m prosecuted for crimes relating to reproductive health services?
Yes, generally, if your state allows it, says Ms. Florey. States have a constitutional obligation to extradite citizens of a different state if that person’s home state asks for that, but states do not have to extradite their own citizens.
However, traditionally, states have cooperated with extradition requests and most states have laws in place providing for extradition in those circumstances, which they could change to exempt abortion providers.
A handful of states – Connecticut, New York, Delaware, and New Jersey – have passed laws specifically shielding medical providers from being prosecuted under abortion restrictions passed in other states.
Governors in Massachusetts, Minnesota, New Mexico, and Nevada have issued executive orders saying they will not extradite abortion providers to states that have banned abortion provision, and that state employees will generally not comply with those out-of-state investigations.
10. Should I increase my malpractice insurance in anticipation of more potential legal problems from patients coming to me from antiabortion states?
Yes, I would recommend that doctors increase their malpractice coverage because of the increased legal risks they could face.
“It’s possible that a state might file a lawsuit against out-of-state abortion providers. Criminal prosecution is also a possibility, but the obstacles to prosecuting a case against an out-of-state provider would be considerable, especially if their home state has passed laws shielding abortion providers,” says Ms. Florey.
Individual malpractice claims or some sort of private enforcement action in a state that has established one would be more likely, she adds.
Ms. Florey advises doctors to monitor this rapidly evolving area of law. “Everything I am saying today could change with a single Supreme Court case. There will also be this kind of push/pull as antiabortion states try to crack down on out-of-state residents who provide or assist in abortion and physicians’ home states that try to protect them from legal consequences.”
A version of this article first appeared on Medscape.com.
Doctors in states where abortion is legal are likely to be the next target for antiabortion activists who want to deter residents from seeking abortions across state lines, say legal experts.
Antiabortion legislators in several states are mounting efforts to clamp down on out-of-state abortions, which they view as a legal loophole.
Nineteen states have already banned the use of telemedicine to prescribe medication abortion by requiring the clinician to be physically present when the medication is administered. These states include Arizona, Louisiana, Tennessee, and Texas, which also recently criminalized sending abortion pills through the mail.
Some state legislators plan to introduce legislation based on a Texas abortion ban enacted last year in which private citizens can sue anyone who assists state residents in obtaining an out-of-state abortion.
Meanwhile, legislators in states including New York where abortion is legal have introduced bills to shield doctors involved in reproductive care from possible negative actions by medical malpractice companies and professional misconduct charges.
This news organization asked legal experts for advice on how doctors can protect themselves and still provide appropriate medical care in this rapidly changing legal landscape. Here’s what they had to say.
1. What if patients from states where abortion is banned want to come to my practice in a legal state? What should I be aware of?
“Doctors should do what they think is medically necessary, but they should be aware of potential criminal and/or civil consequences in a patient’s home state, especially if those states have staked out more extreme positions on abortion such as Texas, Oklahoma, and Louisiana,” says Katherine Florey, JD, a professor at the University of California, Davis, School of Law.
The patient’s home state would need to have criminal laws in place that would explicitly ban residents from obtaining out-of-state abortions. “Probably the greater risk on the criminal front is that many states have existing laws that don’t specify their geographical reach but that could be construed to allow for criminal jurisdiction over out-of-state providers who help residents in obtaining an abortion,” she says.
However, criminal laws would be harder to enforce because of constitutional obstacles that would require the U.S. Supreme Court to resolve in a court case. Another barrier is that criminal law typically requires that a significant element of the offense take place in the prosecuting state, says Ms. Florey.
2. Am I likely to be sued by a patient from a state with an abortion ban?
“It’s more likely that states with abortion bans will pursue civil liability cases, particularly in states such as Texas and Oklahoma that allow private individuals to pursue lawsuits against individuals providing or assisting with abortions.”
Such liability is particularly appealing to antiabortion states because it allows them to target abortion care providers rather than the women seeking abortions, an approach that might be both more politically palatable and more effective in achieving abortion-restriction goals, says Ms. Florey.
“It’s not just the threat of jail time that can deter physicians from providing abortions. They can face significant career consequences from civil liability, including being reported to their medical licensing boards and having their malpractice insurance premiums increase,” says Ms. Florey.
3. What if I provide ‘abortion pill’ prescriptions by telemedicine to a patient in another state?
Doctors need to know what the rules are in the patient’s home state because states generally regard where the patient is located as where telemedicine is legally conducted, says Ms. Florey. “It’s more problematic to conduct telemedicine in states where it’s illegal. It could be viewed legally as if the doctor were prescribing a medication abortion in the patient’s state.”
Ms. Florey also advises doctors to find out whether the patient’s home state bans medication abortions. “The courts or states could decide that the physician is practicing in the jurisdiction where the patient is located even if care is provided remotely. In that case, the doctor would have to comply with all the laws of that state.”
She recommends that doctors counsel patients seeking medication abortions to come to the state where abortion is legal and get on their computers there.
“It’s not a perfect solution, but it provides more legal protection than providing medication abortion across state lines,” says Ms. Florey.
4. Can doctors be sued by patients for not informing them of the full range of treatment options, including abortion, when their health is at risk?
If the doctor is in a state that has banned abortion and the procedure is illegal, they can’t recommend something that the law doesn’t allow, says Ms. Florey.
It’s a tough call for doctors in states where abortion is illegal because they could get into legal trouble if they counsel a woman to get an abortion and the court later deems it was not medically necessary, says Ms. Florey.
But doctors could also get into legal trouble if they don’t counsel a woman to get an abortion if her life is in danger and she meets the exception in the abortion ban.
“Ultimately, I think doctors have to follow their conscience and best medical judgment but recognize the legal hazards that exist. If a physician is seeing a lot of out-of-state patients from a single jurisdiction (such as a neighboring state), it would be best to consult with an attorney from that state,” advises Ms. Florey.
5. If a patient from another state comes to me (in a legal state) for abortion care, am I required to provide them with any warnings, information, and so on?
Doctors may be required by some antiabortion states to mention certain risks, especially to the mother’s mental health, that could arise from abortions even if they are not well-supported by evidence, says Ms. Florey.
If a warning is required in a patient’s home state and there were complications from the procedure or the patient became depressed, it could be grounds for a civil lawsuit, says Ms. Florey.
“There is a Montana case, for example, where the plaintiff sued for malpractice after having an abortion. She alleged that she was given medically inaccurate information about the fetus’s HIV status, but she also claimed that she wasn’t informed that she might become depressed as a result of the abortion,” says Ms. Florey. (The case was ultimately decided on a different ground.)
6. What about complications from abortion care that I provided to a patient from another state? What are my responsibilities and risks? Can I be sued for malpractice when the patient returns to her home state?
If physicians can’t monitor the patients after their visit and something goes wrong, the doctors are at greater risk of negligence and being sued for malpractice in the patient’s home state, says Ms. Florey.
She recommends that doctors ask patients to stay for monitoring after the procedure. “I realize that may not be possible for all patients, but it’s a much safer alternative,” says Ms. Florey.
Otherwise, if the doctor communicates with the patient about the complications in her antiabortion state, the state’s courts could view the doctor as having ties to the state and claim they have jurisdiction in the case and apply the state’s laws, says Ms. Florey.
“Criminal jurisdiction would be more of stretch because the central conduct happened out of state, but states could still try to prosecute a case,” she says.
7. If a patient comes to me from another state, are there any residency requirements, or does the person need to find residence in my state for a period of time? Am I responsible for knowing their arrangements?
Generally, as a constitutional principle, a person can go to another state and have the services that a resident is entitled to, says Ms. Florey.
“States can’t normally discriminate against patients from out of state, so it’s not a residency requirement unless a state imposes one. If a state did that, it would probably be unconstitutional,” she says.
It would be less risky legally, though, if a patient remains in the state where she received abortion care for a significant period of time, says Ms. Florey.
8. How can I protect the privacy of patients’ medical records if they received an abortion or other reproductive care in the state?
To some extent, HIPAA accommodates state laws that mandate reporting of patient information, says Lisa C. Ikemoto, JD, also a professor at the UC Davis School of Law.
The Privacy Rule doesn’t require doctors to disclose protected health information about a patient when state laws require reporting. But the rule allows them to disclose private health information when there’s a court order such as a warrant or subpoena, says Ms. Ikemoto.
“Providers should make sure that patient information remains in records that are HIPAA protected. Some states, including California, have enacted privacy laws that are more protective of patient information,” she says.
The Department of Health & Human Services issued new guidance in June for health care professionals to clarify what the Privacy Rule requires them to report in light of the restrictive abortion laws.
9. I practice in a state where abortion is legal. Can I be extradited to another state if I’m prosecuted for crimes relating to reproductive health services?
Yes, generally, if your state allows it, says Ms. Florey. States have a constitutional obligation to extradite citizens of a different state if that person’s home state asks for that, but states do not have to extradite their own citizens.
However, traditionally, states have cooperated with extradition requests and most states have laws in place providing for extradition in those circumstances, which they could change to exempt abortion providers.
A handful of states – Connecticut, New York, Delaware, and New Jersey – have passed laws specifically shielding medical providers from being prosecuted under abortion restrictions passed in other states.
Governors in Massachusetts, Minnesota, New Mexico, and Nevada have issued executive orders saying they will not extradite abortion providers to states that have banned abortion provision, and that state employees will generally not comply with those out-of-state investigations.
10. Should I increase my malpractice insurance in anticipation of more potential legal problems from patients coming to me from antiabortion states?
Yes, I would recommend that doctors increase their malpractice coverage because of the increased legal risks they could face.
“It’s possible that a state might file a lawsuit against out-of-state abortion providers. Criminal prosecution is also a possibility, but the obstacles to prosecuting a case against an out-of-state provider would be considerable, especially if their home state has passed laws shielding abortion providers,” says Ms. Florey.
Individual malpractice claims or some sort of private enforcement action in a state that has established one would be more likely, she adds.
Ms. Florey advises doctors to monitor this rapidly evolving area of law. “Everything I am saying today could change with a single Supreme Court case. There will also be this kind of push/pull as antiabortion states try to crack down on out-of-state residents who provide or assist in abortion and physicians’ home states that try to protect them from legal consequences.”
A version of this article first appeared on Medscape.com.
Don’t wait for a cyberattack; know what coverage you have now
Barbara L. McAneny, MD, CEO of New Mexico Oncology Hematology Consultants, experienced a data breach about 10 years ago, when a laptop was stolen from her large practice.
She and the other physicians were upset and worried that the individual would attempt to log in to the computer system and hack their patients’ private health information.
Dr. McAneny was also worried that the practice would have to pay a hefty fine to the government for having unsecured private health information on a laptop. She could have paid from $50,000 to more than $1.9 million for lost and stolen devices (although that didn’t happen).
Dr. McAneny had a standard cyber liability benefit in her med-mal policy that covered up to $50,000 of the data breach costs. That covered the legal advice The Doctors Company provided about state and federal reporting requirements when a data breach occurs and the costs the practice incurred from mailing letters to all of its patients notifying them of the data breach, says Dr. McAneny.
“The data breach taught me a lot. Our practice spent a lot of money on increasing our internal controls, cybersecurity, and monitoring. Our IT department started testing our computer firewalls periodically, and that’s how we discovered that cybercriminals were attempting to break into our computer system at least 100 times daily,” says Dr. McAneny.
That discovery changed how she thought about insurance. “I decided the med-mal benefit wasn’t enough. I bought the best cybersecurity policy we could afford to protect against future breaches, especially malware or ransomware attacks.”
Her practice also had to make its electronic health records (EHRs) more secure to comply with the Department of Health & Human Services Office of Civil Rights standards for protected health information. The cost of increased security wasn’t covered by her cyber benefit.
Cyberattacks increasing in health care
Despite having comprehensive coverage, Dr. McAneny worries that the cybercriminals are a step ahead of the cybersecurity experts and her practice will eventually have another data breach.
“The policy only covers things that we know about today. As we upgrade our defenses, criminals are finding new ways to breach firewalls and work around our defenses,” she says.
So far this year, nearly 200 medical groups have reported cyberattacks involving 500 or more of their patients’ medical records to the federal government.
EHRs are valuable targets to cybercriminals because of the protected health information they contain. Cybercriminals grab information such as Social Security numbers, dates of birth, medical procedures and results, and in some cases billing and financial information and sell it on the dark web.
They typically bundle the information and sell it to other criminals who later use it for various kinds of fraud and extortion such as banking and credit fraud, health care fraud, identity theft, and ransom extortion.
What do most doctors have?
The vast majority (82%) of doctors polled by the Medical Group Management Association last year said they had cyber insurance, compared with 54% in 2018.
For those who answered “yes,” many said they have coverage through their malpractice insurance carrier.
David Zetter, president of Zetter HealthCare Management Consultants, recommends that physicians speak with their malpractice carrier to determine what coverage they have, if any, within their malpractice policy.
A typical cybersecurity benefit is limited to what is needed to fix and resolve the hacking incident, says Raj Shah, senior regulatory attorney and policyholder advisor at MagMutual, which insures medical practices for malpractice and cyber liability.
That usually covers investigating the cause of the breach and the extent of the damage, legal advice about federal and state reporting requirements, whether to pay a ransom, and a public relations professional to handle patient communication, says Mr. Shah.
The benefit doesn’t cover lost patient revenue when practices have to shut down their operations, the cost of replacing damaged computers, or the ransom payment, he says.
Mr. Zetter advises doctors to consider buying cybersecurity coverage. “I recommend that they speak with an insurance broker who is experienced with cybersecurity policies sold to health care professionals to determine what type of coverage and how much coverage they may need. Their malpractice carrier may also be able to provide some answers,” says Mr. Zetter.
The physician will need to be able to answer questions about their network and how many staff they have and may need to involve their IT vendor too, he adds.
How does comprehensive coverage compare?
Ransomware attacks continue to be one of the most frequent types of attacks, and the amount criminals are demanding has risen significantly. The median ransom payment was $5,000 in the fourth quarter of 2018, compared with over $300,000 during the fourth quarter of 2021.
Cybercriminals now engage in “double extortion” – demanding a ransom payment to hand over the code that will unlock their encrypted data – and then another ransom payment to not post patients’ sensitive medical information they copied onto the dark web.
Comprehensive cybersecurity insurance will cover “double extortion” payments, legal costs that may arise from defending against patient lawsuits, and the costs of meeting federal and state privacy requirements, including notifying patients of the data breach and regulatory investigations, says Michael Carr, head of risk engineering for North America for Coalition, a cyber insurance firm.
Cyber insurers also contract with vendors who sell bitcoin, which is the currency cybercriminals typically demand for ransom payments, and work with ransom negotiators.
For example, once Coalition decided to pay the ransom on behalf of a health care client, it negotiated the ransom demand down by nearly 75% from $750,000 to $200,000, and proceeded to help the company restore all of its data.
The costs to respond to the incident, to recover lost data, and to pay the extortion, together with the lost business income resulting from the incident, were covered by Coalition’s cyber insurance policy.
Other clients have had their funds retrieved before a fraudulent wire transfer was completed. “Medical practices have vendors they pay regularly. A cybercriminal may compromise your email or take over a bank account and then impersonate a vendor asking to be paid for services they didn’t provide,” says Mr. Carr.
How much coverage do you need? Cost?
Dr. McAneny has increased her cybersecurity coverage every year. “It’s expensive, but I think it’s worth it. But you can never buy enough protection due to the coverage limits.”
She worries that the costs could exceed the limits if a ransomware attack disrupts her practice for days, weeks, or longer, or if the Office for Civil Rights fines her practice $10,000 per patient chart – the practice has 100,000 health records. “That can run several millions of dollars and ruin a practice,” she says.
Health systems and hospitals need massive amounts of coverage, which often runs from $20 million to $30 million, says Mr. Shah. However, practices insured through MagMutual have lower coverage limits that range from $1 million to $5 million, he says.
“A large practice does not necessarily need more than $1,000,000 in coverage if they have limited loss in this area and strong internal processes and controls. Most large practices also have a dedicated information security director, which reduces their risk, so they may be comfortable with $1,000,000 in coverage,” says Mr. Shah.
Premiums are based on the number of patient health records per practice, which translates into higher premiums for larger practices.
Other factors that come into play include the underlying coverage, risk controls the practice has implemented, and its claims history, says Mr. Shah.
However, the cost for cyber liability insurance has increased, and practices can expect to pay higher premiums and deductibles. For example, a practice that paid $10,000 in premiums for a new policy last year will have to pay $20,000 this year, says Dan Hanson, senior vice president of management liability and client experience at Marsh & McLennon Agency, a risk management firm that sells cyber insurance policies.
“We saw 71% of our self-insured clients experience higher deductibles over last year due to increased claim activity and the lack of capacity in the market. The carriers are saying they will set limits, but you are going to pay a lot more, and you are going to participate more in losses through the higher deductibles,” says Mr. Hanson.
Are you eligible?
Cyber insurance companies have a vested interest in avoiding claims. With increasing cyberattacks and larger payouts, many insurers are requiring practices to implement some defensive measures before they insure them. Some insurers, such as Coalition, say they may still insure small practices for comprehensive coverage, but it may impact the pricing or what’s covered, says Mr. Carr.
Here are some of the security measures that cyber insurers are looking for:
- Multifactorial authentication (MFA) requires an extra layer of security to access the system. For example, when logging into your organization’s EHR platform, instead of just using a username and password to access the platform, MFA would require you to input an additional unique login credential before you can access the EHR. A secondary login credential may include security questions, a one-time PIN, or biometrics.
- Removing a terminated employee’s login credentials quickly from the computer system. “One of the most damaging and expensive types of attacks are by disgruntled employees who still have their login credentials and take revenge by logging back into the system and planting malware,” says Mr. Shah.
- Automatic system updates (patches). “Phishing email compromises usually result from a failure to fix vulnerabilities. When a system needs to restart, it should be set to automatically update any potential security loopholes within programs or products,” says Mr. Carr. The firewall settings should also be updated.
- Prior hacking incidents: Are the attackers out of your system? Once criminals hack into the system, your practice is vulnerable to repeat attacks. “If a cyberattack is not completely addressed, threat actors will maintain access to or a presence on the compromised network. In general, we will work with the insured to ensure that the initial point of compromise has been addressed and that any threat actor presence in the network has been removed,” says Mr. Carr.
When doctors compare cybersecurity policies, experts recommend avoiding companies that may offer lower prices but lack a proven track record of handling claims and do not offer resources that can detect a threat, such as ongoing network monitoring and employee training with simulated exercises.
“Practices tend to think, ‘It won’t happen to me.’ Every practice needs to take this seriously,” says Dr. McAneny.
A version of this article first appeared on Medscape.com.
Barbara L. McAneny, MD, CEO of New Mexico Oncology Hematology Consultants, experienced a data breach about 10 years ago, when a laptop was stolen from her large practice.
She and the other physicians were upset and worried that the individual would attempt to log in to the computer system and hack their patients’ private health information.
Dr. McAneny was also worried that the practice would have to pay a hefty fine to the government for having unsecured private health information on a laptop. She could have paid from $50,000 to more than $1.9 million for lost and stolen devices (although that didn’t happen).
Dr. McAneny had a standard cyber liability benefit in her med-mal policy that covered up to $50,000 of the data breach costs. That covered the legal advice The Doctors Company provided about state and federal reporting requirements when a data breach occurs and the costs the practice incurred from mailing letters to all of its patients notifying them of the data breach, says Dr. McAneny.
“The data breach taught me a lot. Our practice spent a lot of money on increasing our internal controls, cybersecurity, and monitoring. Our IT department started testing our computer firewalls periodically, and that’s how we discovered that cybercriminals were attempting to break into our computer system at least 100 times daily,” says Dr. McAneny.
That discovery changed how she thought about insurance. “I decided the med-mal benefit wasn’t enough. I bought the best cybersecurity policy we could afford to protect against future breaches, especially malware or ransomware attacks.”
Her practice also had to make its electronic health records (EHRs) more secure to comply with the Department of Health & Human Services Office of Civil Rights standards for protected health information. The cost of increased security wasn’t covered by her cyber benefit.
Cyberattacks increasing in health care
Despite having comprehensive coverage, Dr. McAneny worries that the cybercriminals are a step ahead of the cybersecurity experts and her practice will eventually have another data breach.
“The policy only covers things that we know about today. As we upgrade our defenses, criminals are finding new ways to breach firewalls and work around our defenses,” she says.
So far this year, nearly 200 medical groups have reported cyberattacks involving 500 or more of their patients’ medical records to the federal government.
EHRs are valuable targets to cybercriminals because of the protected health information they contain. Cybercriminals grab information such as Social Security numbers, dates of birth, medical procedures and results, and in some cases billing and financial information and sell it on the dark web.
They typically bundle the information and sell it to other criminals who later use it for various kinds of fraud and extortion such as banking and credit fraud, health care fraud, identity theft, and ransom extortion.
What do most doctors have?
The vast majority (82%) of doctors polled by the Medical Group Management Association last year said they had cyber insurance, compared with 54% in 2018.
For those who answered “yes,” many said they have coverage through their malpractice insurance carrier.
David Zetter, president of Zetter HealthCare Management Consultants, recommends that physicians speak with their malpractice carrier to determine what coverage they have, if any, within their malpractice policy.
A typical cybersecurity benefit is limited to what is needed to fix and resolve the hacking incident, says Raj Shah, senior regulatory attorney and policyholder advisor at MagMutual, which insures medical practices for malpractice and cyber liability.
That usually covers investigating the cause of the breach and the extent of the damage, legal advice about federal and state reporting requirements, whether to pay a ransom, and a public relations professional to handle patient communication, says Mr. Shah.
The benefit doesn’t cover lost patient revenue when practices have to shut down their operations, the cost of replacing damaged computers, or the ransom payment, he says.
Mr. Zetter advises doctors to consider buying cybersecurity coverage. “I recommend that they speak with an insurance broker who is experienced with cybersecurity policies sold to health care professionals to determine what type of coverage and how much coverage they may need. Their malpractice carrier may also be able to provide some answers,” says Mr. Zetter.
The physician will need to be able to answer questions about their network and how many staff they have and may need to involve their IT vendor too, he adds.
How does comprehensive coverage compare?
Ransomware attacks continue to be one of the most frequent types of attacks, and the amount criminals are demanding has risen significantly. The median ransom payment was $5,000 in the fourth quarter of 2018, compared with over $300,000 during the fourth quarter of 2021.
Cybercriminals now engage in “double extortion” – demanding a ransom payment to hand over the code that will unlock their encrypted data – and then another ransom payment to not post patients’ sensitive medical information they copied onto the dark web.
Comprehensive cybersecurity insurance will cover “double extortion” payments, legal costs that may arise from defending against patient lawsuits, and the costs of meeting federal and state privacy requirements, including notifying patients of the data breach and regulatory investigations, says Michael Carr, head of risk engineering for North America for Coalition, a cyber insurance firm.
Cyber insurers also contract with vendors who sell bitcoin, which is the currency cybercriminals typically demand for ransom payments, and work with ransom negotiators.
For example, once Coalition decided to pay the ransom on behalf of a health care client, it negotiated the ransom demand down by nearly 75% from $750,000 to $200,000, and proceeded to help the company restore all of its data.
The costs to respond to the incident, to recover lost data, and to pay the extortion, together with the lost business income resulting from the incident, were covered by Coalition’s cyber insurance policy.
Other clients have had their funds retrieved before a fraudulent wire transfer was completed. “Medical practices have vendors they pay regularly. A cybercriminal may compromise your email or take over a bank account and then impersonate a vendor asking to be paid for services they didn’t provide,” says Mr. Carr.
How much coverage do you need? Cost?
Dr. McAneny has increased her cybersecurity coverage every year. “It’s expensive, but I think it’s worth it. But you can never buy enough protection due to the coverage limits.”
She worries that the costs could exceed the limits if a ransomware attack disrupts her practice for days, weeks, or longer, or if the Office for Civil Rights fines her practice $10,000 per patient chart – the practice has 100,000 health records. “That can run several millions of dollars and ruin a practice,” she says.
Health systems and hospitals need massive amounts of coverage, which often runs from $20 million to $30 million, says Mr. Shah. However, practices insured through MagMutual have lower coverage limits that range from $1 million to $5 million, he says.
“A large practice does not necessarily need more than $1,000,000 in coverage if they have limited loss in this area and strong internal processes and controls. Most large practices also have a dedicated information security director, which reduces their risk, so they may be comfortable with $1,000,000 in coverage,” says Mr. Shah.
Premiums are based on the number of patient health records per practice, which translates into higher premiums for larger practices.
Other factors that come into play include the underlying coverage, risk controls the practice has implemented, and its claims history, says Mr. Shah.
However, the cost for cyber liability insurance has increased, and practices can expect to pay higher premiums and deductibles. For example, a practice that paid $10,000 in premiums for a new policy last year will have to pay $20,000 this year, says Dan Hanson, senior vice president of management liability and client experience at Marsh & McLennon Agency, a risk management firm that sells cyber insurance policies.
“We saw 71% of our self-insured clients experience higher deductibles over last year due to increased claim activity and the lack of capacity in the market. The carriers are saying they will set limits, but you are going to pay a lot more, and you are going to participate more in losses through the higher deductibles,” says Mr. Hanson.
Are you eligible?
Cyber insurance companies have a vested interest in avoiding claims. With increasing cyberattacks and larger payouts, many insurers are requiring practices to implement some defensive measures before they insure them. Some insurers, such as Coalition, say they may still insure small practices for comprehensive coverage, but it may impact the pricing or what’s covered, says Mr. Carr.
Here are some of the security measures that cyber insurers are looking for:
- Multifactorial authentication (MFA) requires an extra layer of security to access the system. For example, when logging into your organization’s EHR platform, instead of just using a username and password to access the platform, MFA would require you to input an additional unique login credential before you can access the EHR. A secondary login credential may include security questions, a one-time PIN, or biometrics.
- Removing a terminated employee’s login credentials quickly from the computer system. “One of the most damaging and expensive types of attacks are by disgruntled employees who still have their login credentials and take revenge by logging back into the system and planting malware,” says Mr. Shah.
- Automatic system updates (patches). “Phishing email compromises usually result from a failure to fix vulnerabilities. When a system needs to restart, it should be set to automatically update any potential security loopholes within programs or products,” says Mr. Carr. The firewall settings should also be updated.
- Prior hacking incidents: Are the attackers out of your system? Once criminals hack into the system, your practice is vulnerable to repeat attacks. “If a cyberattack is not completely addressed, threat actors will maintain access to or a presence on the compromised network. In general, we will work with the insured to ensure that the initial point of compromise has been addressed and that any threat actor presence in the network has been removed,” says Mr. Carr.
When doctors compare cybersecurity policies, experts recommend avoiding companies that may offer lower prices but lack a proven track record of handling claims and do not offer resources that can detect a threat, such as ongoing network monitoring and employee training with simulated exercises.
“Practices tend to think, ‘It won’t happen to me.’ Every practice needs to take this seriously,” says Dr. McAneny.
A version of this article first appeared on Medscape.com.
Barbara L. McAneny, MD, CEO of New Mexico Oncology Hematology Consultants, experienced a data breach about 10 years ago, when a laptop was stolen from her large practice.
She and the other physicians were upset and worried that the individual would attempt to log in to the computer system and hack their patients’ private health information.
Dr. McAneny was also worried that the practice would have to pay a hefty fine to the government for having unsecured private health information on a laptop. She could have paid from $50,000 to more than $1.9 million for lost and stolen devices (although that didn’t happen).
Dr. McAneny had a standard cyber liability benefit in her med-mal policy that covered up to $50,000 of the data breach costs. That covered the legal advice The Doctors Company provided about state and federal reporting requirements when a data breach occurs and the costs the practice incurred from mailing letters to all of its patients notifying them of the data breach, says Dr. McAneny.
“The data breach taught me a lot. Our practice spent a lot of money on increasing our internal controls, cybersecurity, and monitoring. Our IT department started testing our computer firewalls periodically, and that’s how we discovered that cybercriminals were attempting to break into our computer system at least 100 times daily,” says Dr. McAneny.
That discovery changed how she thought about insurance. “I decided the med-mal benefit wasn’t enough. I bought the best cybersecurity policy we could afford to protect against future breaches, especially malware or ransomware attacks.”
Her practice also had to make its electronic health records (EHRs) more secure to comply with the Department of Health & Human Services Office of Civil Rights standards for protected health information. The cost of increased security wasn’t covered by her cyber benefit.
Cyberattacks increasing in health care
Despite having comprehensive coverage, Dr. McAneny worries that the cybercriminals are a step ahead of the cybersecurity experts and her practice will eventually have another data breach.
“The policy only covers things that we know about today. As we upgrade our defenses, criminals are finding new ways to breach firewalls and work around our defenses,” she says.
So far this year, nearly 200 medical groups have reported cyberattacks involving 500 or more of their patients’ medical records to the federal government.
EHRs are valuable targets to cybercriminals because of the protected health information they contain. Cybercriminals grab information such as Social Security numbers, dates of birth, medical procedures and results, and in some cases billing and financial information and sell it on the dark web.
They typically bundle the information and sell it to other criminals who later use it for various kinds of fraud and extortion such as banking and credit fraud, health care fraud, identity theft, and ransom extortion.
What do most doctors have?
The vast majority (82%) of doctors polled by the Medical Group Management Association last year said they had cyber insurance, compared with 54% in 2018.
For those who answered “yes,” many said they have coverage through their malpractice insurance carrier.
David Zetter, president of Zetter HealthCare Management Consultants, recommends that physicians speak with their malpractice carrier to determine what coverage they have, if any, within their malpractice policy.
A typical cybersecurity benefit is limited to what is needed to fix and resolve the hacking incident, says Raj Shah, senior regulatory attorney and policyholder advisor at MagMutual, which insures medical practices for malpractice and cyber liability.
That usually covers investigating the cause of the breach and the extent of the damage, legal advice about federal and state reporting requirements, whether to pay a ransom, and a public relations professional to handle patient communication, says Mr. Shah.
The benefit doesn’t cover lost patient revenue when practices have to shut down their operations, the cost of replacing damaged computers, or the ransom payment, he says.
Mr. Zetter advises doctors to consider buying cybersecurity coverage. “I recommend that they speak with an insurance broker who is experienced with cybersecurity policies sold to health care professionals to determine what type of coverage and how much coverage they may need. Their malpractice carrier may also be able to provide some answers,” says Mr. Zetter.
The physician will need to be able to answer questions about their network and how many staff they have and may need to involve their IT vendor too, he adds.
How does comprehensive coverage compare?
Ransomware attacks continue to be one of the most frequent types of attacks, and the amount criminals are demanding has risen significantly. The median ransom payment was $5,000 in the fourth quarter of 2018, compared with over $300,000 during the fourth quarter of 2021.
Cybercriminals now engage in “double extortion” – demanding a ransom payment to hand over the code that will unlock their encrypted data – and then another ransom payment to not post patients’ sensitive medical information they copied onto the dark web.
Comprehensive cybersecurity insurance will cover “double extortion” payments, legal costs that may arise from defending against patient lawsuits, and the costs of meeting federal and state privacy requirements, including notifying patients of the data breach and regulatory investigations, says Michael Carr, head of risk engineering for North America for Coalition, a cyber insurance firm.
Cyber insurers also contract with vendors who sell bitcoin, which is the currency cybercriminals typically demand for ransom payments, and work with ransom negotiators.
For example, once Coalition decided to pay the ransom on behalf of a health care client, it negotiated the ransom demand down by nearly 75% from $750,000 to $200,000, and proceeded to help the company restore all of its data.
The costs to respond to the incident, to recover lost data, and to pay the extortion, together with the lost business income resulting from the incident, were covered by Coalition’s cyber insurance policy.
Other clients have had their funds retrieved before a fraudulent wire transfer was completed. “Medical practices have vendors they pay regularly. A cybercriminal may compromise your email or take over a bank account and then impersonate a vendor asking to be paid for services they didn’t provide,” says Mr. Carr.
How much coverage do you need? Cost?
Dr. McAneny has increased her cybersecurity coverage every year. “It’s expensive, but I think it’s worth it. But you can never buy enough protection due to the coverage limits.”
She worries that the costs could exceed the limits if a ransomware attack disrupts her practice for days, weeks, or longer, or if the Office for Civil Rights fines her practice $10,000 per patient chart – the practice has 100,000 health records. “That can run several millions of dollars and ruin a practice,” she says.
Health systems and hospitals need massive amounts of coverage, which often runs from $20 million to $30 million, says Mr. Shah. However, practices insured through MagMutual have lower coverage limits that range from $1 million to $5 million, he says.
“A large practice does not necessarily need more than $1,000,000 in coverage if they have limited loss in this area and strong internal processes and controls. Most large practices also have a dedicated information security director, which reduces their risk, so they may be comfortable with $1,000,000 in coverage,” says Mr. Shah.
Premiums are based on the number of patient health records per practice, which translates into higher premiums for larger practices.
Other factors that come into play include the underlying coverage, risk controls the practice has implemented, and its claims history, says Mr. Shah.
However, the cost for cyber liability insurance has increased, and practices can expect to pay higher premiums and deductibles. For example, a practice that paid $10,000 in premiums for a new policy last year will have to pay $20,000 this year, says Dan Hanson, senior vice president of management liability and client experience at Marsh & McLennon Agency, a risk management firm that sells cyber insurance policies.
“We saw 71% of our self-insured clients experience higher deductibles over last year due to increased claim activity and the lack of capacity in the market. The carriers are saying they will set limits, but you are going to pay a lot more, and you are going to participate more in losses through the higher deductibles,” says Mr. Hanson.
Are you eligible?
Cyber insurance companies have a vested interest in avoiding claims. With increasing cyberattacks and larger payouts, many insurers are requiring practices to implement some defensive measures before they insure them. Some insurers, such as Coalition, say they may still insure small practices for comprehensive coverage, but it may impact the pricing or what’s covered, says Mr. Carr.
Here are some of the security measures that cyber insurers are looking for:
- Multifactorial authentication (MFA) requires an extra layer of security to access the system. For example, when logging into your organization’s EHR platform, instead of just using a username and password to access the platform, MFA would require you to input an additional unique login credential before you can access the EHR. A secondary login credential may include security questions, a one-time PIN, or biometrics.
- Removing a terminated employee’s login credentials quickly from the computer system. “One of the most damaging and expensive types of attacks are by disgruntled employees who still have their login credentials and take revenge by logging back into the system and planting malware,” says Mr. Shah.
- Automatic system updates (patches). “Phishing email compromises usually result from a failure to fix vulnerabilities. When a system needs to restart, it should be set to automatically update any potential security loopholes within programs or products,” says Mr. Carr. The firewall settings should also be updated.
- Prior hacking incidents: Are the attackers out of your system? Once criminals hack into the system, your practice is vulnerable to repeat attacks. “If a cyberattack is not completely addressed, threat actors will maintain access to or a presence on the compromised network. In general, we will work with the insured to ensure that the initial point of compromise has been addressed and that any threat actor presence in the network has been removed,” says Mr. Carr.
When doctors compare cybersecurity policies, experts recommend avoiding companies that may offer lower prices but lack a proven track record of handling claims and do not offer resources that can detect a threat, such as ongoing network monitoring and employee training with simulated exercises.
“Practices tend to think, ‘It won’t happen to me.’ Every practice needs to take this seriously,” says Dr. McAneny.
A version of this article first appeared on Medscape.com.
What docs don’t know about the Disabilities Act can hurt them and patients
Lisa Iezzoni, MD, a professor of medicine at Harvard Medical School and a disability researcher at Massachusetts General Hospital, both in Boston, has used a wheelchair for more than 30 years because of multiple sclerosis. When she visits her primary care doctor, she doesn’t get weighed because the scales are not wheelchair accessible.
This failure to weigh her and other patients in wheelchairs could lead to serious medical problems. Weight is used to monitor a person’s overall health and prenatal health and to determine accurate doses for medications such as some chemotherapies, said Dr. Iezzoni.
In another situation, a man who used a wheelchair said that his primary care doctor never got him out of it for a complete physical exam. The patient later developed lymphoma, which first appeared in his groin. The doctor should have accommodated his disability and used a height-adjustable exam table or a portable lift to transfer him onto the table.
When physicians don’t provide access to medical care that patients with disabilities need, they put themselves at greater risk of lawsuits, fines, and settlements.
Yet, a new study in Health Affairs suggests that a large percentage of doctors are not fully aware of what they are legally required to do.
Under federal nondiscrimination laws (Americans With Disabilities Act, American Rehabilitation Act, and ADA Amendments Act), medical practices must provide equal access to people with disabilities, accommodate their disability-related needs, and not refuse them medical services because of their disabilities, say disability experts.
Where doctors go wrong with disability laws
What doctors don’t know about providing reasonable accommodations makes them vulnerable to lawsuits, which worries more than two-thirds of the 714 outpatient doctors surveyed.
Not only are they required to provide reasonable accommodations, but they also have to pay for them, the researchers said. One-fifth of the surveyed doctors said they didn’t know that practice owners have to pay.
More than one practice has made patients pay for services needed for their disability, such as sign language interpreters – the patients later complained this violated the ADA to enforcement agencies.
Doctors also don’t know that they have to collaborate with patients to determine what reasonable accommodations they need – over two-thirds of those surveyed said they didn’t know it was a joint responsibility, the study found.
When doctors fail to accommodate patients’ disability needs, they engage in discrimination and violate the ADA, says Elizabeth Pendo, JD, a coauthor of the study and the Joseph J. Simeone Professor of Law at Saint Louis University.
The Department of Justice has investigated several patient complaints of alleged disability discrimination recently and resolved the disputes with agreements and small fines in some cases. “The goal is not to get large financial settlements but to work with practices to get the correct procedures in place to be compliant,” said Ms. Pendo.
Physicians would be wise to check out whether their practices are as accessible as they think. Even if there’s a ramp to the office building, the parking lot may not have a van-accessible space or enough handicapped parking signs, or the exam room may be too narrow for a wheelchair to navigate.
These practices violated the ADA and agreed to make changes:
- Hamden, Conn., has two buildings that patients with physical disabilities couldn’t easily enter. The physician owners agreed to change the buildings’ entrances and access routes and add features to make it easier to use examination rooms and restrooms and the check-in and check-out areas.
- Seven medical offices in Riverside, Calif., failed to communicate effectively with deaf and hard-of-hearing patients. They should have had a qualified sign language interpreter, an assistive listening device, or another appropriate aid or service available to a deaf patient and her family. Instead, the office relied on a video remote interpretation system that often failed to work. The agreement requires the clinic to provide those aids and services to patients and their companions who are deaf or hard of hearing, advertise their availability, assess each patient who is deaf or hard of hearing to determine the best aids and services for their needs, and pay $5,000 in compensation to the complainant and a $1,000 civil penalty to the United States.
- Springfield, Mass., refused to provide full joint replacements to two patients being treated with buprenorphine, a medication used to treat opioid use disorder. Rather than accommodate the patients, the surgeons referred them elsewhere because they were uncomfortable with the postoperative pain management protocol for patients prescribed buprenorphine. “The Americans With Disabilities Act protects health care access for people under medical treatment for opioid use disorder,” said Acting U.S. Attorney Nathaniel R. Mendell. “Health care providers must comply with the ADA, even when doing so is inconvenient or makes them uncomfortable.” The agreement requires the practice to adopt a nondiscrimination policy, provide training on the ADA and opioid use disorder, and pay two complainants $15,000 each for pain and suffering.
The DOJ has filed civil lawsuits against medical practices when they failed to resolve the allegations. Recent cases include an ophthalmology practice with 24 facilities in Arizona that refused to help transfer patients in wheelchairs to surgery tables for eye surgery and required them to pay for transfer support services and two obstetricians-gynecologists in Bakersfield, Calif., who refused to provide routine medical care to a patient because of her HIV status.
What doctors should know
Many people tend to think of a person with a disability as being in a wheelchair. But the ADA has a very broad definition of disability, which includes any physical or mental impairment that substantially limits any major life activity, said Ms. Pendo.
“It was amended in 2008 to clarify that the definition includes people with chronic diseases such as diabetes and cancer, cognitive and neurological disorders, substance abuse disorders, vision and hearing loss, and learning and other disabilities,” she said.
That means that doctors have to accommodate many types of disabilities, which can be challenging. The ADA only specifies that fixed structures need to be accessible, such as parking lots, driveways, and buildings, said Dr. Iezzoni.
When it comes to “reasonable accommodations,” doctors should decide that on a case-by-case basis, she said.
“We can say based on our study that 71% of doctors don’t know the right way to think about the accommodations – they don’t know they need to talk to patients so they can explain to them exactly what they need to accommodate their disability,” said Dr. Iezzoni.
Doctors are also required to provide effective communication for patients with sensory or cognitive disabilities, which can depend on the severity, said Ms. Pendo. Is the person deaf or hard of hearing, blind or partially sighted – is the dementia mild or severe?
“The requirement is there, but what that looks like will vary by patient. That’s what’s challenging,” said Ms. Pendo.
Dr. Iezzoni recommends that doctor’s offices ask patients whether they need special help or individual assistance when they make appointments and enter their responses in their records. She also suggests that patients be asked at follow-up appointments whether they still need the same help or not.
“Disabilities can change over time – a person with bad arthritis may need help getting onto an exam table, but later get a knee or hip replacement that is effective and no longer need that help,” said Dr. Iezzoni.
Benefits outweigh costs
Physicians have made progress in meeting the ADA’s physical accessibility requirements, said Dr. Iezzoni. “The literature suggests that doctors have done a good job at fixing the structural barriers people with mobility issues face, such as ramps and bathrooms.”
However, there are exceptions in rural older buildings which can be harder to retrofit for wheelchair accessibility, she said. “I recall interviewing a rural doctor several years ago who said that he knew his patients well and when a patient visits with mobility problems, he goes down and carries the patient up the steps to his office. My response was that is not respectful of the patient or safe for the patient or you. That doctor has since changed the location of his practice,” said Dr. Iezzoni.
Some doctors may resist paying for accessible medical equipment because of cost, but she said the benefits are worth it. These include preventing staff injuries when they transfer patients and being used by patients with temporary disabilities and aging people with bad knees, backs, hearing and sight. In addition, businesses may be eligible for federal and state tax credits.
Dr. Iezzoni recently visited her doctor where they finally got height-adjustable exam tables. “I asked the assistant, who really likes these tables? She said it’s the elderly ladies of short stature – the table is lowered and they sit down and get on it.”
But, Dr. Iezonni’s main message to doctors is that patients with disabilities deserve equal quality of care. “Just because we have a disability doesn’t mean we should get worse care than other people. It’s a matter of professionalism that doctors should want to give the same quality care to all their patients.”
A version of this article first appeared on Medscape.com.
Lisa Iezzoni, MD, a professor of medicine at Harvard Medical School and a disability researcher at Massachusetts General Hospital, both in Boston, has used a wheelchair for more than 30 years because of multiple sclerosis. When she visits her primary care doctor, she doesn’t get weighed because the scales are not wheelchair accessible.
This failure to weigh her and other patients in wheelchairs could lead to serious medical problems. Weight is used to monitor a person’s overall health and prenatal health and to determine accurate doses for medications such as some chemotherapies, said Dr. Iezzoni.
In another situation, a man who used a wheelchair said that his primary care doctor never got him out of it for a complete physical exam. The patient later developed lymphoma, which first appeared in his groin. The doctor should have accommodated his disability and used a height-adjustable exam table or a portable lift to transfer him onto the table.
When physicians don’t provide access to medical care that patients with disabilities need, they put themselves at greater risk of lawsuits, fines, and settlements.
Yet, a new study in Health Affairs suggests that a large percentage of doctors are not fully aware of what they are legally required to do.
Under federal nondiscrimination laws (Americans With Disabilities Act, American Rehabilitation Act, and ADA Amendments Act), medical practices must provide equal access to people with disabilities, accommodate their disability-related needs, and not refuse them medical services because of their disabilities, say disability experts.
Where doctors go wrong with disability laws
What doctors don’t know about providing reasonable accommodations makes them vulnerable to lawsuits, which worries more than two-thirds of the 714 outpatient doctors surveyed.
Not only are they required to provide reasonable accommodations, but they also have to pay for them, the researchers said. One-fifth of the surveyed doctors said they didn’t know that practice owners have to pay.
More than one practice has made patients pay for services needed for their disability, such as sign language interpreters – the patients later complained this violated the ADA to enforcement agencies.
Doctors also don’t know that they have to collaborate with patients to determine what reasonable accommodations they need – over two-thirds of those surveyed said they didn’t know it was a joint responsibility, the study found.
When doctors fail to accommodate patients’ disability needs, they engage in discrimination and violate the ADA, says Elizabeth Pendo, JD, a coauthor of the study and the Joseph J. Simeone Professor of Law at Saint Louis University.
The Department of Justice has investigated several patient complaints of alleged disability discrimination recently and resolved the disputes with agreements and small fines in some cases. “The goal is not to get large financial settlements but to work with practices to get the correct procedures in place to be compliant,” said Ms. Pendo.
Physicians would be wise to check out whether their practices are as accessible as they think. Even if there’s a ramp to the office building, the parking lot may not have a van-accessible space or enough handicapped parking signs, or the exam room may be too narrow for a wheelchair to navigate.
These practices violated the ADA and agreed to make changes:
- Hamden, Conn., has two buildings that patients with physical disabilities couldn’t easily enter. The physician owners agreed to change the buildings’ entrances and access routes and add features to make it easier to use examination rooms and restrooms and the check-in and check-out areas.
- Seven medical offices in Riverside, Calif., failed to communicate effectively with deaf and hard-of-hearing patients. They should have had a qualified sign language interpreter, an assistive listening device, or another appropriate aid or service available to a deaf patient and her family. Instead, the office relied on a video remote interpretation system that often failed to work. The agreement requires the clinic to provide those aids and services to patients and their companions who are deaf or hard of hearing, advertise their availability, assess each patient who is deaf or hard of hearing to determine the best aids and services for their needs, and pay $5,000 in compensation to the complainant and a $1,000 civil penalty to the United States.
- Springfield, Mass., refused to provide full joint replacements to two patients being treated with buprenorphine, a medication used to treat opioid use disorder. Rather than accommodate the patients, the surgeons referred them elsewhere because they were uncomfortable with the postoperative pain management protocol for patients prescribed buprenorphine. “The Americans With Disabilities Act protects health care access for people under medical treatment for opioid use disorder,” said Acting U.S. Attorney Nathaniel R. Mendell. “Health care providers must comply with the ADA, even when doing so is inconvenient or makes them uncomfortable.” The agreement requires the practice to adopt a nondiscrimination policy, provide training on the ADA and opioid use disorder, and pay two complainants $15,000 each for pain and suffering.
The DOJ has filed civil lawsuits against medical practices when they failed to resolve the allegations. Recent cases include an ophthalmology practice with 24 facilities in Arizona that refused to help transfer patients in wheelchairs to surgery tables for eye surgery and required them to pay for transfer support services and two obstetricians-gynecologists in Bakersfield, Calif., who refused to provide routine medical care to a patient because of her HIV status.
What doctors should know
Many people tend to think of a person with a disability as being in a wheelchair. But the ADA has a very broad definition of disability, which includes any physical or mental impairment that substantially limits any major life activity, said Ms. Pendo.
“It was amended in 2008 to clarify that the definition includes people with chronic diseases such as diabetes and cancer, cognitive and neurological disorders, substance abuse disorders, vision and hearing loss, and learning and other disabilities,” she said.
That means that doctors have to accommodate many types of disabilities, which can be challenging. The ADA only specifies that fixed structures need to be accessible, such as parking lots, driveways, and buildings, said Dr. Iezzoni.
When it comes to “reasonable accommodations,” doctors should decide that on a case-by-case basis, she said.
“We can say based on our study that 71% of doctors don’t know the right way to think about the accommodations – they don’t know they need to talk to patients so they can explain to them exactly what they need to accommodate their disability,” said Dr. Iezzoni.
Doctors are also required to provide effective communication for patients with sensory or cognitive disabilities, which can depend on the severity, said Ms. Pendo. Is the person deaf or hard of hearing, blind or partially sighted – is the dementia mild or severe?
“The requirement is there, but what that looks like will vary by patient. That’s what’s challenging,” said Ms. Pendo.
Dr. Iezzoni recommends that doctor’s offices ask patients whether they need special help or individual assistance when they make appointments and enter their responses in their records. She also suggests that patients be asked at follow-up appointments whether they still need the same help or not.
“Disabilities can change over time – a person with bad arthritis may need help getting onto an exam table, but later get a knee or hip replacement that is effective and no longer need that help,” said Dr. Iezzoni.
Benefits outweigh costs
Physicians have made progress in meeting the ADA’s physical accessibility requirements, said Dr. Iezzoni. “The literature suggests that doctors have done a good job at fixing the structural barriers people with mobility issues face, such as ramps and bathrooms.”
However, there are exceptions in rural older buildings which can be harder to retrofit for wheelchair accessibility, she said. “I recall interviewing a rural doctor several years ago who said that he knew his patients well and when a patient visits with mobility problems, he goes down and carries the patient up the steps to his office. My response was that is not respectful of the patient or safe for the patient or you. That doctor has since changed the location of his practice,” said Dr. Iezzoni.
Some doctors may resist paying for accessible medical equipment because of cost, but she said the benefits are worth it. These include preventing staff injuries when they transfer patients and being used by patients with temporary disabilities and aging people with bad knees, backs, hearing and sight. In addition, businesses may be eligible for federal and state tax credits.
Dr. Iezzoni recently visited her doctor where they finally got height-adjustable exam tables. “I asked the assistant, who really likes these tables? She said it’s the elderly ladies of short stature – the table is lowered and they sit down and get on it.”
But, Dr. Iezonni’s main message to doctors is that patients with disabilities deserve equal quality of care. “Just because we have a disability doesn’t mean we should get worse care than other people. It’s a matter of professionalism that doctors should want to give the same quality care to all their patients.”
A version of this article first appeared on Medscape.com.
Lisa Iezzoni, MD, a professor of medicine at Harvard Medical School and a disability researcher at Massachusetts General Hospital, both in Boston, has used a wheelchair for more than 30 years because of multiple sclerosis. When she visits her primary care doctor, she doesn’t get weighed because the scales are not wheelchair accessible.
This failure to weigh her and other patients in wheelchairs could lead to serious medical problems. Weight is used to monitor a person’s overall health and prenatal health and to determine accurate doses for medications such as some chemotherapies, said Dr. Iezzoni.
In another situation, a man who used a wheelchair said that his primary care doctor never got him out of it for a complete physical exam. The patient later developed lymphoma, which first appeared in his groin. The doctor should have accommodated his disability and used a height-adjustable exam table or a portable lift to transfer him onto the table.
When physicians don’t provide access to medical care that patients with disabilities need, they put themselves at greater risk of lawsuits, fines, and settlements.
Yet, a new study in Health Affairs suggests that a large percentage of doctors are not fully aware of what they are legally required to do.
Under federal nondiscrimination laws (Americans With Disabilities Act, American Rehabilitation Act, and ADA Amendments Act), medical practices must provide equal access to people with disabilities, accommodate their disability-related needs, and not refuse them medical services because of their disabilities, say disability experts.
Where doctors go wrong with disability laws
What doctors don’t know about providing reasonable accommodations makes them vulnerable to lawsuits, which worries more than two-thirds of the 714 outpatient doctors surveyed.
Not only are they required to provide reasonable accommodations, but they also have to pay for them, the researchers said. One-fifth of the surveyed doctors said they didn’t know that practice owners have to pay.
More than one practice has made patients pay for services needed for their disability, such as sign language interpreters – the patients later complained this violated the ADA to enforcement agencies.
Doctors also don’t know that they have to collaborate with patients to determine what reasonable accommodations they need – over two-thirds of those surveyed said they didn’t know it was a joint responsibility, the study found.
When doctors fail to accommodate patients’ disability needs, they engage in discrimination and violate the ADA, says Elizabeth Pendo, JD, a coauthor of the study and the Joseph J. Simeone Professor of Law at Saint Louis University.
The Department of Justice has investigated several patient complaints of alleged disability discrimination recently and resolved the disputes with agreements and small fines in some cases. “The goal is not to get large financial settlements but to work with practices to get the correct procedures in place to be compliant,” said Ms. Pendo.
Physicians would be wise to check out whether their practices are as accessible as they think. Even if there’s a ramp to the office building, the parking lot may not have a van-accessible space or enough handicapped parking signs, or the exam room may be too narrow for a wheelchair to navigate.
These practices violated the ADA and agreed to make changes:
- Hamden, Conn., has two buildings that patients with physical disabilities couldn’t easily enter. The physician owners agreed to change the buildings’ entrances and access routes and add features to make it easier to use examination rooms and restrooms and the check-in and check-out areas.
- Seven medical offices in Riverside, Calif., failed to communicate effectively with deaf and hard-of-hearing patients. They should have had a qualified sign language interpreter, an assistive listening device, or another appropriate aid or service available to a deaf patient and her family. Instead, the office relied on a video remote interpretation system that often failed to work. The agreement requires the clinic to provide those aids and services to patients and their companions who are deaf or hard of hearing, advertise their availability, assess each patient who is deaf or hard of hearing to determine the best aids and services for their needs, and pay $5,000 in compensation to the complainant and a $1,000 civil penalty to the United States.
- Springfield, Mass., refused to provide full joint replacements to two patients being treated with buprenorphine, a medication used to treat opioid use disorder. Rather than accommodate the patients, the surgeons referred them elsewhere because they were uncomfortable with the postoperative pain management protocol for patients prescribed buprenorphine. “The Americans With Disabilities Act protects health care access for people under medical treatment for opioid use disorder,” said Acting U.S. Attorney Nathaniel R. Mendell. “Health care providers must comply with the ADA, even when doing so is inconvenient or makes them uncomfortable.” The agreement requires the practice to adopt a nondiscrimination policy, provide training on the ADA and opioid use disorder, and pay two complainants $15,000 each for pain and suffering.
The DOJ has filed civil lawsuits against medical practices when they failed to resolve the allegations. Recent cases include an ophthalmology practice with 24 facilities in Arizona that refused to help transfer patients in wheelchairs to surgery tables for eye surgery and required them to pay for transfer support services and two obstetricians-gynecologists in Bakersfield, Calif., who refused to provide routine medical care to a patient because of her HIV status.
What doctors should know
Many people tend to think of a person with a disability as being in a wheelchair. But the ADA has a very broad definition of disability, which includes any physical or mental impairment that substantially limits any major life activity, said Ms. Pendo.
“It was amended in 2008 to clarify that the definition includes people with chronic diseases such as diabetes and cancer, cognitive and neurological disorders, substance abuse disorders, vision and hearing loss, and learning and other disabilities,” she said.
That means that doctors have to accommodate many types of disabilities, which can be challenging. The ADA only specifies that fixed structures need to be accessible, such as parking lots, driveways, and buildings, said Dr. Iezzoni.
When it comes to “reasonable accommodations,” doctors should decide that on a case-by-case basis, she said.
“We can say based on our study that 71% of doctors don’t know the right way to think about the accommodations – they don’t know they need to talk to patients so they can explain to them exactly what they need to accommodate their disability,” said Dr. Iezzoni.
Doctors are also required to provide effective communication for patients with sensory or cognitive disabilities, which can depend on the severity, said Ms. Pendo. Is the person deaf or hard of hearing, blind or partially sighted – is the dementia mild or severe?
“The requirement is there, but what that looks like will vary by patient. That’s what’s challenging,” said Ms. Pendo.
Dr. Iezzoni recommends that doctor’s offices ask patients whether they need special help or individual assistance when they make appointments and enter their responses in their records. She also suggests that patients be asked at follow-up appointments whether they still need the same help or not.
“Disabilities can change over time – a person with bad arthritis may need help getting onto an exam table, but later get a knee or hip replacement that is effective and no longer need that help,” said Dr. Iezzoni.
Benefits outweigh costs
Physicians have made progress in meeting the ADA’s physical accessibility requirements, said Dr. Iezzoni. “The literature suggests that doctors have done a good job at fixing the structural barriers people with mobility issues face, such as ramps and bathrooms.”
However, there are exceptions in rural older buildings which can be harder to retrofit for wheelchair accessibility, she said. “I recall interviewing a rural doctor several years ago who said that he knew his patients well and when a patient visits with mobility problems, he goes down and carries the patient up the steps to his office. My response was that is not respectful of the patient or safe for the patient or you. That doctor has since changed the location of his practice,” said Dr. Iezzoni.
Some doctors may resist paying for accessible medical equipment because of cost, but she said the benefits are worth it. These include preventing staff injuries when they transfer patients and being used by patients with temporary disabilities and aging people with bad knees, backs, hearing and sight. In addition, businesses may be eligible for federal and state tax credits.
Dr. Iezzoni recently visited her doctor where they finally got height-adjustable exam tables. “I asked the assistant, who really likes these tables? She said it’s the elderly ladies of short stature – the table is lowered and they sit down and get on it.”
But, Dr. Iezonni’s main message to doctors is that patients with disabilities deserve equal quality of care. “Just because we have a disability doesn’t mean we should get worse care than other people. It’s a matter of professionalism that doctors should want to give the same quality care to all their patients.”
A version of this article first appeared on Medscape.com.
Docs refused to pay the cyber attack ransom – and suffered
Ransomware attacks are driving some small practices out of business.
Michigan-based Brookside ENT and Hearing Center, a two-physician practice, closed its doors in 2019 after a ransomware attack. The criminals locked their computer system and files and then demanded a $6,500 ransom to restore access. The practice took the advice of law enforcement and refused to pay. The attackers wiped the computer systems clean – destroying all patient records, appointment schedules, and financial information. Rather than rebuild the entire practice, the two doctors took early retirement.
Wood Ranch Medical, in Simi, Calif., a small primary care practice, decided to shut its doors in 2019 after a ransomware attack damaged its servers and backup files, which affected more than 5,000 patient records. The criminals demanded a ransom to restore the technology and records, but the owners refused to pay. They couldn’t rebuild the system without the backup files, so they shuttered their business.
Several large practices have also been attacked by ransomware, including Imperial Health in Louisiana in 2019, that may have compromised more than 110,000 records. The practice didn’t pay the ransom and had access to its backup files and the resources to rebuild its computer systems and stay in business.
Medical practices of all sizes have experienced ransomware attacks.
All it takes is one employee clicking on a link or embedded file in an email to launch malware. A vicious code locks the electronic health record (EHR) system, and your practice grinds to a halt.
Cyber criminals demand a ransom in bitcoin to unlock the files. They may even threaten to post private patient data publicly or sell it on the dark web to get you to pay up.
But, is paying a ransom necessary or wise? What other steps should you take? Here’s what cyber security experts say criminals look for in targets, how they infiltrate and attack, and how you should respond and prevent future attacks.
How does it happen?
Email is a popular way for criminals to hack into a system. Criminals often research company websites and impersonate a company executive and send a legitimate-looking “phishing” email to employees hoping that someone will click on it and launch a malware attack.
Recently, cyber criminals found an easier way to infiltrate that doesn’t require identifying targets to gain access, said Drex DeFord, executive health care strategist at CrowdStrike, a cybersecurity technology company in Sunnyvale, Calif.
“Instead of hacking into the system, cyber criminals are just logging in. Most likely, they have acquired a user’s credentials (username/password) from another source – possibly purchasing it from the dark web, the part of the Internet that criminals use, through an ‘access broker,’ an organization that specializes in collecting and selling these kinds of credentials,” said Mr. DeFord.
After a ransomware attack last August on Eskenazi Health in Indianapolis, forensic investigators discovered that the criminals had logged into the IT system in May and had disabled security protections that could have detected their presence before they launched their cyber attack, according to a statement.
Responding to a ransomware attack
When employees or the IT department suspect a ransomware attack is underway, cyber experts recommend isolating the “infected” part of the network, shutting down the computer system to prevent further damage, and securing backups.
Soon afterward, cyber criminals typically communicate their ransom demands electronically with instructions for payment. One practice described seeing a “skull and bones image” on its laptops with a link to instructions to pay the ransom demand in bitcoin.
Although you never want to pay criminals, it’s ultimately a business decision that every organization that’s affected by ransomware has to make, said Kathy Hughes, chief information security officer at Northwell Health in New York. “They need to weigh the cost and impact from paying a ransom against what they are able to recover, how long will it take, and how much will it cost,” she said.
While it may be tempting to pay a small ransom, such as $5,000, cyber experts warn that it doesn’t guarantee full access to the original data. About one-third (34%) of health care organizations whose data were encrypted paid the ransom to get their data back, according to a June 2021 HHS Report on Ransomware Trends. However, only 69% of the encrypted data was restored, the report states.
Criminals may also demand another payment, called “double extortion,” by threatening to post any extracted private patient or employee data on the dark web, said Ms. Hughes.
Practices sometimes choose not to pay the ransom when they know they can restore the backup files and rebuild the system for less than the ransom amount. However, it can take weeks to rebuild a fully operational IT system; meanwhile, the organization is losing thousands of dollars in patient revenue.
Criminals may retaliate against a practice that doesn’t pay the ransom by wiping the hard drives clean or posting the extracted medical, financial, and demographic data of patients on the dark web. Patients whose information has been extracted have filed class-action lawsuits against medical practices and organizations such as Scripps Health, in San Diego, claiming that they should have done more to keep their private information safe.
Experts also advise reporting the attack to local law enforcement officials, who may have cyber security experts on staff who will come on site and investigate the nature of the attack. They may also request help from the FBI’s professional cyber security team.
Having a cyber insurance policy may help offset some of the costs of an attack. However, make sure you have a good cyber security program, advised Mr. DeFord.
He suggests that small practices partner with large health systems that can donate their cyber security technology and related services legally under the updated Stark safe harbor rules. Otherwise, they may not meet the insurer’s requirements, or they may have to pay significantly higher rates.
Who is an easy target?
Cyber criminals look for easy targets, said Ms. Hughes. “A lot of threat actors are not targeting a specific practice – they’re simply throwing out a net and looking for vulnerable systems on the Internet.”
Small medical practices are particularly vulnerable to ransomware attacks because they lack the resources to pay for dedicated IT or cyber security staff, said Ms. Hughes, who oversees security for more than 800 outpatient practices. They’re not replacing outdated or unsupported equipment, applying regular “patches” that fix, update, or improve operating systems, application software, and Internet browsers, or using password controls.
As large practices or health systems acquire medical practices with different EHR systems, security can be more challenging. “Our goal at Northwell is always to get them onto our standard platform, where we use best practices for technology and security controls,” Ms. Hughes said. “In the world of security, having fewer EHR systems is better so there are fewer things to watch, fewer systems to patch, and fewer servers to monitor. From our point of view, it makes sense to have a standardized and streamlined system.”
Still, some practices may feel strongly about using their EHR system, she said. When that happens, “We at least bring them up to our security standards by having them implement password controls and regular patches. We communicate and collaborate with them constantly to get them to a more secure posture.”
Cyber security lapses may have increased during the pandemic when practices had to pivot rapidly to allow administrative staff to work remotely and clinical staff to use telehealth with patients.
“In the rush to get people out of the building during the pandemic, health care organizations bent many of their own rules on remote access. As they moved quickly to new telehealth solutions, they skipped steps like auditing new vendors and cyber-testing new equipment and software. Many organizations are still cleaning up the security ‘exceptions’ they made earlier in the pandemic,” said Mr. DeFord.
Hackers are sophisticated criminals
“The version of a hacker a lot of us grew up with – someone in a basement hacking into your environment and possibly deploying ransomware – isn’t accurate,” said Mr. DeFord. What experts know now is that these cyber criminals operate more like companies that have hired, trained, and developed people to be stealth-like – getting inside your network without being detected.
“They are more sophisticated than the health care organizations they often target,” added Mr. DeFord. “Their developers write the encryption software; they use chatbots to make paying the ransom easy and refer to the people they ransom as clients, because it’s a lucrative business,” he said.
These groups also have specialized roles – one may come in and map your network’s vulnerabilities and sell that information to another group that is good at extracting data and that sells that information to another group that is good at setting off ransomware and negotiation, said Mr. DeFord. “By the time a ransomware attack occurs, we often find that the bad guys have owned the network for at least 6 months.”
Patient records are attractive targets because the information can be sold on the dark web, the part of the Internet that’s unavailable to search engines and requires an anonymous browser called Tor to gain access, said Ms. Hughes.
Criminals steal patient identifiers such as Social Security numbers and birth dates, payment or insurance information, as well as medical histories and prescription data. Other people buy the information for fraudulent purposes, such as filing false tax returns, obtaining medical services, and opening credit cards, said Ms. Hughes.
Lately, criminal gangs appear to be targeting the IT or EHR systems that practices rely on for clinical care and making them unavailable. By locking EHR files or databases and holding them for ransom, criminals hope practices will be more likely to pay, said Ms. Hughes.
They also don’t want to get caught, and this tactic “gets them in and out faster” than extracting and posting patient data, although criminals may use that as a threat to extort a ransom payment, she said.
Fines for lax privacy/security
Breaches of patient records have consequences that include being investigated by federal or state authorities for potential HIPAA privacy and security violations and fines. Recently, the HHS announced a $1.5 million settlement – the largest to date – with Athens Orthopedic Clinic, PA, in Georgia, for not complying with the HIPAA rules.
When breaches of 500 or more patient records occur, medical groups are required to notify the HHS Office of Civil Rights (OCR) within 60 days, as well as all the affected patients and the media. Some organizations offer free credit monitoring and identity theft protection services to their patients.
Information about the breaches, including company names and the number of affected individuals, is posted publicly on what cyber experts often call “OCR’s wall of shame.”
Strengthen your defenses
The FBI and the HHS warned health care professionals and organizations in 2020 about the threat of increasing cyber attacks and urged them to take precautions to protect their networks.
Here are five actions you can take:
- Back-up your files to the cloud or off-site services and test that the restoration works.
- Implement user training with simulated phishing attacks so the staff will recognize suspicious emails and avoid actions that could launch malware attacks.
- Ensure strong password controls and that systems are regularly patched.
- Require multifactor authentication for remote access to IT networks.
- Set anti-virus/anti-malware programs to conduct regular scans of IT network assets using up-to-date signatures.
A version of this article first appeared on Medscape.com.
Ransomware attacks are driving some small practices out of business.
Michigan-based Brookside ENT and Hearing Center, a two-physician practice, closed its doors in 2019 after a ransomware attack. The criminals locked their computer system and files and then demanded a $6,500 ransom to restore access. The practice took the advice of law enforcement and refused to pay. The attackers wiped the computer systems clean – destroying all patient records, appointment schedules, and financial information. Rather than rebuild the entire practice, the two doctors took early retirement.
Wood Ranch Medical, in Simi, Calif., a small primary care practice, decided to shut its doors in 2019 after a ransomware attack damaged its servers and backup files, which affected more than 5,000 patient records. The criminals demanded a ransom to restore the technology and records, but the owners refused to pay. They couldn’t rebuild the system without the backup files, so they shuttered their business.
Several large practices have also been attacked by ransomware, including Imperial Health in Louisiana in 2019, that may have compromised more than 110,000 records. The practice didn’t pay the ransom and had access to its backup files and the resources to rebuild its computer systems and stay in business.
Medical practices of all sizes have experienced ransomware attacks.
All it takes is one employee clicking on a link or embedded file in an email to launch malware. A vicious code locks the electronic health record (EHR) system, and your practice grinds to a halt.
Cyber criminals demand a ransom in bitcoin to unlock the files. They may even threaten to post private patient data publicly or sell it on the dark web to get you to pay up.
But, is paying a ransom necessary or wise? What other steps should you take? Here’s what cyber security experts say criminals look for in targets, how they infiltrate and attack, and how you should respond and prevent future attacks.
How does it happen?
Email is a popular way for criminals to hack into a system. Criminals often research company websites and impersonate a company executive and send a legitimate-looking “phishing” email to employees hoping that someone will click on it and launch a malware attack.
Recently, cyber criminals found an easier way to infiltrate that doesn’t require identifying targets to gain access, said Drex DeFord, executive health care strategist at CrowdStrike, a cybersecurity technology company in Sunnyvale, Calif.
“Instead of hacking into the system, cyber criminals are just logging in. Most likely, they have acquired a user’s credentials (username/password) from another source – possibly purchasing it from the dark web, the part of the Internet that criminals use, through an ‘access broker,’ an organization that specializes in collecting and selling these kinds of credentials,” said Mr. DeFord.
After a ransomware attack last August on Eskenazi Health in Indianapolis, forensic investigators discovered that the criminals had logged into the IT system in May and had disabled security protections that could have detected their presence before they launched their cyber attack, according to a statement.
Responding to a ransomware attack
When employees or the IT department suspect a ransomware attack is underway, cyber experts recommend isolating the “infected” part of the network, shutting down the computer system to prevent further damage, and securing backups.
Soon afterward, cyber criminals typically communicate their ransom demands electronically with instructions for payment. One practice described seeing a “skull and bones image” on its laptops with a link to instructions to pay the ransom demand in bitcoin.
Although you never want to pay criminals, it’s ultimately a business decision that every organization that’s affected by ransomware has to make, said Kathy Hughes, chief information security officer at Northwell Health in New York. “They need to weigh the cost and impact from paying a ransom against what they are able to recover, how long will it take, and how much will it cost,” she said.
While it may be tempting to pay a small ransom, such as $5,000, cyber experts warn that it doesn’t guarantee full access to the original data. About one-third (34%) of health care organizations whose data were encrypted paid the ransom to get their data back, according to a June 2021 HHS Report on Ransomware Trends. However, only 69% of the encrypted data was restored, the report states.
Criminals may also demand another payment, called “double extortion,” by threatening to post any extracted private patient or employee data on the dark web, said Ms. Hughes.
Practices sometimes choose not to pay the ransom when they know they can restore the backup files and rebuild the system for less than the ransom amount. However, it can take weeks to rebuild a fully operational IT system; meanwhile, the organization is losing thousands of dollars in patient revenue.
Criminals may retaliate against a practice that doesn’t pay the ransom by wiping the hard drives clean or posting the extracted medical, financial, and demographic data of patients on the dark web. Patients whose information has been extracted have filed class-action lawsuits against medical practices and organizations such as Scripps Health, in San Diego, claiming that they should have done more to keep their private information safe.
Experts also advise reporting the attack to local law enforcement officials, who may have cyber security experts on staff who will come on site and investigate the nature of the attack. They may also request help from the FBI’s professional cyber security team.
Having a cyber insurance policy may help offset some of the costs of an attack. However, make sure you have a good cyber security program, advised Mr. DeFord.
He suggests that small practices partner with large health systems that can donate their cyber security technology and related services legally under the updated Stark safe harbor rules. Otherwise, they may not meet the insurer’s requirements, or they may have to pay significantly higher rates.
Who is an easy target?
Cyber criminals look for easy targets, said Ms. Hughes. “A lot of threat actors are not targeting a specific practice – they’re simply throwing out a net and looking for vulnerable systems on the Internet.”
Small medical practices are particularly vulnerable to ransomware attacks because they lack the resources to pay for dedicated IT or cyber security staff, said Ms. Hughes, who oversees security for more than 800 outpatient practices. They’re not replacing outdated or unsupported equipment, applying regular “patches” that fix, update, or improve operating systems, application software, and Internet browsers, or using password controls.
As large practices or health systems acquire medical practices with different EHR systems, security can be more challenging. “Our goal at Northwell is always to get them onto our standard platform, where we use best practices for technology and security controls,” Ms. Hughes said. “In the world of security, having fewer EHR systems is better so there are fewer things to watch, fewer systems to patch, and fewer servers to monitor. From our point of view, it makes sense to have a standardized and streamlined system.”
Still, some practices may feel strongly about using their EHR system, she said. When that happens, “We at least bring them up to our security standards by having them implement password controls and regular patches. We communicate and collaborate with them constantly to get them to a more secure posture.”
Cyber security lapses may have increased during the pandemic when practices had to pivot rapidly to allow administrative staff to work remotely and clinical staff to use telehealth with patients.
“In the rush to get people out of the building during the pandemic, health care organizations bent many of their own rules on remote access. As they moved quickly to new telehealth solutions, they skipped steps like auditing new vendors and cyber-testing new equipment and software. Many organizations are still cleaning up the security ‘exceptions’ they made earlier in the pandemic,” said Mr. DeFord.
Hackers are sophisticated criminals
“The version of a hacker a lot of us grew up with – someone in a basement hacking into your environment and possibly deploying ransomware – isn’t accurate,” said Mr. DeFord. What experts know now is that these cyber criminals operate more like companies that have hired, trained, and developed people to be stealth-like – getting inside your network without being detected.
“They are more sophisticated than the health care organizations they often target,” added Mr. DeFord. “Their developers write the encryption software; they use chatbots to make paying the ransom easy and refer to the people they ransom as clients, because it’s a lucrative business,” he said.
These groups also have specialized roles – one may come in and map your network’s vulnerabilities and sell that information to another group that is good at extracting data and that sells that information to another group that is good at setting off ransomware and negotiation, said Mr. DeFord. “By the time a ransomware attack occurs, we often find that the bad guys have owned the network for at least 6 months.”
Patient records are attractive targets because the information can be sold on the dark web, the part of the Internet that’s unavailable to search engines and requires an anonymous browser called Tor to gain access, said Ms. Hughes.
Criminals steal patient identifiers such as Social Security numbers and birth dates, payment or insurance information, as well as medical histories and prescription data. Other people buy the information for fraudulent purposes, such as filing false tax returns, obtaining medical services, and opening credit cards, said Ms. Hughes.
Lately, criminal gangs appear to be targeting the IT or EHR systems that practices rely on for clinical care and making them unavailable. By locking EHR files or databases and holding them for ransom, criminals hope practices will be more likely to pay, said Ms. Hughes.
They also don’t want to get caught, and this tactic “gets them in and out faster” than extracting and posting patient data, although criminals may use that as a threat to extort a ransom payment, she said.
Fines for lax privacy/security
Breaches of patient records have consequences that include being investigated by federal or state authorities for potential HIPAA privacy and security violations and fines. Recently, the HHS announced a $1.5 million settlement – the largest to date – with Athens Orthopedic Clinic, PA, in Georgia, for not complying with the HIPAA rules.
When breaches of 500 or more patient records occur, medical groups are required to notify the HHS Office of Civil Rights (OCR) within 60 days, as well as all the affected patients and the media. Some organizations offer free credit monitoring and identity theft protection services to their patients.
Information about the breaches, including company names and the number of affected individuals, is posted publicly on what cyber experts often call “OCR’s wall of shame.”
Strengthen your defenses
The FBI and the HHS warned health care professionals and organizations in 2020 about the threat of increasing cyber attacks and urged them to take precautions to protect their networks.
Here are five actions you can take:
- Back-up your files to the cloud or off-site services and test that the restoration works.
- Implement user training with simulated phishing attacks so the staff will recognize suspicious emails and avoid actions that could launch malware attacks.
- Ensure strong password controls and that systems are regularly patched.
- Require multifactor authentication for remote access to IT networks.
- Set anti-virus/anti-malware programs to conduct regular scans of IT network assets using up-to-date signatures.
A version of this article first appeared on Medscape.com.
Ransomware attacks are driving some small practices out of business.
Michigan-based Brookside ENT and Hearing Center, a two-physician practice, closed its doors in 2019 after a ransomware attack. The criminals locked their computer system and files and then demanded a $6,500 ransom to restore access. The practice took the advice of law enforcement and refused to pay. The attackers wiped the computer systems clean – destroying all patient records, appointment schedules, and financial information. Rather than rebuild the entire practice, the two doctors took early retirement.
Wood Ranch Medical, in Simi, Calif., a small primary care practice, decided to shut its doors in 2019 after a ransomware attack damaged its servers and backup files, which affected more than 5,000 patient records. The criminals demanded a ransom to restore the technology and records, but the owners refused to pay. They couldn’t rebuild the system without the backup files, so they shuttered their business.
Several large practices have also been attacked by ransomware, including Imperial Health in Louisiana in 2019, that may have compromised more than 110,000 records. The practice didn’t pay the ransom and had access to its backup files and the resources to rebuild its computer systems and stay in business.
Medical practices of all sizes have experienced ransomware attacks.
All it takes is one employee clicking on a link or embedded file in an email to launch malware. A vicious code locks the electronic health record (EHR) system, and your practice grinds to a halt.
Cyber criminals demand a ransom in bitcoin to unlock the files. They may even threaten to post private patient data publicly or sell it on the dark web to get you to pay up.
But, is paying a ransom necessary or wise? What other steps should you take? Here’s what cyber security experts say criminals look for in targets, how they infiltrate and attack, and how you should respond and prevent future attacks.
How does it happen?
Email is a popular way for criminals to hack into a system. Criminals often research company websites and impersonate a company executive and send a legitimate-looking “phishing” email to employees hoping that someone will click on it and launch a malware attack.
Recently, cyber criminals found an easier way to infiltrate that doesn’t require identifying targets to gain access, said Drex DeFord, executive health care strategist at CrowdStrike, a cybersecurity technology company in Sunnyvale, Calif.
“Instead of hacking into the system, cyber criminals are just logging in. Most likely, they have acquired a user’s credentials (username/password) from another source – possibly purchasing it from the dark web, the part of the Internet that criminals use, through an ‘access broker,’ an organization that specializes in collecting and selling these kinds of credentials,” said Mr. DeFord.
After a ransomware attack last August on Eskenazi Health in Indianapolis, forensic investigators discovered that the criminals had logged into the IT system in May and had disabled security protections that could have detected their presence before they launched their cyber attack, according to a statement.
Responding to a ransomware attack
When employees or the IT department suspect a ransomware attack is underway, cyber experts recommend isolating the “infected” part of the network, shutting down the computer system to prevent further damage, and securing backups.
Soon afterward, cyber criminals typically communicate their ransom demands electronically with instructions for payment. One practice described seeing a “skull and bones image” on its laptops with a link to instructions to pay the ransom demand in bitcoin.
Although you never want to pay criminals, it’s ultimately a business decision that every organization that’s affected by ransomware has to make, said Kathy Hughes, chief information security officer at Northwell Health in New York. “They need to weigh the cost and impact from paying a ransom against what they are able to recover, how long will it take, and how much will it cost,” she said.
While it may be tempting to pay a small ransom, such as $5,000, cyber experts warn that it doesn’t guarantee full access to the original data. About one-third (34%) of health care organizations whose data were encrypted paid the ransom to get their data back, according to a June 2021 HHS Report on Ransomware Trends. However, only 69% of the encrypted data was restored, the report states.
Criminals may also demand another payment, called “double extortion,” by threatening to post any extracted private patient or employee data on the dark web, said Ms. Hughes.
Practices sometimes choose not to pay the ransom when they know they can restore the backup files and rebuild the system for less than the ransom amount. However, it can take weeks to rebuild a fully operational IT system; meanwhile, the organization is losing thousands of dollars in patient revenue.
Criminals may retaliate against a practice that doesn’t pay the ransom by wiping the hard drives clean or posting the extracted medical, financial, and demographic data of patients on the dark web. Patients whose information has been extracted have filed class-action lawsuits against medical practices and organizations such as Scripps Health, in San Diego, claiming that they should have done more to keep their private information safe.
Experts also advise reporting the attack to local law enforcement officials, who may have cyber security experts on staff who will come on site and investigate the nature of the attack. They may also request help from the FBI’s professional cyber security team.
Having a cyber insurance policy may help offset some of the costs of an attack. However, make sure you have a good cyber security program, advised Mr. DeFord.
He suggests that small practices partner with large health systems that can donate their cyber security technology and related services legally under the updated Stark safe harbor rules. Otherwise, they may not meet the insurer’s requirements, or they may have to pay significantly higher rates.
Who is an easy target?
Cyber criminals look for easy targets, said Ms. Hughes. “A lot of threat actors are not targeting a specific practice – they’re simply throwing out a net and looking for vulnerable systems on the Internet.”
Small medical practices are particularly vulnerable to ransomware attacks because they lack the resources to pay for dedicated IT or cyber security staff, said Ms. Hughes, who oversees security for more than 800 outpatient practices. They’re not replacing outdated or unsupported equipment, applying regular “patches” that fix, update, or improve operating systems, application software, and Internet browsers, or using password controls.
As large practices or health systems acquire medical practices with different EHR systems, security can be more challenging. “Our goal at Northwell is always to get them onto our standard platform, where we use best practices for technology and security controls,” Ms. Hughes said. “In the world of security, having fewer EHR systems is better so there are fewer things to watch, fewer systems to patch, and fewer servers to monitor. From our point of view, it makes sense to have a standardized and streamlined system.”
Still, some practices may feel strongly about using their EHR system, she said. When that happens, “We at least bring them up to our security standards by having them implement password controls and regular patches. We communicate and collaborate with them constantly to get them to a more secure posture.”
Cyber security lapses may have increased during the pandemic when practices had to pivot rapidly to allow administrative staff to work remotely and clinical staff to use telehealth with patients.
“In the rush to get people out of the building during the pandemic, health care organizations bent many of their own rules on remote access. As they moved quickly to new telehealth solutions, they skipped steps like auditing new vendors and cyber-testing new equipment and software. Many organizations are still cleaning up the security ‘exceptions’ they made earlier in the pandemic,” said Mr. DeFord.
Hackers are sophisticated criminals
“The version of a hacker a lot of us grew up with – someone in a basement hacking into your environment and possibly deploying ransomware – isn’t accurate,” said Mr. DeFord. What experts know now is that these cyber criminals operate more like companies that have hired, trained, and developed people to be stealth-like – getting inside your network without being detected.
“They are more sophisticated than the health care organizations they often target,” added Mr. DeFord. “Their developers write the encryption software; they use chatbots to make paying the ransom easy and refer to the people they ransom as clients, because it’s a lucrative business,” he said.
These groups also have specialized roles – one may come in and map your network’s vulnerabilities and sell that information to another group that is good at extracting data and that sells that information to another group that is good at setting off ransomware and negotiation, said Mr. DeFord. “By the time a ransomware attack occurs, we often find that the bad guys have owned the network for at least 6 months.”
Patient records are attractive targets because the information can be sold on the dark web, the part of the Internet that’s unavailable to search engines and requires an anonymous browser called Tor to gain access, said Ms. Hughes.
Criminals steal patient identifiers such as Social Security numbers and birth dates, payment or insurance information, as well as medical histories and prescription data. Other people buy the information for fraudulent purposes, such as filing false tax returns, obtaining medical services, and opening credit cards, said Ms. Hughes.
Lately, criminal gangs appear to be targeting the IT or EHR systems that practices rely on for clinical care and making them unavailable. By locking EHR files or databases and holding them for ransom, criminals hope practices will be more likely to pay, said Ms. Hughes.
They also don’t want to get caught, and this tactic “gets them in and out faster” than extracting and posting patient data, although criminals may use that as a threat to extort a ransom payment, she said.
Fines for lax privacy/security
Breaches of patient records have consequences that include being investigated by federal or state authorities for potential HIPAA privacy and security violations and fines. Recently, the HHS announced a $1.5 million settlement – the largest to date – with Athens Orthopedic Clinic, PA, in Georgia, for not complying with the HIPAA rules.
When breaches of 500 or more patient records occur, medical groups are required to notify the HHS Office of Civil Rights (OCR) within 60 days, as well as all the affected patients and the media. Some organizations offer free credit monitoring and identity theft protection services to their patients.
Information about the breaches, including company names and the number of affected individuals, is posted publicly on what cyber experts often call “OCR’s wall of shame.”
Strengthen your defenses
The FBI and the HHS warned health care professionals and organizations in 2020 about the threat of increasing cyber attacks and urged them to take precautions to protect their networks.
Here are five actions you can take:
- Back-up your files to the cloud or off-site services and test that the restoration works.
- Implement user training with simulated phishing attacks so the staff will recognize suspicious emails and avoid actions that could launch malware attacks.
- Ensure strong password controls and that systems are regularly patched.
- Require multifactor authentication for remote access to IT networks.
- Set anti-virus/anti-malware programs to conduct regular scans of IT network assets using up-to-date signatures.
A version of this article first appeared on Medscape.com.
An MD’s nightmare began with reporting her manic episode to the medical board
Susan Haney, MD, a board-certified emergency physician in Coos Bay, Ore., was 2 years into her career when she had her first manic episode, likely a side effect of the steroid prednisone, which she had been prescribed for an asthma flare-up. Her boss at Bay Area Hospital told her that if she wanted to return to work, she would need to have written clearance from the medical board.
In retrospect, Dr. Haney says, “I don’t think they had any idea of what they would set in motion.”
Dr. Haney says the Oregon Medical Board posted her name and the nondisciplinary action on their website and in their newsletter. Her local newspaper read it and ran a story about her. “They effectively announced my mental illness to the general public despite my objections,” she says.
During the next decade, she had two more manic episodes, and more board investigations and actions followed. Despite being cleared for work each time, Dr. Haney says the board actions decimated her career in emergency medicine and her income, which is about half of what she would have earned by now. She is frustrated, sad, and angry about what happened but considers herself lucky to be practicing medicine in urgent care.
Being investigated is scary
After her first manic episode in 2006, Dr. Haney contacted the board’s medical director, a retired general surgeon, who told her the only way the board would authorize her return to work was if she agreed to open a board investigation.
She gave them the green light because she thought she had nothing to fear – she was cooperating fully and wasn’t impaired. Now Dr. Haney says she was naive. “The board is not your friend,” she says.
Dr. Haney was also anxious to return to work. She worked in a seven-person emergency department, and two colleagues were on maternity leave or medical leave.
“My colleagues kept calling asking me when I was going to return to work, and I kept saying, ‘I don’t know because the board won’t tell me,’ “ she says.
She was also feeling a lot of financial pressure. She was 2 years out of residency, owed $100,000 in student loans, and had just bought a house.
“I was really scared – I didn’t know how long this would last or if they would let me return to work. Early on, I even got a fitness for duty evaluation from the state’s consulting psychiatrist, who cleared me for work, and the board still wouldn’t let me return. They told me I had to go through their bureaucracy and a board meeting, which didn’t make sense to me.”
Dr. Haney consented to give the board’s investigative staff access to her medical records because she feared that if she challenged them, they would suspend or revoke her license immediately.
After investigating her for 4 months, the board cleared Dr. Haney to return to work at Bay Area Hospital. She agreed to the board’s “corrective action” terms: She would continue to receive psychiatric care, maintain a physician-patient relationship with a primary care physician, and enroll in the Health Physicians Program (HPP) for substance abuse monitoring.
Dr. Haney suspects that the board investigation damaged her reputation at work. “Before this, my work evaluations were consistently excellent. Afterwards, they were all adequate. I don’t think that was a coincidence.”
Worst time of her life
Five years later, after taking prednisone for another asthma flare-up, Dr. Haney had a more severe manic episode and was hospitalized.
The consulting psychiatrist who evaluated her reported her case to the medical board, stating she had bipolar disorder, was mentally incompetent, and shouldn’t be practicing medicine. The board opened a second investigation of her in 2012, which lasted 4 months.
Dr. Haney had quit her job at Bay Area Hospital in 2011 because she was pregnant and was planning to take a year off to care for the baby at home.
“That was the worst time of my life. I lost the baby at 4 months, I wasn’t working, and now I was under investigation by the board again,” she says.
The board issued an “interim stipulated order” that required that she be monitored regularly for mental illness and substance abuse by the Health Professionals Services Program (HPSP) for 2 years. “The board accused me of abusing prednisone, which I wasn’t. I was using it as prescribed and medically indicated,” she said.
The board order was reported to the National Practitioner Databank and is now permanently in her record. Although the board cleared her to work, she could not find a permanent job in a hospital emergency department.
“The repeated ‘nondisciplinary’ public board orders have had the same net impact on my career as if I had been disciplined for killing or harming my patients. For all intents and purposes, people treat it as a disciplinary action for the rest of your career,” she said.
To keep afloat financially, she found locum tenens work in local emergency departments until 2019.
Mental health toll
Dr. Haney feels that the stress of repeated board investigations has affected her mental health. “Both times this happened, it made my mental health worse, made the mania worse, and subsequent depression worse.”
Particularly distressing to her was the fact that the administrative staff who investigated her were attorneys and persons in law enforcement, rather than medical professionals with mental health training.
“I was required to disclose intimate personal details of my psychological and psychiatric history to anybody at the board who requested them. These investigators were asking me about my childhood history. That was traumatic and none of their business!”
Dr. Haney had quietly managed episodes of major depression since she was in her early 20s with the help of a psychiatrist. Her third episode of mania, which occurred in 2014, triggered a more severe depression, which she says deepened when she learned that the HPSP had notified the board about her manic symptoms and that she would not be released from the 2-year monitoring contract. When the board notified her 2 weeks later that they were opening another investigation, Dr. Haney says she had an emotional crisis, attempted suicide, and was briefly hospitalized. Several weeks later, she decided to take a mood stabilizer, which she continues to take.
The board’s 2015 corrective action agreement required Dr. Haney to practice medicine only in settings that the board’s medical director preapproved and to obtain a preapproved monitoring health care provider who would send quarterly reports to the medical director. Dr. Haney says the “nondisciplinary” action agreement was also reported to the National Practitioner Data Bank.
She also agreed to ongoing monitoring by the HPSP for mental illness and substance abuse, which involved random drug testing. When she didn’t call in one day in 2019 and missed a scheduled test, the board opened another investigation on her that lasted 7 months until July 2020. Dr. Haney said this was despite three subsequent negative tests.
Dr. Haney believes that the “open investigation” doomed a job offer from a hospital emergency department in the Virgin Islands. “I had passed all the required credentialing and explained previous board orders. They pulled the rug from under me 1 week before I was supposed to move there,” says Dr. Haney.
Her license was inactivated again because she hadn’t practiced medicine for a year, which she says was a new board policy. Although Dr. Haney says the medical director reactivated her license after talking with her, “By the time I was able to apply emergency medicine jobs, no one was interested in me anymore.”
Financial toll
Dr. Haney started her medical career when she was 42 as a second career. She says the board investigations and actions have resulted in a significant loss of work and income. “I have only worked 14 of the past 17 years as a doctor. I live cheaply because I never know how much longer my career will last,” says Dr. Haney.
The ordeal has devastated her finances. She has shelled out at least $200,000 in legal fees – she hired an attorney in 2007 and filed a lawsuit against the board in Oregon district court alleging that members had violated several of her rights. The district judge sided with the state medical board, and it was upheld on appeal in 2012, referring to state laws that gave the board absolute immunity from civil lawsuits. “I had no legal recourse to contest their decisions, no matter how injurious or unjust,” says Dr. Haney.
She has also shelled out at least $100,000 to be evaluated and monitored by the health physician program (now HPSP) for several years. Physicians who agree to be monitored by these health programs have to pay their fees. The board finally agreed last July to end her HPSP participation.
Dr. Haney also filed a complaint in 2007 with the federal Department of Health & Human Services Office for Civil Rights, alleging that the board violated her civil rights under the Americans with Disabilities Act. She says that her lawsuit and the OCR investigation of the board enabled her to withdraw from the HPP in good standing in 2008..
What would she have done differently?
She regrets not hiring an attorney earlier because “most likely the board action would not have been made public. It snowballed after that -- any mistake I made in my career was viewed in the lens of potential impairment.”
She also regrets telling her employer about the nature of her illness and reporting it to the board. A psychiatrist she saw later shared advice he gives to other patients who want to remain anonymous: get help but go out of town, use a false name, and pay cash.
“I wish I had that advice when all this started. That was the best way to protect my career,” says Dr. Haney.
Protecting the public?
The Oregon Medical Board declined to comment on Dr. Haney’s experience because investigations are confidential, but the executive director, Nicole Krishnaswami, JD, answered questions in an email about how the current board operates.
She says the board has 11 medical professionals and employs a medical director and expert consultants in specialty-specific fields. MDs with mental health training are involved in investigating/reviewing cases involving doctors with mental illnesses.
“State medical boards have a responsibility to protect and inform the public. State laws further require state agencies to provide access and transparency regarding the board’s official actions. If the board receives a complaint that a licensee is impaired and thus unable to safely practice, the board has a responsibility to investigate and ensure the licensee is practicing medicine safely,” Ms. Krishnaswami said.
The HPSP is the monitoring program established by state law to provide oversight in order to ensure that licensees are not practicing while impaired. HPSP is separate from the board and the board adopted a statement outlining its perspective on the program in support of doctors with substance abuse and mental health disorder.
The board also founded the Oregon Wellness Program, which provides free, confidential counseling to all Oregon-licensed physicians and physician assistants.
Stigma continues
Dr. Haney feels there is huge stigma associated with mental illness in the medical profession. “If I had cancer twice, I wouldn’t have been put in this position and would be at the peak of my career,” she says.
Nearly half of the 862 emergency medicine physicians surveyed last October said they were reluctant to seek mental health treatment. The reasons included fear of professional repercussions and stigma in the workplace. Several physicians said they were concerned about potentially having to report the treatment on medical license applications in the future, according to a survey by the American College of Emergency Physicians.
In addition, 26% of the more than 12,000 physicians who responded to a Medscape survey last year said they didn’t want to risk disclosure (20%) or that they distrusted mental health professionals (6%).
Another physician fights back
Steven Miles, MD, an award-winning professor emeritus of medicine and bioethics at the Center for Bioethics at the University of Minnesota, in Minneapolis, understands their reluctance. In 1996, he disclosed on his license renewal application that he had recently been diagnosed with a mainly depressive type of bipolar disorder and was in treatment. He had already told his employer, who was supportive.
That set off a 14-month investigation of him by the Minnesota Board of Medical Practice. Dr. Miles and his psychiatrist refused to release his confidential records to a panel of physicians, most of whom had no expertise in mental health care. He also filed a federal claim that the board’s requests violated the ADA, and he won the case.
“Had the board given me evidence of impaired ability to practice with ordinary skill and safety, I would have cooperated. Instead, they proposed a course of action, which would have degraded the privacy of my relationship with my psychiatrist and arguably increased the barrier to getting proper care and the risk of impairment,” he said.
The board kept renewing his license, and Dr. Miles continued to work full time. “I was empowered and protected by my stature in the field at the time my mental illness was diagnosed. Early-career physicians do not yet have that protection and should be very careful of disclosing, given the still widespread stigma of mental illnesses,” he said.
His advocacy led to changes
Dr. Miles went public to mobilize support for his ADA claim. He wrote editorials that were published in JAMA and Minnesota Medicine that refer to the American Psychiatric Association’s 1984 position paper, which says that the mandatory disclosure of the physician’s confidential medical record is without merit. Dr. Miles adds that major newspapers ran stories based on his editorials.
The board backed down after Dr. Miles won his ADA case, and it met with him. “I said this is not good stewardship of the medical profession; you are injuring doctors by keeping them from psychiatric care, which is out of line with the medical view of the treatability of depression and that needs to change,” he says.
Dr. Miles says he won a victory because his practice continued. “I also won a victory in the way the board was handling these questions, which was an opening salvo in a process that continues to this day.”
The original form asked whether he had ever been diagnosed with or treated for manic depression, schizophrenia, compulsive gambling, or other psychiatric conditions.
The revised form asks, “Do you have a physical or mental condition that would affect your ability, with or without reasonable accommodation, to provide appropriate care to patients and otherwise perform the essential functions of a practitioner in your area of practice without posing a health or safety risk to your patients? If yes, what accommodations would help you provide appropriate care to patients and perform other essential functions?”
Dr. Miles says that the final wording wasn’t ideal and that it was confusing to physicians. He says this prompted additional changes in wording by the board. Starting in January, applicants will be asked, “Do you currently have any condition that is not being appropriately treated that is likely to impair or adversely affect your ability to practice medicine with reasonable skill and safety in a competent, ethical, and professional manner?” the medical board’s executive director, Ruth M. Martinez, said in an email.
When asked whether the board still investigates physicians who reveal mental illnesses on licensing applications, Ms. Martinez responded, “All disclosures are evaluated to assure that the practitioner is qualified and safe to practice.”
This article was updated 11/4/21.
A version of this article first appeared on Medscape.com.
Susan Haney, MD, a board-certified emergency physician in Coos Bay, Ore., was 2 years into her career when she had her first manic episode, likely a side effect of the steroid prednisone, which she had been prescribed for an asthma flare-up. Her boss at Bay Area Hospital told her that if she wanted to return to work, she would need to have written clearance from the medical board.
In retrospect, Dr. Haney says, “I don’t think they had any idea of what they would set in motion.”
Dr. Haney says the Oregon Medical Board posted her name and the nondisciplinary action on their website and in their newsletter. Her local newspaper read it and ran a story about her. “They effectively announced my mental illness to the general public despite my objections,” she says.
During the next decade, she had two more manic episodes, and more board investigations and actions followed. Despite being cleared for work each time, Dr. Haney says the board actions decimated her career in emergency medicine and her income, which is about half of what she would have earned by now. She is frustrated, sad, and angry about what happened but considers herself lucky to be practicing medicine in urgent care.
Being investigated is scary
After her first manic episode in 2006, Dr. Haney contacted the board’s medical director, a retired general surgeon, who told her the only way the board would authorize her return to work was if she agreed to open a board investigation.
She gave them the green light because she thought she had nothing to fear – she was cooperating fully and wasn’t impaired. Now Dr. Haney says she was naive. “The board is not your friend,” she says.
Dr. Haney was also anxious to return to work. She worked in a seven-person emergency department, and two colleagues were on maternity leave or medical leave.
“My colleagues kept calling asking me when I was going to return to work, and I kept saying, ‘I don’t know because the board won’t tell me,’ “ she says.
She was also feeling a lot of financial pressure. She was 2 years out of residency, owed $100,000 in student loans, and had just bought a house.
“I was really scared – I didn’t know how long this would last or if they would let me return to work. Early on, I even got a fitness for duty evaluation from the state’s consulting psychiatrist, who cleared me for work, and the board still wouldn’t let me return. They told me I had to go through their bureaucracy and a board meeting, which didn’t make sense to me.”
Dr. Haney consented to give the board’s investigative staff access to her medical records because she feared that if she challenged them, they would suspend or revoke her license immediately.
After investigating her for 4 months, the board cleared Dr. Haney to return to work at Bay Area Hospital. She agreed to the board’s “corrective action” terms: She would continue to receive psychiatric care, maintain a physician-patient relationship with a primary care physician, and enroll in the Health Physicians Program (HPP) for substance abuse monitoring.
Dr. Haney suspects that the board investigation damaged her reputation at work. “Before this, my work evaluations were consistently excellent. Afterwards, they were all adequate. I don’t think that was a coincidence.”
Worst time of her life
Five years later, after taking prednisone for another asthma flare-up, Dr. Haney had a more severe manic episode and was hospitalized.
The consulting psychiatrist who evaluated her reported her case to the medical board, stating she had bipolar disorder, was mentally incompetent, and shouldn’t be practicing medicine. The board opened a second investigation of her in 2012, which lasted 4 months.
Dr. Haney had quit her job at Bay Area Hospital in 2011 because she was pregnant and was planning to take a year off to care for the baby at home.
“That was the worst time of my life. I lost the baby at 4 months, I wasn’t working, and now I was under investigation by the board again,” she says.
The board issued an “interim stipulated order” that required that she be monitored regularly for mental illness and substance abuse by the Health Professionals Services Program (HPSP) for 2 years. “The board accused me of abusing prednisone, which I wasn’t. I was using it as prescribed and medically indicated,” she said.
The board order was reported to the National Practitioner Databank and is now permanently in her record. Although the board cleared her to work, she could not find a permanent job in a hospital emergency department.
“The repeated ‘nondisciplinary’ public board orders have had the same net impact on my career as if I had been disciplined for killing or harming my patients. For all intents and purposes, people treat it as a disciplinary action for the rest of your career,” she said.
To keep afloat financially, she found locum tenens work in local emergency departments until 2019.
Mental health toll
Dr. Haney feels that the stress of repeated board investigations has affected her mental health. “Both times this happened, it made my mental health worse, made the mania worse, and subsequent depression worse.”
Particularly distressing to her was the fact that the administrative staff who investigated her were attorneys and persons in law enforcement, rather than medical professionals with mental health training.
“I was required to disclose intimate personal details of my psychological and psychiatric history to anybody at the board who requested them. These investigators were asking me about my childhood history. That was traumatic and none of their business!”
Dr. Haney had quietly managed episodes of major depression since she was in her early 20s with the help of a psychiatrist. Her third episode of mania, which occurred in 2014, triggered a more severe depression, which she says deepened when she learned that the HPSP had notified the board about her manic symptoms and that she would not be released from the 2-year monitoring contract. When the board notified her 2 weeks later that they were opening another investigation, Dr. Haney says she had an emotional crisis, attempted suicide, and was briefly hospitalized. Several weeks later, she decided to take a mood stabilizer, which she continues to take.
The board’s 2015 corrective action agreement required Dr. Haney to practice medicine only in settings that the board’s medical director preapproved and to obtain a preapproved monitoring health care provider who would send quarterly reports to the medical director. Dr. Haney says the “nondisciplinary” action agreement was also reported to the National Practitioner Data Bank.
She also agreed to ongoing monitoring by the HPSP for mental illness and substance abuse, which involved random drug testing. When she didn’t call in one day in 2019 and missed a scheduled test, the board opened another investigation on her that lasted 7 months until July 2020. Dr. Haney said this was despite three subsequent negative tests.
Dr. Haney believes that the “open investigation” doomed a job offer from a hospital emergency department in the Virgin Islands. “I had passed all the required credentialing and explained previous board orders. They pulled the rug from under me 1 week before I was supposed to move there,” says Dr. Haney.
Her license was inactivated again because she hadn’t practiced medicine for a year, which she says was a new board policy. Although Dr. Haney says the medical director reactivated her license after talking with her, “By the time I was able to apply emergency medicine jobs, no one was interested in me anymore.”
Financial toll
Dr. Haney started her medical career when she was 42 as a second career. She says the board investigations and actions have resulted in a significant loss of work and income. “I have only worked 14 of the past 17 years as a doctor. I live cheaply because I never know how much longer my career will last,” says Dr. Haney.
The ordeal has devastated her finances. She has shelled out at least $200,000 in legal fees – she hired an attorney in 2007 and filed a lawsuit against the board in Oregon district court alleging that members had violated several of her rights. The district judge sided with the state medical board, and it was upheld on appeal in 2012, referring to state laws that gave the board absolute immunity from civil lawsuits. “I had no legal recourse to contest their decisions, no matter how injurious or unjust,” says Dr. Haney.
She has also shelled out at least $100,000 to be evaluated and monitored by the health physician program (now HPSP) for several years. Physicians who agree to be monitored by these health programs have to pay their fees. The board finally agreed last July to end her HPSP participation.
Dr. Haney also filed a complaint in 2007 with the federal Department of Health & Human Services Office for Civil Rights, alleging that the board violated her civil rights under the Americans with Disabilities Act. She says that her lawsuit and the OCR investigation of the board enabled her to withdraw from the HPP in good standing in 2008..
What would she have done differently?
She regrets not hiring an attorney earlier because “most likely the board action would not have been made public. It snowballed after that -- any mistake I made in my career was viewed in the lens of potential impairment.”
She also regrets telling her employer about the nature of her illness and reporting it to the board. A psychiatrist she saw later shared advice he gives to other patients who want to remain anonymous: get help but go out of town, use a false name, and pay cash.
“I wish I had that advice when all this started. That was the best way to protect my career,” says Dr. Haney.
Protecting the public?
The Oregon Medical Board declined to comment on Dr. Haney’s experience because investigations are confidential, but the executive director, Nicole Krishnaswami, JD, answered questions in an email about how the current board operates.
She says the board has 11 medical professionals and employs a medical director and expert consultants in specialty-specific fields. MDs with mental health training are involved in investigating/reviewing cases involving doctors with mental illnesses.
“State medical boards have a responsibility to protect and inform the public. State laws further require state agencies to provide access and transparency regarding the board’s official actions. If the board receives a complaint that a licensee is impaired and thus unable to safely practice, the board has a responsibility to investigate and ensure the licensee is practicing medicine safely,” Ms. Krishnaswami said.
The HPSP is the monitoring program established by state law to provide oversight in order to ensure that licensees are not practicing while impaired. HPSP is separate from the board and the board adopted a statement outlining its perspective on the program in support of doctors with substance abuse and mental health disorder.
The board also founded the Oregon Wellness Program, which provides free, confidential counseling to all Oregon-licensed physicians and physician assistants.
Stigma continues
Dr. Haney feels there is huge stigma associated with mental illness in the medical profession. “If I had cancer twice, I wouldn’t have been put in this position and would be at the peak of my career,” she says.
Nearly half of the 862 emergency medicine physicians surveyed last October said they were reluctant to seek mental health treatment. The reasons included fear of professional repercussions and stigma in the workplace. Several physicians said they were concerned about potentially having to report the treatment on medical license applications in the future, according to a survey by the American College of Emergency Physicians.
In addition, 26% of the more than 12,000 physicians who responded to a Medscape survey last year said they didn’t want to risk disclosure (20%) or that they distrusted mental health professionals (6%).
Another physician fights back
Steven Miles, MD, an award-winning professor emeritus of medicine and bioethics at the Center for Bioethics at the University of Minnesota, in Minneapolis, understands their reluctance. In 1996, he disclosed on his license renewal application that he had recently been diagnosed with a mainly depressive type of bipolar disorder and was in treatment. He had already told his employer, who was supportive.
That set off a 14-month investigation of him by the Minnesota Board of Medical Practice. Dr. Miles and his psychiatrist refused to release his confidential records to a panel of physicians, most of whom had no expertise in mental health care. He also filed a federal claim that the board’s requests violated the ADA, and he won the case.
“Had the board given me evidence of impaired ability to practice with ordinary skill and safety, I would have cooperated. Instead, they proposed a course of action, which would have degraded the privacy of my relationship with my psychiatrist and arguably increased the barrier to getting proper care and the risk of impairment,” he said.
The board kept renewing his license, and Dr. Miles continued to work full time. “I was empowered and protected by my stature in the field at the time my mental illness was diagnosed. Early-career physicians do not yet have that protection and should be very careful of disclosing, given the still widespread stigma of mental illnesses,” he said.
His advocacy led to changes
Dr. Miles went public to mobilize support for his ADA claim. He wrote editorials that were published in JAMA and Minnesota Medicine that refer to the American Psychiatric Association’s 1984 position paper, which says that the mandatory disclosure of the physician’s confidential medical record is without merit. Dr. Miles adds that major newspapers ran stories based on his editorials.
The board backed down after Dr. Miles won his ADA case, and it met with him. “I said this is not good stewardship of the medical profession; you are injuring doctors by keeping them from psychiatric care, which is out of line with the medical view of the treatability of depression and that needs to change,” he says.
Dr. Miles says he won a victory because his practice continued. “I also won a victory in the way the board was handling these questions, which was an opening salvo in a process that continues to this day.”
The original form asked whether he had ever been diagnosed with or treated for manic depression, schizophrenia, compulsive gambling, or other psychiatric conditions.
The revised form asks, “Do you have a physical or mental condition that would affect your ability, with or without reasonable accommodation, to provide appropriate care to patients and otherwise perform the essential functions of a practitioner in your area of practice without posing a health or safety risk to your patients? If yes, what accommodations would help you provide appropriate care to patients and perform other essential functions?”
Dr. Miles says that the final wording wasn’t ideal and that it was confusing to physicians. He says this prompted additional changes in wording by the board. Starting in January, applicants will be asked, “Do you currently have any condition that is not being appropriately treated that is likely to impair or adversely affect your ability to practice medicine with reasonable skill and safety in a competent, ethical, and professional manner?” the medical board’s executive director, Ruth M. Martinez, said in an email.
When asked whether the board still investigates physicians who reveal mental illnesses on licensing applications, Ms. Martinez responded, “All disclosures are evaluated to assure that the practitioner is qualified and safe to practice.”
This article was updated 11/4/21.
A version of this article first appeared on Medscape.com.
Susan Haney, MD, a board-certified emergency physician in Coos Bay, Ore., was 2 years into her career when she had her first manic episode, likely a side effect of the steroid prednisone, which she had been prescribed for an asthma flare-up. Her boss at Bay Area Hospital told her that if she wanted to return to work, she would need to have written clearance from the medical board.
In retrospect, Dr. Haney says, “I don’t think they had any idea of what they would set in motion.”
Dr. Haney says the Oregon Medical Board posted her name and the nondisciplinary action on their website and in their newsletter. Her local newspaper read it and ran a story about her. “They effectively announced my mental illness to the general public despite my objections,” she says.
During the next decade, she had two more manic episodes, and more board investigations and actions followed. Despite being cleared for work each time, Dr. Haney says the board actions decimated her career in emergency medicine and her income, which is about half of what she would have earned by now. She is frustrated, sad, and angry about what happened but considers herself lucky to be practicing medicine in urgent care.
Being investigated is scary
After her first manic episode in 2006, Dr. Haney contacted the board’s medical director, a retired general surgeon, who told her the only way the board would authorize her return to work was if she agreed to open a board investigation.
She gave them the green light because she thought she had nothing to fear – she was cooperating fully and wasn’t impaired. Now Dr. Haney says she was naive. “The board is not your friend,” she says.
Dr. Haney was also anxious to return to work. She worked in a seven-person emergency department, and two colleagues were on maternity leave or medical leave.
“My colleagues kept calling asking me when I was going to return to work, and I kept saying, ‘I don’t know because the board won’t tell me,’ “ she says.
She was also feeling a lot of financial pressure. She was 2 years out of residency, owed $100,000 in student loans, and had just bought a house.
“I was really scared – I didn’t know how long this would last or if they would let me return to work. Early on, I even got a fitness for duty evaluation from the state’s consulting psychiatrist, who cleared me for work, and the board still wouldn’t let me return. They told me I had to go through their bureaucracy and a board meeting, which didn’t make sense to me.”
Dr. Haney consented to give the board’s investigative staff access to her medical records because she feared that if she challenged them, they would suspend or revoke her license immediately.
After investigating her for 4 months, the board cleared Dr. Haney to return to work at Bay Area Hospital. She agreed to the board’s “corrective action” terms: She would continue to receive psychiatric care, maintain a physician-patient relationship with a primary care physician, and enroll in the Health Physicians Program (HPP) for substance abuse monitoring.
Dr. Haney suspects that the board investigation damaged her reputation at work. “Before this, my work evaluations were consistently excellent. Afterwards, they were all adequate. I don’t think that was a coincidence.”
Worst time of her life
Five years later, after taking prednisone for another asthma flare-up, Dr. Haney had a more severe manic episode and was hospitalized.
The consulting psychiatrist who evaluated her reported her case to the medical board, stating she had bipolar disorder, was mentally incompetent, and shouldn’t be practicing medicine. The board opened a second investigation of her in 2012, which lasted 4 months.
Dr. Haney had quit her job at Bay Area Hospital in 2011 because she was pregnant and was planning to take a year off to care for the baby at home.
“That was the worst time of my life. I lost the baby at 4 months, I wasn’t working, and now I was under investigation by the board again,” she says.
The board issued an “interim stipulated order” that required that she be monitored regularly for mental illness and substance abuse by the Health Professionals Services Program (HPSP) for 2 years. “The board accused me of abusing prednisone, which I wasn’t. I was using it as prescribed and medically indicated,” she said.
The board order was reported to the National Practitioner Databank and is now permanently in her record. Although the board cleared her to work, she could not find a permanent job in a hospital emergency department.
“The repeated ‘nondisciplinary’ public board orders have had the same net impact on my career as if I had been disciplined for killing or harming my patients. For all intents and purposes, people treat it as a disciplinary action for the rest of your career,” she said.
To keep afloat financially, she found locum tenens work in local emergency departments until 2019.
Mental health toll
Dr. Haney feels that the stress of repeated board investigations has affected her mental health. “Both times this happened, it made my mental health worse, made the mania worse, and subsequent depression worse.”
Particularly distressing to her was the fact that the administrative staff who investigated her were attorneys and persons in law enforcement, rather than medical professionals with mental health training.
“I was required to disclose intimate personal details of my psychological and psychiatric history to anybody at the board who requested them. These investigators were asking me about my childhood history. That was traumatic and none of their business!”
Dr. Haney had quietly managed episodes of major depression since she was in her early 20s with the help of a psychiatrist. Her third episode of mania, which occurred in 2014, triggered a more severe depression, which she says deepened when she learned that the HPSP had notified the board about her manic symptoms and that she would not be released from the 2-year monitoring contract. When the board notified her 2 weeks later that they were opening another investigation, Dr. Haney says she had an emotional crisis, attempted suicide, and was briefly hospitalized. Several weeks later, she decided to take a mood stabilizer, which she continues to take.
The board’s 2015 corrective action agreement required Dr. Haney to practice medicine only in settings that the board’s medical director preapproved and to obtain a preapproved monitoring health care provider who would send quarterly reports to the medical director. Dr. Haney says the “nondisciplinary” action agreement was also reported to the National Practitioner Data Bank.
She also agreed to ongoing monitoring by the HPSP for mental illness and substance abuse, which involved random drug testing. When she didn’t call in one day in 2019 and missed a scheduled test, the board opened another investigation on her that lasted 7 months until July 2020. Dr. Haney said this was despite three subsequent negative tests.
Dr. Haney believes that the “open investigation” doomed a job offer from a hospital emergency department in the Virgin Islands. “I had passed all the required credentialing and explained previous board orders. They pulled the rug from under me 1 week before I was supposed to move there,” says Dr. Haney.
Her license was inactivated again because she hadn’t practiced medicine for a year, which she says was a new board policy. Although Dr. Haney says the medical director reactivated her license after talking with her, “By the time I was able to apply emergency medicine jobs, no one was interested in me anymore.”
Financial toll
Dr. Haney started her medical career when she was 42 as a second career. She says the board investigations and actions have resulted in a significant loss of work and income. “I have only worked 14 of the past 17 years as a doctor. I live cheaply because I never know how much longer my career will last,” says Dr. Haney.
The ordeal has devastated her finances. She has shelled out at least $200,000 in legal fees – she hired an attorney in 2007 and filed a lawsuit against the board in Oregon district court alleging that members had violated several of her rights. The district judge sided with the state medical board, and it was upheld on appeal in 2012, referring to state laws that gave the board absolute immunity from civil lawsuits. “I had no legal recourse to contest their decisions, no matter how injurious or unjust,” says Dr. Haney.
She has also shelled out at least $100,000 to be evaluated and monitored by the health physician program (now HPSP) for several years. Physicians who agree to be monitored by these health programs have to pay their fees. The board finally agreed last July to end her HPSP participation.
Dr. Haney also filed a complaint in 2007 with the federal Department of Health & Human Services Office for Civil Rights, alleging that the board violated her civil rights under the Americans with Disabilities Act. She says that her lawsuit and the OCR investigation of the board enabled her to withdraw from the HPP in good standing in 2008..
What would she have done differently?
She regrets not hiring an attorney earlier because “most likely the board action would not have been made public. It snowballed after that -- any mistake I made in my career was viewed in the lens of potential impairment.”
She also regrets telling her employer about the nature of her illness and reporting it to the board. A psychiatrist she saw later shared advice he gives to other patients who want to remain anonymous: get help but go out of town, use a false name, and pay cash.
“I wish I had that advice when all this started. That was the best way to protect my career,” says Dr. Haney.
Protecting the public?
The Oregon Medical Board declined to comment on Dr. Haney’s experience because investigations are confidential, but the executive director, Nicole Krishnaswami, JD, answered questions in an email about how the current board operates.
She says the board has 11 medical professionals and employs a medical director and expert consultants in specialty-specific fields. MDs with mental health training are involved in investigating/reviewing cases involving doctors with mental illnesses.
“State medical boards have a responsibility to protect and inform the public. State laws further require state agencies to provide access and transparency regarding the board’s official actions. If the board receives a complaint that a licensee is impaired and thus unable to safely practice, the board has a responsibility to investigate and ensure the licensee is practicing medicine safely,” Ms. Krishnaswami said.
The HPSP is the monitoring program established by state law to provide oversight in order to ensure that licensees are not practicing while impaired. HPSP is separate from the board and the board adopted a statement outlining its perspective on the program in support of doctors with substance abuse and mental health disorder.
The board also founded the Oregon Wellness Program, which provides free, confidential counseling to all Oregon-licensed physicians and physician assistants.
Stigma continues
Dr. Haney feels there is huge stigma associated with mental illness in the medical profession. “If I had cancer twice, I wouldn’t have been put in this position and would be at the peak of my career,” she says.
Nearly half of the 862 emergency medicine physicians surveyed last October said they were reluctant to seek mental health treatment. The reasons included fear of professional repercussions and stigma in the workplace. Several physicians said they were concerned about potentially having to report the treatment on medical license applications in the future, according to a survey by the American College of Emergency Physicians.
In addition, 26% of the more than 12,000 physicians who responded to a Medscape survey last year said they didn’t want to risk disclosure (20%) or that they distrusted mental health professionals (6%).
Another physician fights back
Steven Miles, MD, an award-winning professor emeritus of medicine and bioethics at the Center for Bioethics at the University of Minnesota, in Minneapolis, understands their reluctance. In 1996, he disclosed on his license renewal application that he had recently been diagnosed with a mainly depressive type of bipolar disorder and was in treatment. He had already told his employer, who was supportive.
That set off a 14-month investigation of him by the Minnesota Board of Medical Practice. Dr. Miles and his psychiatrist refused to release his confidential records to a panel of physicians, most of whom had no expertise in mental health care. He also filed a federal claim that the board’s requests violated the ADA, and he won the case.
“Had the board given me evidence of impaired ability to practice with ordinary skill and safety, I would have cooperated. Instead, they proposed a course of action, which would have degraded the privacy of my relationship with my psychiatrist and arguably increased the barrier to getting proper care and the risk of impairment,” he said.
The board kept renewing his license, and Dr. Miles continued to work full time. “I was empowered and protected by my stature in the field at the time my mental illness was diagnosed. Early-career physicians do not yet have that protection and should be very careful of disclosing, given the still widespread stigma of mental illnesses,” he said.
His advocacy led to changes
Dr. Miles went public to mobilize support for his ADA claim. He wrote editorials that were published in JAMA and Minnesota Medicine that refer to the American Psychiatric Association’s 1984 position paper, which says that the mandatory disclosure of the physician’s confidential medical record is without merit. Dr. Miles adds that major newspapers ran stories based on his editorials.
The board backed down after Dr. Miles won his ADA case, and it met with him. “I said this is not good stewardship of the medical profession; you are injuring doctors by keeping them from psychiatric care, which is out of line with the medical view of the treatability of depression and that needs to change,” he says.
Dr. Miles says he won a victory because his practice continued. “I also won a victory in the way the board was handling these questions, which was an opening salvo in a process that continues to this day.”
The original form asked whether he had ever been diagnosed with or treated for manic depression, schizophrenia, compulsive gambling, or other psychiatric conditions.
The revised form asks, “Do you have a physical or mental condition that would affect your ability, with or without reasonable accommodation, to provide appropriate care to patients and otherwise perform the essential functions of a practitioner in your area of practice without posing a health or safety risk to your patients? If yes, what accommodations would help you provide appropriate care to patients and perform other essential functions?”
Dr. Miles says that the final wording wasn’t ideal and that it was confusing to physicians. He says this prompted additional changes in wording by the board. Starting in January, applicants will be asked, “Do you currently have any condition that is not being appropriately treated that is likely to impair or adversely affect your ability to practice medicine with reasonable skill and safety in a competent, ethical, and professional manner?” the medical board’s executive director, Ruth M. Martinez, said in an email.
When asked whether the board still investigates physicians who reveal mental illnesses on licensing applications, Ms. Martinez responded, “All disclosures are evaluated to assure that the practitioner is qualified and safe to practice.”
This article was updated 11/4/21.
A version of this article first appeared on Medscape.com.
An MD and a health care exec sued their employers for fraud: What happened?
James Taylor, MD, a former physician director of coding and medical director of revenue cycle at Kaiser’s Colorado Permanente Medical Group, just wanted Kaiser to do the right thing and stop submitting false claims to Medicare Advantage.
Dr. Taylor, who describes himself as tenacious to a fault, says he waited 7 years to file his lawsuit because he thought he could convince Kaiser to fix the coding problems on their end. He alternated between optimism and despair as Kaiser’s management supported some solutions only to shut them down later.
Finally, Dr. Taylor had had enough – the stress was getting to him, and his job was on the line.
As a last resort, he consulted a law firm that specializes in whistle-blower cases. Soon afterward, they filed a civil lawsuit in Colorado.
“My wife says that I have a justice gene – she can tell when it’s vibrating because I get amazed, not because people do wrong things, which they do all the time, but to that scale where it’s millions of dollars, and they’re being smug and acting like a bully. They thought they would never get caught and just kept going and even ramped it up in some situations,” says Dr. Taylor.
Several other whistle-blowers filed five lawsuits also alleging that Kaiser knew it was committing Medicare Advantage fraud amounting to tens of millions of dollars. The U.S. Department of Justice (DoJ) announced in July that it will join the six lawsuits and that it would file its complaint by late October.
Martin Mansukhani, a former regional CFO for Prime Health Care, was out of the country when the CEO signed a multimillion dollar contract with a cardiologist that went into effect immediately. At first, he tried to make the agreement work financially but then realized there were serious problems with the contract. He consulted a law firm, which confirmed that this was a kickback scheme in which the cardiologist was being overpaid in exchange for referring patients to Prime hospitals. The attorneys filed his whistle-blower lawsuit in 2017.
“My goal in filing the lawsuit was to get the company to stop these business practices,” says Mr. Mansukhani.
For being a whistle-blower, Mr. Mansukhani will receive nearly $10 million from the $37 settlement the DoJ negotiated. The False Claims Act entitles whistle-blowers to receive a higher reward (25% to 30%) when the DoJ doesn’t join a case than when it does (15% to 25%).
His lawsuit alleges that Prime Health Care, a hospital chain in California, its CEO, Prem Reddy, MD, and cardiologist Siva Arunasalam, MD, violated the federal Anti-Kickback Statute and the Stark Law, which generally make it illegal for anyone to offer or to provide something of value in exchange for a referral for a federal health care service. The suit also alleges that Prime had engaged in fraudulent billing practices.
The most challenging aspect was the decision to file the case. “It was a big-time commitment to pull together the evidence and to spend time interviewing law firms to determine who would best represent me, before I chose Phillips & Cohen,” says Mr. Mansukhani.
When management fails to listen
Dr. Taylor loved working at Kaiser Colorado and used to joke that he had job security as director of revenue cycle because doctors don’t like mixing business with medicine. He earned less money than when he was a family physician but “loved the lifestyle because it gave me time to spend with my wife and two young children.”
He was well thought of by the medical group – they elected him to serve on its board of directors for 4 years (2009-2013), during which time he served 2 years as chairman. They also sent him to Harvard’s executive leadership program.
As a certified risk adjustment coder and EPIC (the electronic medical records system that Kaiser used at that time) certified physician builder, Dr. Taylor had the expertise to recognize problems and fix them.
The audits that Kaiser and Dr. Taylor conducted showed high rates of errors for conditions related to cancer, stroke, and vascular disease.
“I hired a physician to review thousands of stroke codes and catch the false ones and created a filter in EPIC that weeded out incorrect codes before they were submitted,” Dr. Taylor says.
But these changes didn’t last because Kaiser managers would cancel or defund them, says Dr. Taylor. “That’s why I stayed for so many years. I would make one change and it would go very well and then they would shut it down. I would think, ‘This is great, they’re listening,’ but then it was gone. If all that had happened at once, I would have left immediately, but it was over time,” says Dr. Taylor.
He informed Kaiser Colorado’s upper management and its national organization about the problems, but he got nowhere.
Becoming a target
Dr. Taylor’s efforts to stop Kaiser from submitting false diagnosis codes didn’t sit well with the CFO.
Things came to a head in 2014 when Dr. Taylor discovered that a board meeting had been called to push him out of the company. “They said I failed a work improvement plan and that was why they needed to get me out.
“When they started saying that I was part of the problem after all the work I had done to keep their noses clean, I couldn’t tolerate it any longer. That’s when I filed the lawsuit,” says Dr. Taylor.
The stress from the “chaos and craziness” was also starting to affect his health, and he was worried that Kaiser would damage his reputation further.
He resigned in 2015. “I left 14 months before being fully vested in their retirement program.”
Employer retaliation?
Prime first sidelined and then fired Mr. Mansukhani (not for cause) in 2017 just before he filed his lawsuit. It offered him only 30 days of severance pay, which he didn’t accept. He didn’t think his firing was in retaliation for being a whistle-blower because his relationship with the chief operating officer had soured long before, in 2013, and the lawsuit was sealed.
At the time, he owned a nursing home in England that was doing well financially. He worried whether “Prime would try to retaliate against me in the U.K. I was a senior executive in a fairly high-profile position in the health care sector, and lots of informal networks exist,” says Mr. Mansukhani. But that never happened.
He found a new job right away. “At that stage of my life, I was 53 years old, and I wasn’t looking for another job. But College Healthcare in California offered me one as the CFO, which I accepted,” says Mr. Mansukhani.
Did it ruin his career?
Dr. Taylor also found a new job right away as chief medical officer of Colorado Access, where he trained practitioners on the Medicare Advantage model and documentation standards required by the Centers for Medicare & Medicaid Services (CMS). He is now an independent consultant with Principled Advantage.
Dr. Taylor’s lawsuit was filed under the False Claims Act, which requires that court documents be kept confidential (“sealed”) for at least 60 days while the DoJ investigates the case. Judges often extend that time frame.
In Dr. Taylor’s case, it took 7 years for the DoJ to unseal the documents. “The bad news is the wheels of justice turned really slowly. The good news was that I could seek employment and not have them worry about hiring a whistle-blower. As much as I didn’t like it, it was truly a blessing in disguise,” he says.
Dr. Taylor doesn’t know what the outcome of his case against Kaiser will be. When it was unsealed recently, he worried that local TV stations would show up at his doorstep and hound him or that Kaiser’s administrators would try to dig up dirt on him, which hasn’t happened.
He has no regrets about filing the lawsuit and feels vindicated because the managers/administrators who didn’t support him have been fired, including the CFO “who threw the biggest obstacles at me and defunded my work,” says Dr. Taylor.
The DoJ’s recent decision to join the consolidated whistle-blower case “was an indication that I was correct that Kaiser wasn’t doing what they should have been doing. You can’t have dishonest scales – if you’re purposely cheating the government to get promotions, more bonuses, that’s just wrong.”
Kaiser Permanente declined to comment on Dr. Taylor’s allegations and referred to its statement. “We are confident that Kaiser Permanente is compliant with Medicare Advantage program requirements, and we intend to strongly defend against the lawsuits alleging otherwise.”
“Our medical record documentation and risk adjustment diagnosis data submitted to the Centers for Medicare & Medicaid Services comply with applicable laws and Medicare Advantage program requirements. Our policies and practices represent well-reasoned and good-faith interpretations of sometimes vague and incomplete guidance from CMS,” according to the statement.
Did it make a difference?
When the government settles whistle-blower cases, the defendants usually admit no liability or wrongdoing, which some whistle-blowers find frustrating.
“I think the company was hurt by the lawsuit. It may make them think twice about doing this again,” says Mr. Mansukhani. However, he is cynical about whether the culture will change.
As part of its settlement, Prime agreed to amend its current corporate integrity agreement (CIA) from a previous 2018 settlement to include testing on physician compensation arrangements.
CIAs are standard monitoring agreements in the health care industry, and Prime asserts that it remains in full compliance, according to its statement.
Prime Health Care and Arunasalam did not respond to several interview requests. A statement from Prime in July says, “The settled matters related to an isolated, single physician practice in Southern California between 2015-2017 and billing of forty-five implantable device claims. The allegations did not involve patient care, but instead related to the valuation of a physician practice and the appropriate documentation for a limited number of implant claims totaling approximately $200,000. As soon as these matters were identified, Prime conducted an exhaustive internal review, fully cooperated with the DOJ, and negotiated a mutually acceptable resolution.”
A version of this article first appeared on Medscape.com.
James Taylor, MD, a former physician director of coding and medical director of revenue cycle at Kaiser’s Colorado Permanente Medical Group, just wanted Kaiser to do the right thing and stop submitting false claims to Medicare Advantage.
Dr. Taylor, who describes himself as tenacious to a fault, says he waited 7 years to file his lawsuit because he thought he could convince Kaiser to fix the coding problems on their end. He alternated between optimism and despair as Kaiser’s management supported some solutions only to shut them down later.
Finally, Dr. Taylor had had enough – the stress was getting to him, and his job was on the line.
As a last resort, he consulted a law firm that specializes in whistle-blower cases. Soon afterward, they filed a civil lawsuit in Colorado.
“My wife says that I have a justice gene – she can tell when it’s vibrating because I get amazed, not because people do wrong things, which they do all the time, but to that scale where it’s millions of dollars, and they’re being smug and acting like a bully. They thought they would never get caught and just kept going and even ramped it up in some situations,” says Dr. Taylor.
Several other whistle-blowers filed five lawsuits also alleging that Kaiser knew it was committing Medicare Advantage fraud amounting to tens of millions of dollars. The U.S. Department of Justice (DoJ) announced in July that it will join the six lawsuits and that it would file its complaint by late October.
Martin Mansukhani, a former regional CFO for Prime Health Care, was out of the country when the CEO signed a multimillion dollar contract with a cardiologist that went into effect immediately. At first, he tried to make the agreement work financially but then realized there were serious problems with the contract. He consulted a law firm, which confirmed that this was a kickback scheme in which the cardiologist was being overpaid in exchange for referring patients to Prime hospitals. The attorneys filed his whistle-blower lawsuit in 2017.
“My goal in filing the lawsuit was to get the company to stop these business practices,” says Mr. Mansukhani.
For being a whistle-blower, Mr. Mansukhani will receive nearly $10 million from the $37 settlement the DoJ negotiated. The False Claims Act entitles whistle-blowers to receive a higher reward (25% to 30%) when the DoJ doesn’t join a case than when it does (15% to 25%).
His lawsuit alleges that Prime Health Care, a hospital chain in California, its CEO, Prem Reddy, MD, and cardiologist Siva Arunasalam, MD, violated the federal Anti-Kickback Statute and the Stark Law, which generally make it illegal for anyone to offer or to provide something of value in exchange for a referral for a federal health care service. The suit also alleges that Prime had engaged in fraudulent billing practices.
The most challenging aspect was the decision to file the case. “It was a big-time commitment to pull together the evidence and to spend time interviewing law firms to determine who would best represent me, before I chose Phillips & Cohen,” says Mr. Mansukhani.
When management fails to listen
Dr. Taylor loved working at Kaiser Colorado and used to joke that he had job security as director of revenue cycle because doctors don’t like mixing business with medicine. He earned less money than when he was a family physician but “loved the lifestyle because it gave me time to spend with my wife and two young children.”
He was well thought of by the medical group – they elected him to serve on its board of directors for 4 years (2009-2013), during which time he served 2 years as chairman. They also sent him to Harvard’s executive leadership program.
As a certified risk adjustment coder and EPIC (the electronic medical records system that Kaiser used at that time) certified physician builder, Dr. Taylor had the expertise to recognize problems and fix them.
The audits that Kaiser and Dr. Taylor conducted showed high rates of errors for conditions related to cancer, stroke, and vascular disease.
“I hired a physician to review thousands of stroke codes and catch the false ones and created a filter in EPIC that weeded out incorrect codes before they were submitted,” Dr. Taylor says.
But these changes didn’t last because Kaiser managers would cancel or defund them, says Dr. Taylor. “That’s why I stayed for so many years. I would make one change and it would go very well and then they would shut it down. I would think, ‘This is great, they’re listening,’ but then it was gone. If all that had happened at once, I would have left immediately, but it was over time,” says Dr. Taylor.
He informed Kaiser Colorado’s upper management and its national organization about the problems, but he got nowhere.
Becoming a target
Dr. Taylor’s efforts to stop Kaiser from submitting false diagnosis codes didn’t sit well with the CFO.
Things came to a head in 2014 when Dr. Taylor discovered that a board meeting had been called to push him out of the company. “They said I failed a work improvement plan and that was why they needed to get me out.
“When they started saying that I was part of the problem after all the work I had done to keep their noses clean, I couldn’t tolerate it any longer. That’s when I filed the lawsuit,” says Dr. Taylor.
The stress from the “chaos and craziness” was also starting to affect his health, and he was worried that Kaiser would damage his reputation further.
He resigned in 2015. “I left 14 months before being fully vested in their retirement program.”
Employer retaliation?
Prime first sidelined and then fired Mr. Mansukhani (not for cause) in 2017 just before he filed his lawsuit. It offered him only 30 days of severance pay, which he didn’t accept. He didn’t think his firing was in retaliation for being a whistle-blower because his relationship with the chief operating officer had soured long before, in 2013, and the lawsuit was sealed.
At the time, he owned a nursing home in England that was doing well financially. He worried whether “Prime would try to retaliate against me in the U.K. I was a senior executive in a fairly high-profile position in the health care sector, and lots of informal networks exist,” says Mr. Mansukhani. But that never happened.
He found a new job right away. “At that stage of my life, I was 53 years old, and I wasn’t looking for another job. But College Healthcare in California offered me one as the CFO, which I accepted,” says Mr. Mansukhani.
Did it ruin his career?
Dr. Taylor also found a new job right away as chief medical officer of Colorado Access, where he trained practitioners on the Medicare Advantage model and documentation standards required by the Centers for Medicare & Medicaid Services (CMS). He is now an independent consultant with Principled Advantage.
Dr. Taylor’s lawsuit was filed under the False Claims Act, which requires that court documents be kept confidential (“sealed”) for at least 60 days while the DoJ investigates the case. Judges often extend that time frame.
In Dr. Taylor’s case, it took 7 years for the DoJ to unseal the documents. “The bad news is the wheels of justice turned really slowly. The good news was that I could seek employment and not have them worry about hiring a whistle-blower. As much as I didn’t like it, it was truly a blessing in disguise,” he says.
Dr. Taylor doesn’t know what the outcome of his case against Kaiser will be. When it was unsealed recently, he worried that local TV stations would show up at his doorstep and hound him or that Kaiser’s administrators would try to dig up dirt on him, which hasn’t happened.
He has no regrets about filing the lawsuit and feels vindicated because the managers/administrators who didn’t support him have been fired, including the CFO “who threw the biggest obstacles at me and defunded my work,” says Dr. Taylor.
The DoJ’s recent decision to join the consolidated whistle-blower case “was an indication that I was correct that Kaiser wasn’t doing what they should have been doing. You can’t have dishonest scales – if you’re purposely cheating the government to get promotions, more bonuses, that’s just wrong.”
Kaiser Permanente declined to comment on Dr. Taylor’s allegations and referred to its statement. “We are confident that Kaiser Permanente is compliant with Medicare Advantage program requirements, and we intend to strongly defend against the lawsuits alleging otherwise.”
“Our medical record documentation and risk adjustment diagnosis data submitted to the Centers for Medicare & Medicaid Services comply with applicable laws and Medicare Advantage program requirements. Our policies and practices represent well-reasoned and good-faith interpretations of sometimes vague and incomplete guidance from CMS,” according to the statement.
Did it make a difference?
When the government settles whistle-blower cases, the defendants usually admit no liability or wrongdoing, which some whistle-blowers find frustrating.
“I think the company was hurt by the lawsuit. It may make them think twice about doing this again,” says Mr. Mansukhani. However, he is cynical about whether the culture will change.
As part of its settlement, Prime agreed to amend its current corporate integrity agreement (CIA) from a previous 2018 settlement to include testing on physician compensation arrangements.
CIAs are standard monitoring agreements in the health care industry, and Prime asserts that it remains in full compliance, according to its statement.
Prime Health Care and Arunasalam did not respond to several interview requests. A statement from Prime in July says, “The settled matters related to an isolated, single physician practice in Southern California between 2015-2017 and billing of forty-five implantable device claims. The allegations did not involve patient care, but instead related to the valuation of a physician practice and the appropriate documentation for a limited number of implant claims totaling approximately $200,000. As soon as these matters were identified, Prime conducted an exhaustive internal review, fully cooperated with the DOJ, and negotiated a mutually acceptable resolution.”
A version of this article first appeared on Medscape.com.
James Taylor, MD, a former physician director of coding and medical director of revenue cycle at Kaiser’s Colorado Permanente Medical Group, just wanted Kaiser to do the right thing and stop submitting false claims to Medicare Advantage.
Dr. Taylor, who describes himself as tenacious to a fault, says he waited 7 years to file his lawsuit because he thought he could convince Kaiser to fix the coding problems on their end. He alternated between optimism and despair as Kaiser’s management supported some solutions only to shut them down later.
Finally, Dr. Taylor had had enough – the stress was getting to him, and his job was on the line.
As a last resort, he consulted a law firm that specializes in whistle-blower cases. Soon afterward, they filed a civil lawsuit in Colorado.
“My wife says that I have a justice gene – she can tell when it’s vibrating because I get amazed, not because people do wrong things, which they do all the time, but to that scale where it’s millions of dollars, and they’re being smug and acting like a bully. They thought they would never get caught and just kept going and even ramped it up in some situations,” says Dr. Taylor.
Several other whistle-blowers filed five lawsuits also alleging that Kaiser knew it was committing Medicare Advantage fraud amounting to tens of millions of dollars. The U.S. Department of Justice (DoJ) announced in July that it will join the six lawsuits and that it would file its complaint by late October.
Martin Mansukhani, a former regional CFO for Prime Health Care, was out of the country when the CEO signed a multimillion dollar contract with a cardiologist that went into effect immediately. At first, he tried to make the agreement work financially but then realized there were serious problems with the contract. He consulted a law firm, which confirmed that this was a kickback scheme in which the cardiologist was being overpaid in exchange for referring patients to Prime hospitals. The attorneys filed his whistle-blower lawsuit in 2017.
“My goal in filing the lawsuit was to get the company to stop these business practices,” says Mr. Mansukhani.
For being a whistle-blower, Mr. Mansukhani will receive nearly $10 million from the $37 settlement the DoJ negotiated. The False Claims Act entitles whistle-blowers to receive a higher reward (25% to 30%) when the DoJ doesn’t join a case than when it does (15% to 25%).
His lawsuit alleges that Prime Health Care, a hospital chain in California, its CEO, Prem Reddy, MD, and cardiologist Siva Arunasalam, MD, violated the federal Anti-Kickback Statute and the Stark Law, which generally make it illegal for anyone to offer or to provide something of value in exchange for a referral for a federal health care service. The suit also alleges that Prime had engaged in fraudulent billing practices.
The most challenging aspect was the decision to file the case. “It was a big-time commitment to pull together the evidence and to spend time interviewing law firms to determine who would best represent me, before I chose Phillips & Cohen,” says Mr. Mansukhani.
When management fails to listen
Dr. Taylor loved working at Kaiser Colorado and used to joke that he had job security as director of revenue cycle because doctors don’t like mixing business with medicine. He earned less money than when he was a family physician but “loved the lifestyle because it gave me time to spend with my wife and two young children.”
He was well thought of by the medical group – they elected him to serve on its board of directors for 4 years (2009-2013), during which time he served 2 years as chairman. They also sent him to Harvard’s executive leadership program.
As a certified risk adjustment coder and EPIC (the electronic medical records system that Kaiser used at that time) certified physician builder, Dr. Taylor had the expertise to recognize problems and fix them.
The audits that Kaiser and Dr. Taylor conducted showed high rates of errors for conditions related to cancer, stroke, and vascular disease.
“I hired a physician to review thousands of stroke codes and catch the false ones and created a filter in EPIC that weeded out incorrect codes before they were submitted,” Dr. Taylor says.
But these changes didn’t last because Kaiser managers would cancel or defund them, says Dr. Taylor. “That’s why I stayed for so many years. I would make one change and it would go very well and then they would shut it down. I would think, ‘This is great, they’re listening,’ but then it was gone. If all that had happened at once, I would have left immediately, but it was over time,” says Dr. Taylor.
He informed Kaiser Colorado’s upper management and its national organization about the problems, but he got nowhere.
Becoming a target
Dr. Taylor’s efforts to stop Kaiser from submitting false diagnosis codes didn’t sit well with the CFO.
Things came to a head in 2014 when Dr. Taylor discovered that a board meeting had been called to push him out of the company. “They said I failed a work improvement plan and that was why they needed to get me out.
“When they started saying that I was part of the problem after all the work I had done to keep their noses clean, I couldn’t tolerate it any longer. That’s when I filed the lawsuit,” says Dr. Taylor.
The stress from the “chaos and craziness” was also starting to affect his health, and he was worried that Kaiser would damage his reputation further.
He resigned in 2015. “I left 14 months before being fully vested in their retirement program.”
Employer retaliation?
Prime first sidelined and then fired Mr. Mansukhani (not for cause) in 2017 just before he filed his lawsuit. It offered him only 30 days of severance pay, which he didn’t accept. He didn’t think his firing was in retaliation for being a whistle-blower because his relationship with the chief operating officer had soured long before, in 2013, and the lawsuit was sealed.
At the time, he owned a nursing home in England that was doing well financially. He worried whether “Prime would try to retaliate against me in the U.K. I was a senior executive in a fairly high-profile position in the health care sector, and lots of informal networks exist,” says Mr. Mansukhani. But that never happened.
He found a new job right away. “At that stage of my life, I was 53 years old, and I wasn’t looking for another job. But College Healthcare in California offered me one as the CFO, which I accepted,” says Mr. Mansukhani.
Did it ruin his career?
Dr. Taylor also found a new job right away as chief medical officer of Colorado Access, where he trained practitioners on the Medicare Advantage model and documentation standards required by the Centers for Medicare & Medicaid Services (CMS). He is now an independent consultant with Principled Advantage.
Dr. Taylor’s lawsuit was filed under the False Claims Act, which requires that court documents be kept confidential (“sealed”) for at least 60 days while the DoJ investigates the case. Judges often extend that time frame.
In Dr. Taylor’s case, it took 7 years for the DoJ to unseal the documents. “The bad news is the wheels of justice turned really slowly. The good news was that I could seek employment and not have them worry about hiring a whistle-blower. As much as I didn’t like it, it was truly a blessing in disguise,” he says.
Dr. Taylor doesn’t know what the outcome of his case against Kaiser will be. When it was unsealed recently, he worried that local TV stations would show up at his doorstep and hound him or that Kaiser’s administrators would try to dig up dirt on him, which hasn’t happened.
He has no regrets about filing the lawsuit and feels vindicated because the managers/administrators who didn’t support him have been fired, including the CFO “who threw the biggest obstacles at me and defunded my work,” says Dr. Taylor.
The DoJ’s recent decision to join the consolidated whistle-blower case “was an indication that I was correct that Kaiser wasn’t doing what they should have been doing. You can’t have dishonest scales – if you’re purposely cheating the government to get promotions, more bonuses, that’s just wrong.”
Kaiser Permanente declined to comment on Dr. Taylor’s allegations and referred to its statement. “We are confident that Kaiser Permanente is compliant with Medicare Advantage program requirements, and we intend to strongly defend against the lawsuits alleging otherwise.”
“Our medical record documentation and risk adjustment diagnosis data submitted to the Centers for Medicare & Medicaid Services comply with applicable laws and Medicare Advantage program requirements. Our policies and practices represent well-reasoned and good-faith interpretations of sometimes vague and incomplete guidance from CMS,” according to the statement.
Did it make a difference?
When the government settles whistle-blower cases, the defendants usually admit no liability or wrongdoing, which some whistle-blowers find frustrating.
“I think the company was hurt by the lawsuit. It may make them think twice about doing this again,” says Mr. Mansukhani. However, he is cynical about whether the culture will change.
As part of its settlement, Prime agreed to amend its current corporate integrity agreement (CIA) from a previous 2018 settlement to include testing on physician compensation arrangements.
CIAs are standard monitoring agreements in the health care industry, and Prime asserts that it remains in full compliance, according to its statement.
Prime Health Care and Arunasalam did not respond to several interview requests. A statement from Prime in July says, “The settled matters related to an isolated, single physician practice in Southern California between 2015-2017 and billing of forty-five implantable device claims. The allegations did not involve patient care, but instead related to the valuation of a physician practice and the appropriate documentation for a limited number of implant claims totaling approximately $200,000. As soon as these matters were identified, Prime conducted an exhaustive internal review, fully cooperated with the DOJ, and negotiated a mutually acceptable resolution.”
A version of this article first appeared on Medscape.com.
Why aren’t more women doctors in the top-paying specialties?
Women compose only 6% of orthopedic surgeons, 8% of interventional cardiologists, 10% of urologists, 17% of plastic surgeons, and 18% of otolaryngologists, according to the 2020 Association of American Medical Colleges Physician Specialty Data Report.
Plastic surgeons earn an average of $526,000 annually, which is the highest-paying specialty. Otolaryngologists earn an average of $417,000 annually, and urologists earn $427,000, according to the Medscape Physician Compensation Report 2021: The Recovery Begins.
Yet, far more women are practicing in specialties that pay less. Women are the majority in pediatrics (64%), ob.gyn. (59%), internal medicine (53%), and endocrinology (51%), the AAMC data show. The exception is dermatology, which pays well and in which 51% are women. The annual average pay is $394,000.
Why are so many women avoiding the top-paying specialties?
Several physician researchers and leaders in the top-paying specialties point to four main factors: Women are attracted to specialties that have more women in faculty and leadership positions, women prioritize work-life balance over pay, women residents may be deterred from the high-paying specialties because of gender discrimination and sexual harassment, and the longer training periods for surgical specialties may be a deterrent for women who want to have children.
Lack of women leaders
The specialties with the most women tend to have the highest proportion of women in leadership positions. For example, obstetrics and gynecology had the highest proportion of women department chairs (24.1%) and vice chairs (38.8). Pediatrics had the highest proportion of women division directors (31.5%) and residency program directors (64.6%), a study shows.
Surgical specialties, on the other hand, may have a harder time attracting female residents, possibly because of a lack of women in leadership positions. A recent study that examined gender differences in attitudes toward surgery training found that women would be more likely to go into surgery if there were more surgical faculty and residents of their same gender.
An analysis of orthopedic residency programs shows that more trainees were drawn to programs that had more female faculty members, including associate professors and women in leadership positions.
Terri Malcolm, MD, a board-certified ob.gyn. and CEO/founder of Master Physician Leaders, said women need to consider whether they want to be a trailblazer in a specialty that has fewer women. “What support systems are in place to accommodate your goals, whether it’s career advancement, having a family, or mentorship? Where can you show up as your whole self and be supported in that?”
Being the only woman in a residency program can be a challenge, said Dr. Malcolm. If the residents and attendings are predominantly men, for example, they may not think about creating a call schedule that takes into account maternity leave or the fact that women tend to be caretakers for their children and parents.
The study of gender differences toward surgery training shows that 75% of women, in comparison with 46% of men, would be more willing to enter surgery if maternity leave and childcare were made available to female residents and attending physicians.
Women want work-life balance
Although both men and women want families, women still shoulder more family and childcare responsibilities. That may explain why women physicians ranked work-life balance first and compensation second in the Medscape Women Physicians 2020 Report: The Issues They Care About.
“My physician colleagues have been and are supportive of intellectual abilities, but I feel they don’t fully understand the uneven distribution of childcare issues on women,” a woman dermatologist commented.
Women may want to work fewer hours or have a more flexible schedule to take care of children. “I can count on one hand the number of women who have a part-time job in orthopedics. It’s very rare, and working part time absolutely is a barrier for someone who wants to be a surgeon,” said Julie Samora, MD, PhD, a researcher and pediatric hand surgeon at Nationwide Children’s Hospital, in Columbus, Ohio. She is also a spokesperson for the American Association of Orthopedic Surgeons.
Preeti Malani, MD, a professor of medicine who specializes in infectious diseases at the University of Michigan, chose to work full-time in academia while raising two children with her husband. In a decade, she rose through the ranks to full professor. “I took the advice of a woman who wanted to recruit me to have a full-time position with maximum flexibility rather than work part time, often for more hours and less pay. I also have tried to build my career so I was not doing all clinical work.”
Her husband is a surgeon at the University of Michigan. His schedule was not flexible, and he was unable to take on family responsibilities, said Dr. Malani. “I knew someone had to be able to grab the kids from daycare or pick them up at school if they were sick.” She also took work home and worked weekends.
Young women physicians in particular are thinking about combining parenting with work – in the Medscape report, that issue ranked third among the issues women care about. Seeing other women doctors navigate that in their particular specialty can have a positive impact.
“When I chose adolescent medicine, I remember working with a doctor in this field who talked about how much she enjoyed raising her kids even as teenagers and how much she was enjoying them as young adults. She seemed so balanced and happy in her family, and it gave me a nice feeling about the field,” said Nancy Dodson, MD, MPH, a pediatrician specializing in adolescent medicine at Pediatrics on Hudson in New York.
Rachel Zhuk, MD, a reproductive psychiatrist in New York, took a break after medical school to spend time with her newborn son. She met a woman who was also a young parent and a psychiatrist. “We were both figuring out parenting together – it was like looking into my future.” That friendship and her desire to have more time with patients influenced her decision to pursue psychiatry instead of internal medicine.
Discrimination and harassment influence specialty choice
Women doctors in the top-paying surgical and other specialties have reported experiencing more discrimination and harassment than men.
Of 927 orthopedic surgeons who responded to an AAOS survey, 66% said they experienced gender discrimination, bullying, sexual harassment, or harassment in the health care workplace. More than twice as many women (81%) experienced these behaviors as men (35%).
“This study shows that women in orthopedic surgery disproportionately experience these negative behaviors, and only a handful of institutions in the United States provide any type of training to prevent them,” said Dr. Samora, the lead author of the AAOS report.
Radiology is another male-dominated field – women represent 26% of all radiologists, the 2020 AAMC specialty report shows. A systematic review shows that 40% of women radiologists experienced gender discrimination at work, compared with 1% of men, and that 47% of women experienced sexual harassment.
Female trainees in surgery have also reported disproportionate rates of discrimination and harassment. Female general surgical residents have experienced more gender discrimination than male residents (65.1% vs. 10.0%) and more sexual harassment than male residents (19.9% vs. 3.9), a national survey indicates.
When medical students are exposed to these behaviors through personal experience, witnessing, or hearing about them, it can affect which specialty they choose. A survey of fourth-year medical students shows that far more women than men reported that exposure to gender discrimination and sexual harassment influenced their specialty choices (45.3% vs. 16.4%) and residency rankings (25.3% vs. 10.9%). Women who chose general surgery were the most likely to experience gender discrimination and sexual harassment during residency selection; women who chose psychiatry were the least likely to experience such behaviors, the report shows.
“If young trainees witness such behaviors in a specific field, they would naturally migrate toward a different specialty,” said Dr. Samora.
Trainees can also be put off by residency directors asking them inappropriate questions. Of nearly 500 female orthopedic surgeons surveyed, 62% reported that they were asked inappropriate questions during their residency interviews. “Inappropriate questions and comments directed toward women during residency interviews are clearly not conducive to women entering the field,” the authors stated. They found that little changed during the study period from 1971 to 2015.
The most frequent inappropriate questions concerned whether the prospective residents would be getting pregnant or raising children during residency and their marital status. One female orthopedic surgeon reported: “I was asked if I have children and was told that it would be too difficult to complete an orthopedic residency with children.”
The interviewers also made frequent comments about the inferiority of women to men. For example, “I was told by one program interviewer that ‘I don’t have a bias about women in medicine, I have a bias about women in orthopedic surgery,’ ” another female orthopedic surgeon commented.
Longer training
Residency training for the top-paying surgical specialties, including orthopedic surgery, plastic surgery, and otolaryngology, lasts 5-6 years. This compares with 3-4 years for the lower-paying specialties, such as pediatrics, internal medicine, and ob.gyn., according to data from the American Medical Association.
Women doctors are in their prime childbearing years during residency. Women who want to start a family will consider whether they want to get pregnant during residency or wait until they finish their training, said Dr. Malcolm.
The vast majority (84%) of 190 female orthopedic surgery trainees who responded to a survey indicated that they did not have children or were pregnant during residency. Nearly half (48%) reported that they had postponed having children because they were in training.
“The longer training is definitely a concerning issue for women of childbearing age. Many professional women are waiting to have children, for multiple reasons, but one major fear is the stigma due to taking time off from work obligations. There is a risk of irritating your peers because they may have to take on more work and cover more calls for you during your absence,” said Dr. Samora.
That fear is not unfounded. At least half of the 190 female orthopedic residents reported that they encountered bias against becoming pregnant during training from both coresidents (60%) and attendings (50%), according to the study.
Another recent survey suggests that pregnant surgical residents face several barriers during their training, including a lack of salary for extended family leave, resentment from fellow residents who need to cover for them during maternity leave, and a lack of formal lactation policies.
A few policy changes by national board organizations, including those in the surgical specialties, may make life a little easier for female trainees to have children, suggested Dr. Samora.
Residents and fellows are now allowed a minimum of 6 weeks away for medical leave or caregiving once during training, without having to use vacation or sick leave and without having to extend their training, the American Board of Medical Specialties has announced.
In addition, the American Board of Orthopaedic Surgery and the American Board of Surgery have enacted policies that allow lactating women to take a break to pump during their board exams.
A version of this article first appeared on Medscape.com.
Women compose only 6% of orthopedic surgeons, 8% of interventional cardiologists, 10% of urologists, 17% of plastic surgeons, and 18% of otolaryngologists, according to the 2020 Association of American Medical Colleges Physician Specialty Data Report.
Plastic surgeons earn an average of $526,000 annually, which is the highest-paying specialty. Otolaryngologists earn an average of $417,000 annually, and urologists earn $427,000, according to the Medscape Physician Compensation Report 2021: The Recovery Begins.
Yet, far more women are practicing in specialties that pay less. Women are the majority in pediatrics (64%), ob.gyn. (59%), internal medicine (53%), and endocrinology (51%), the AAMC data show. The exception is dermatology, which pays well and in which 51% are women. The annual average pay is $394,000.
Why are so many women avoiding the top-paying specialties?
Several physician researchers and leaders in the top-paying specialties point to four main factors: Women are attracted to specialties that have more women in faculty and leadership positions, women prioritize work-life balance over pay, women residents may be deterred from the high-paying specialties because of gender discrimination and sexual harassment, and the longer training periods for surgical specialties may be a deterrent for women who want to have children.
Lack of women leaders
The specialties with the most women tend to have the highest proportion of women in leadership positions. For example, obstetrics and gynecology had the highest proportion of women department chairs (24.1%) and vice chairs (38.8). Pediatrics had the highest proportion of women division directors (31.5%) and residency program directors (64.6%), a study shows.
Surgical specialties, on the other hand, may have a harder time attracting female residents, possibly because of a lack of women in leadership positions. A recent study that examined gender differences in attitudes toward surgery training found that women would be more likely to go into surgery if there were more surgical faculty and residents of their same gender.
An analysis of orthopedic residency programs shows that more trainees were drawn to programs that had more female faculty members, including associate professors and women in leadership positions.
Terri Malcolm, MD, a board-certified ob.gyn. and CEO/founder of Master Physician Leaders, said women need to consider whether they want to be a trailblazer in a specialty that has fewer women. “What support systems are in place to accommodate your goals, whether it’s career advancement, having a family, or mentorship? Where can you show up as your whole self and be supported in that?”
Being the only woman in a residency program can be a challenge, said Dr. Malcolm. If the residents and attendings are predominantly men, for example, they may not think about creating a call schedule that takes into account maternity leave or the fact that women tend to be caretakers for their children and parents.
The study of gender differences toward surgery training shows that 75% of women, in comparison with 46% of men, would be more willing to enter surgery if maternity leave and childcare were made available to female residents and attending physicians.
Women want work-life balance
Although both men and women want families, women still shoulder more family and childcare responsibilities. That may explain why women physicians ranked work-life balance first and compensation second in the Medscape Women Physicians 2020 Report: The Issues They Care About.
“My physician colleagues have been and are supportive of intellectual abilities, but I feel they don’t fully understand the uneven distribution of childcare issues on women,” a woman dermatologist commented.
Women may want to work fewer hours or have a more flexible schedule to take care of children. “I can count on one hand the number of women who have a part-time job in orthopedics. It’s very rare, and working part time absolutely is a barrier for someone who wants to be a surgeon,” said Julie Samora, MD, PhD, a researcher and pediatric hand surgeon at Nationwide Children’s Hospital, in Columbus, Ohio. She is also a spokesperson for the American Association of Orthopedic Surgeons.
Preeti Malani, MD, a professor of medicine who specializes in infectious diseases at the University of Michigan, chose to work full-time in academia while raising two children with her husband. In a decade, she rose through the ranks to full professor. “I took the advice of a woman who wanted to recruit me to have a full-time position with maximum flexibility rather than work part time, often for more hours and less pay. I also have tried to build my career so I was not doing all clinical work.”
Her husband is a surgeon at the University of Michigan. His schedule was not flexible, and he was unable to take on family responsibilities, said Dr. Malani. “I knew someone had to be able to grab the kids from daycare or pick them up at school if they were sick.” She also took work home and worked weekends.
Young women physicians in particular are thinking about combining parenting with work – in the Medscape report, that issue ranked third among the issues women care about. Seeing other women doctors navigate that in their particular specialty can have a positive impact.
“When I chose adolescent medicine, I remember working with a doctor in this field who talked about how much she enjoyed raising her kids even as teenagers and how much she was enjoying them as young adults. She seemed so balanced and happy in her family, and it gave me a nice feeling about the field,” said Nancy Dodson, MD, MPH, a pediatrician specializing in adolescent medicine at Pediatrics on Hudson in New York.
Rachel Zhuk, MD, a reproductive psychiatrist in New York, took a break after medical school to spend time with her newborn son. She met a woman who was also a young parent and a psychiatrist. “We were both figuring out parenting together – it was like looking into my future.” That friendship and her desire to have more time with patients influenced her decision to pursue psychiatry instead of internal medicine.
Discrimination and harassment influence specialty choice
Women doctors in the top-paying surgical and other specialties have reported experiencing more discrimination and harassment than men.
Of 927 orthopedic surgeons who responded to an AAOS survey, 66% said they experienced gender discrimination, bullying, sexual harassment, or harassment in the health care workplace. More than twice as many women (81%) experienced these behaviors as men (35%).
“This study shows that women in orthopedic surgery disproportionately experience these negative behaviors, and only a handful of institutions in the United States provide any type of training to prevent them,” said Dr. Samora, the lead author of the AAOS report.
Radiology is another male-dominated field – women represent 26% of all radiologists, the 2020 AAMC specialty report shows. A systematic review shows that 40% of women radiologists experienced gender discrimination at work, compared with 1% of men, and that 47% of women experienced sexual harassment.
Female trainees in surgery have also reported disproportionate rates of discrimination and harassment. Female general surgical residents have experienced more gender discrimination than male residents (65.1% vs. 10.0%) and more sexual harassment than male residents (19.9% vs. 3.9), a national survey indicates.
When medical students are exposed to these behaviors through personal experience, witnessing, or hearing about them, it can affect which specialty they choose. A survey of fourth-year medical students shows that far more women than men reported that exposure to gender discrimination and sexual harassment influenced their specialty choices (45.3% vs. 16.4%) and residency rankings (25.3% vs. 10.9%). Women who chose general surgery were the most likely to experience gender discrimination and sexual harassment during residency selection; women who chose psychiatry were the least likely to experience such behaviors, the report shows.
“If young trainees witness such behaviors in a specific field, they would naturally migrate toward a different specialty,” said Dr. Samora.
Trainees can also be put off by residency directors asking them inappropriate questions. Of nearly 500 female orthopedic surgeons surveyed, 62% reported that they were asked inappropriate questions during their residency interviews. “Inappropriate questions and comments directed toward women during residency interviews are clearly not conducive to women entering the field,” the authors stated. They found that little changed during the study period from 1971 to 2015.
The most frequent inappropriate questions concerned whether the prospective residents would be getting pregnant or raising children during residency and their marital status. One female orthopedic surgeon reported: “I was asked if I have children and was told that it would be too difficult to complete an orthopedic residency with children.”
The interviewers also made frequent comments about the inferiority of women to men. For example, “I was told by one program interviewer that ‘I don’t have a bias about women in medicine, I have a bias about women in orthopedic surgery,’ ” another female orthopedic surgeon commented.
Longer training
Residency training for the top-paying surgical specialties, including orthopedic surgery, plastic surgery, and otolaryngology, lasts 5-6 years. This compares with 3-4 years for the lower-paying specialties, such as pediatrics, internal medicine, and ob.gyn., according to data from the American Medical Association.
Women doctors are in their prime childbearing years during residency. Women who want to start a family will consider whether they want to get pregnant during residency or wait until they finish their training, said Dr. Malcolm.
The vast majority (84%) of 190 female orthopedic surgery trainees who responded to a survey indicated that they did not have children or were pregnant during residency. Nearly half (48%) reported that they had postponed having children because they were in training.
“The longer training is definitely a concerning issue for women of childbearing age. Many professional women are waiting to have children, for multiple reasons, but one major fear is the stigma due to taking time off from work obligations. There is a risk of irritating your peers because they may have to take on more work and cover more calls for you during your absence,” said Dr. Samora.
That fear is not unfounded. At least half of the 190 female orthopedic residents reported that they encountered bias against becoming pregnant during training from both coresidents (60%) and attendings (50%), according to the study.
Another recent survey suggests that pregnant surgical residents face several barriers during their training, including a lack of salary for extended family leave, resentment from fellow residents who need to cover for them during maternity leave, and a lack of formal lactation policies.
A few policy changes by national board organizations, including those in the surgical specialties, may make life a little easier for female trainees to have children, suggested Dr. Samora.
Residents and fellows are now allowed a minimum of 6 weeks away for medical leave or caregiving once during training, without having to use vacation or sick leave and without having to extend their training, the American Board of Medical Specialties has announced.
In addition, the American Board of Orthopaedic Surgery and the American Board of Surgery have enacted policies that allow lactating women to take a break to pump during their board exams.
A version of this article first appeared on Medscape.com.
Women compose only 6% of orthopedic surgeons, 8% of interventional cardiologists, 10% of urologists, 17% of plastic surgeons, and 18% of otolaryngologists, according to the 2020 Association of American Medical Colleges Physician Specialty Data Report.
Plastic surgeons earn an average of $526,000 annually, which is the highest-paying specialty. Otolaryngologists earn an average of $417,000 annually, and urologists earn $427,000, according to the Medscape Physician Compensation Report 2021: The Recovery Begins.
Yet, far more women are practicing in specialties that pay less. Women are the majority in pediatrics (64%), ob.gyn. (59%), internal medicine (53%), and endocrinology (51%), the AAMC data show. The exception is dermatology, which pays well and in which 51% are women. The annual average pay is $394,000.
Why are so many women avoiding the top-paying specialties?
Several physician researchers and leaders in the top-paying specialties point to four main factors: Women are attracted to specialties that have more women in faculty and leadership positions, women prioritize work-life balance over pay, women residents may be deterred from the high-paying specialties because of gender discrimination and sexual harassment, and the longer training periods for surgical specialties may be a deterrent for women who want to have children.
Lack of women leaders
The specialties with the most women tend to have the highest proportion of women in leadership positions. For example, obstetrics and gynecology had the highest proportion of women department chairs (24.1%) and vice chairs (38.8). Pediatrics had the highest proportion of women division directors (31.5%) and residency program directors (64.6%), a study shows.
Surgical specialties, on the other hand, may have a harder time attracting female residents, possibly because of a lack of women in leadership positions. A recent study that examined gender differences in attitudes toward surgery training found that women would be more likely to go into surgery if there were more surgical faculty and residents of their same gender.
An analysis of orthopedic residency programs shows that more trainees were drawn to programs that had more female faculty members, including associate professors and women in leadership positions.
Terri Malcolm, MD, a board-certified ob.gyn. and CEO/founder of Master Physician Leaders, said women need to consider whether they want to be a trailblazer in a specialty that has fewer women. “What support systems are in place to accommodate your goals, whether it’s career advancement, having a family, or mentorship? Where can you show up as your whole self and be supported in that?”
Being the only woman in a residency program can be a challenge, said Dr. Malcolm. If the residents and attendings are predominantly men, for example, they may not think about creating a call schedule that takes into account maternity leave or the fact that women tend to be caretakers for their children and parents.
The study of gender differences toward surgery training shows that 75% of women, in comparison with 46% of men, would be more willing to enter surgery if maternity leave and childcare were made available to female residents and attending physicians.
Women want work-life balance
Although both men and women want families, women still shoulder more family and childcare responsibilities. That may explain why women physicians ranked work-life balance first and compensation second in the Medscape Women Physicians 2020 Report: The Issues They Care About.
“My physician colleagues have been and are supportive of intellectual abilities, but I feel they don’t fully understand the uneven distribution of childcare issues on women,” a woman dermatologist commented.
Women may want to work fewer hours or have a more flexible schedule to take care of children. “I can count on one hand the number of women who have a part-time job in orthopedics. It’s very rare, and working part time absolutely is a barrier for someone who wants to be a surgeon,” said Julie Samora, MD, PhD, a researcher and pediatric hand surgeon at Nationwide Children’s Hospital, in Columbus, Ohio. She is also a spokesperson for the American Association of Orthopedic Surgeons.
Preeti Malani, MD, a professor of medicine who specializes in infectious diseases at the University of Michigan, chose to work full-time in academia while raising two children with her husband. In a decade, she rose through the ranks to full professor. “I took the advice of a woman who wanted to recruit me to have a full-time position with maximum flexibility rather than work part time, often for more hours and less pay. I also have tried to build my career so I was not doing all clinical work.”
Her husband is a surgeon at the University of Michigan. His schedule was not flexible, and he was unable to take on family responsibilities, said Dr. Malani. “I knew someone had to be able to grab the kids from daycare or pick them up at school if they were sick.” She also took work home and worked weekends.
Young women physicians in particular are thinking about combining parenting with work – in the Medscape report, that issue ranked third among the issues women care about. Seeing other women doctors navigate that in their particular specialty can have a positive impact.
“When I chose adolescent medicine, I remember working with a doctor in this field who talked about how much she enjoyed raising her kids even as teenagers and how much she was enjoying them as young adults. She seemed so balanced and happy in her family, and it gave me a nice feeling about the field,” said Nancy Dodson, MD, MPH, a pediatrician specializing in adolescent medicine at Pediatrics on Hudson in New York.
Rachel Zhuk, MD, a reproductive psychiatrist in New York, took a break after medical school to spend time with her newborn son. She met a woman who was also a young parent and a psychiatrist. “We were both figuring out parenting together – it was like looking into my future.” That friendship and her desire to have more time with patients influenced her decision to pursue psychiatry instead of internal medicine.
Discrimination and harassment influence specialty choice
Women doctors in the top-paying surgical and other specialties have reported experiencing more discrimination and harassment than men.
Of 927 orthopedic surgeons who responded to an AAOS survey, 66% said they experienced gender discrimination, bullying, sexual harassment, or harassment in the health care workplace. More than twice as many women (81%) experienced these behaviors as men (35%).
“This study shows that women in orthopedic surgery disproportionately experience these negative behaviors, and only a handful of institutions in the United States provide any type of training to prevent them,” said Dr. Samora, the lead author of the AAOS report.
Radiology is another male-dominated field – women represent 26% of all radiologists, the 2020 AAMC specialty report shows. A systematic review shows that 40% of women radiologists experienced gender discrimination at work, compared with 1% of men, and that 47% of women experienced sexual harassment.
Female trainees in surgery have also reported disproportionate rates of discrimination and harassment. Female general surgical residents have experienced more gender discrimination than male residents (65.1% vs. 10.0%) and more sexual harassment than male residents (19.9% vs. 3.9), a national survey indicates.
When medical students are exposed to these behaviors through personal experience, witnessing, or hearing about them, it can affect which specialty they choose. A survey of fourth-year medical students shows that far more women than men reported that exposure to gender discrimination and sexual harassment influenced their specialty choices (45.3% vs. 16.4%) and residency rankings (25.3% vs. 10.9%). Women who chose general surgery were the most likely to experience gender discrimination and sexual harassment during residency selection; women who chose psychiatry were the least likely to experience such behaviors, the report shows.
“If young trainees witness such behaviors in a specific field, they would naturally migrate toward a different specialty,” said Dr. Samora.
Trainees can also be put off by residency directors asking them inappropriate questions. Of nearly 500 female orthopedic surgeons surveyed, 62% reported that they were asked inappropriate questions during their residency interviews. “Inappropriate questions and comments directed toward women during residency interviews are clearly not conducive to women entering the field,” the authors stated. They found that little changed during the study period from 1971 to 2015.
The most frequent inappropriate questions concerned whether the prospective residents would be getting pregnant or raising children during residency and their marital status. One female orthopedic surgeon reported: “I was asked if I have children and was told that it would be too difficult to complete an orthopedic residency with children.”
The interviewers also made frequent comments about the inferiority of women to men. For example, “I was told by one program interviewer that ‘I don’t have a bias about women in medicine, I have a bias about women in orthopedic surgery,’ ” another female orthopedic surgeon commented.
Longer training
Residency training for the top-paying surgical specialties, including orthopedic surgery, plastic surgery, and otolaryngology, lasts 5-6 years. This compares with 3-4 years for the lower-paying specialties, such as pediatrics, internal medicine, and ob.gyn., according to data from the American Medical Association.
Women doctors are in their prime childbearing years during residency. Women who want to start a family will consider whether they want to get pregnant during residency or wait until they finish their training, said Dr. Malcolm.
The vast majority (84%) of 190 female orthopedic surgery trainees who responded to a survey indicated that they did not have children or were pregnant during residency. Nearly half (48%) reported that they had postponed having children because they were in training.
“The longer training is definitely a concerning issue for women of childbearing age. Many professional women are waiting to have children, for multiple reasons, but one major fear is the stigma due to taking time off from work obligations. There is a risk of irritating your peers because they may have to take on more work and cover more calls for you during your absence,” said Dr. Samora.
That fear is not unfounded. At least half of the 190 female orthopedic residents reported that they encountered bias against becoming pregnant during training from both coresidents (60%) and attendings (50%), according to the study.
Another recent survey suggests that pregnant surgical residents face several barriers during their training, including a lack of salary for extended family leave, resentment from fellow residents who need to cover for them during maternity leave, and a lack of formal lactation policies.
A few policy changes by national board organizations, including those in the surgical specialties, may make life a little easier for female trainees to have children, suggested Dr. Samora.
Residents and fellows are now allowed a minimum of 6 weeks away for medical leave or caregiving once during training, without having to use vacation or sick leave and without having to extend their training, the American Board of Medical Specialties has announced.
In addition, the American Board of Orthopaedic Surgery and the American Board of Surgery have enacted policies that allow lactating women to take a break to pump during their board exams.
A version of this article first appeared on Medscape.com.