Officials deny hospital source of media ‘leak’

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.phiprivacy.net/?p=11994

It started with this report that recording artist Joel Mendoza was
planning on suing Victor R. Potenciano Medical Center for releasing
his personal information, including his address, to the media. Mendoza
had reportedly been the victim of a violent robbery attack. Although
police had identified two suspects in the attack, they had not been
arrested at the time of the February 23 news story:

According to Mendoza, he was “100 percent” sure the hospital was
source of the information published by the tabloids, as a check of the
hospital admission form showed that the error made in the spelling of
his building’s name there was the same one that was made by the
tabloids.

“Was that a coincidence? Now you tell me,” Mendoza said.

He added the media could not have gotten the information from the
police, since the reports were published even before investigators
obtained his personal information from him.

According to Mendoza, as a result of the disclosure, he and his driver
cannot help but fear for their lives, considering the fact that the
suspects are still at large.

Now the hospital is striking back, to defend its reputation. In a
letter to the editor in today’s Philippine Daily Inquirer, hospital
spokespeople write:

We categorically deny Joel Mendoza’s allegation that we leaked
personal information on his confinement in our hospital to media.
While we normally do not argue with our patients regarding their
complaints about our services, we have to make this denial in the
interest of fairness and truth.

[...]

Mendoza’s claim that we were the source of the leakage “100 percent”
is baseless. It is on record that as early as Feb. 19, 2013, at around
9:30 a.m., Raflores had given his statement to police investigators.
Immediately, thereafter, while in the police precinct of Mandaluyong
City, Raflores was interviewed by media. His sworn statement shows he
used the personal address of Mendoza. Hence, Mendoza’s claim that
media could not have gotten the information from the police, since the
reports were published even before investigators obtained his personal
information, does not hold water.

Lastly, Mendoza alleged that a spelling error in the name of his
building address in his hospital admission form could be found in a
tabloid reporter’s record; this, according to Mendoza, could not just
be a mere coincidence. We have carefully checked the entries in our
hospital admission sheet; we found no such misspelling.

Read more on Philippine Daily Inquirer.

We saw what happened here in the U.S. when Prime Health and Shasta
Regional Medical Center took to the media to respond to a patient’s
statements – they got fined for violating California’s medical
confidentiality law, and the case is still under investigation by the
U.S. Department of Health & Human Services. I wonder whether this
hospital is permitted to defend its reputation this way. Would this be
deemed a violation of the patient’s rights under the  Philippine
Medical Association Declaration on the Rights and Obligations of the
Patient (Section 9) or would this be viewed as a case of a patient
having violated the provisions on “Obligation to Respect the Rights of
Health Institutions” and the obligation to pursue mediation.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.