All proper and duly recognized credit is given to the original sources of these articles. Please visit those original web sites for additional articles that may be available on the subject of Patient Medical Record Confidentiality---Webmaster

Could Osama bin Laden and other terrorists have access to the medical records of thousands of retired and active duty American military personnel? That's one possibility according to a story of overseas outsourcing, broken promises, corporate intimidation and massive technological failure told by Susan Purdue, a former employee of the MedQuist medical transcription company. (A full interview will air Sunday afternoon from 1 until 4 p.m.on WWNC-AM 570.)

Purdue said MedQuist, had contracted with the Veterans Administration to transcribe voice dictation from doctors at Veterans Administration Medical Centers around the world. According to Purdue, some of this transcription work has been done by offshore workers in India and Pakistan. Purdue says American transcriptionists are paid 10 to 12 cents per line. Companies in India and Pakistan will do an entire page of notes for less than 25 cents. MedQuist's Web site notes the company has "10,000 US/based transcribers." No mention is made of overseas workers.

The Tribune contacted MedQuist for comments on the allegations raised in this story. According to Dale Iorillo, Executive Vice President of MedQuist's Eastern Division: "In response to your question on whether MedQuist outsources the processing of military medical records offshore, the answer is categorically no. The company does not send medical information of any kind related to VA patients offshore. All of those records are maintained in the U.S."

MedQuist is listed at MEDQ on the NASDAQ and is 71 per cent owned by Netherlands-based Royal Phillips Electronics. Purdue was one of the first Asheville area employees for MedQuist and its predecessor, MedTran. The local office closed this week.

Purdue served as the Asheville office's computer systems administrator. As such she routinely saw transcribed files that were being transferred back to the company's file servers. She said she first noticed something was wrong shortly after the terrorist attacks of September 11, 2001. "I noticed documents coming through the system that were dated 12 to 14 hours in the future. I couldn't understand that. We had a company rule that we would provide a 24 hour turnaround. Accurate time stamping was critical. When I asked management where those files were coming from I was told they were offshore stuff. I thought Bermuda or the Bahamas. They said no, it was India and Pakistan."

Realizing the Veterans Administration hospital system was one of the firm's largest customers, Purdue said she asked, "Are veterans records being transcribed in India and Pakistan?" Purdue said her manager told her to mind her own business, get back to work, do her job. "I assumed it was private work coming in and for a while I ignored it."

The situation changed in January 2002 when she saw a file that contained areport from an American soldier who had been shot in leg in Kandahar, Afghanistan. "He was telling his doctors where he had been, what unit he was with, what weapons he had been firing and said he wanted to get back because his unit was being redeployed to the Korean DMZ."

Purdue said she realized this was the file of an active duty soldier and contacted the Veterans Administration Central Office. She learned that MedQuist was doing the physicals for all the pilots and many other soldiers and airmen that were going overseas. These files contained vital information such as name, rank, home address, names of relatives, current duty station and locations to which records should be sent including upcoming overseas assignments.

If released to the wrong hands, this data could jeopardize missions, endanger families and provide other vital information to the Taliban, Al Qaeda or other regimes including Iraq and North Korea.

Purdue said she raised her concerns with a corporate vice president at the company's national technical meeting in Atlanta in April, 2002.

"We were sitting at a table with several other corporate and regional company officials. This one VP said, 'Sue, I'm a veteran, too. Sometimes we have to go along to get along. Don't let your ethics ruin a perfectly good career.' Everybody heard what he said. Nobody said anything."

Purdue emphasized the significance of keeping American service records in the U.S. by recounting the story of a Pakistani transcriptionist who allegedly threatened to post medical records on the Internet unless she was paid by her employer. "She certainly knew the value of this information. There existed a very real possibility that terrorists can use these records to target the service member's families, as well as steal the identity of service members. A service member could be captured and his or her captors could know more about the service member then he or she knows about themselves."

After being rejected by MedQuist management, Purdue contacted the VA Network Operations Center in Martinsburg, VA, and spoke with the chief of operations, Od White, from Asheville. She said she also spoke with Cynthia Burkes with the security branch of the VA. They all said, "You're in trouble, you need a lawyer."

Recounting her story during a telephone interview, Purdue's voice suddenly dropped to a whisper. Her husband, Paul, is an Irish citizen who is in the U.S. on a green card. She is afraid of what may happen to them. "I should have gone to the FBI sooner than I did," she said. "I'm afraid. Paul might be deported and I'm going to disappear."

Purdue contacted a local lawyer, Susan Lewis, who sent her to Mike Matthews, a labor lawyer in Charlotte. "I told him the story and he freaked out," Purdue recalled. "He contacted the National Security Agency, the FBI, and the Dept. of Homeland Security. Then he said I needed a criminal lawyer to get federal immunity from prosecution."

Purdue's next attorney was Sean Devereux of Asheville. Together with her husband Paul, Susan and attorneys Lewis and Devereux, met with FBI on August 7, 2002. Purdue said she provided complete documentation of the overseas outsourcing including patient lists, phone logs of who she talked to; e-mails and internal e-mails from the company that instructed her not to talk to anyone about this.

The FBI said they would investigate. But after several months nothing happened. Purdue said Matthews told Purdue she would have to notify her employer in order to protect herself. On Sept. 16, 2002, she did so with an e-mail message notifying them that she had met with FBI.

What followed was a year of what Purdue feels was intentional persecution from local and corporate management. Because she had notified her employer she said she was protected from dismissal by federal whistle blower statutes. According to Purdue, these regulations did not prevent her from being ostracized.

"My office was in the computer file server room. We had computers generating heat and they turned off my air conditioning. During the summer it was 100 degrees in there. I'd go into the break room and conversations would stop. People would start whistling or leave. No one would speak to me."

In desperation, Purdue said she faxed a letter to the White House and to the President of the VFW. She also sent one to Senator John Edwards, whose office got the EEOC involved. "They told me they only protect you if it's sexual, age or disability. There's nothing for whistle blowers."

Purdue also tried NC and US Departments of Labor. "They had no idea what to do; they referred me to administrative law judges. The judge told me I was protected by Sarbanes-Oxley. OSHA said I should file a complaint."

In April 2003, Purdue finally contacted OSHA. "I was at the end of my rope. As soon as MedQuist received notice of my claim they gave me a $500 per week raise, turned the A/C back on and put the lock on my door again so I could lock it. They also resumed inviting me to staff parties."

OSHA dismissed the claim. The OSHA investigator told Purdue, "I'm not saying the retaliation didn't happen, I'm just saying you can't prove it."

After the dismissal, MedQuist's regional vice president called her at home on February 12, 2004, and said, "Tomorrow's your last day at the office."

The Asheville MedQuist office at 932 Hendersonville Road closed March 31. According to a manager who was in the office, no one was fired, no one was laid off and there were no transcriptions being conducted in India or Pakistan.

The Sarbanes-Oxley Act of 2002 to which Purdue referred was passed by congress in the wake of the Enron financial failure. It protects financial whistle blowers and prevents companies from shredding or otherwise disposing of documents during an accounting inquiry. It also requires that financial statements filed with the SEC be certified by the CEO and CFO.

If Purdue's allegations of overseas outsourcing are confirmed, she said they may have created so much profitability on MedQuist's government contracts that the contract might be considered procurement fraud. Nearly coincidental with her disclosures, MedQuist announced on March 24 that "it will not be able to file its Annual Report on Form 10-K for the fiscal year ended December 31, 2003 with the Securities and Exchange Commission (SEC) by the March 30 extended filing deadline."

MedQuist's president, Gregory M. Sebasky, issued the following statement in response to the Tribune inquiry regarding the delay in releasing financial statements: "As to the possible billing irregularity issues at MedQuist, the internal review will provide a clear picture of the situation and we cannot comment further until such time as the review is completed. The potential irregularity was identified by one of our employees who brought this to our attention as part of our management controls. The most important issue here is that we want to ensure that the review is conducted accurately and thoroughly - no matter how long the process takes.

We have a very large customer base, and by virtue of that fact alone, it will take time for a comprehensive review to be completed."

Meanwhile, whistle blower Susan Purdue is looking for a new job. Her major concern is that her husband may be deported. She also hopes that Senator Edwards can get Congress to investigate MedQuist's transcription practices for Veterans Administration contracts, and what she believes is the retaliation aimed at her because of her honesty and conscience.

Purdue said she has spent her life savings on legal fees while the government has done nothing to protect her.

Recognizing that MedQuist denies the allegations it is too soon to judge. But if Purdue's allegations are confirmed, thousands of American soldiers, veterans and their families will be safer because one American citizen had the guts to come forward and do the right thing.

This special report filed by Bill Fishburne for The Tribune. Copyright 2004

Bill Fishburne is a co-founder of The Asheville Tribune and operates Fishburne Communications, a public relations agency. He hosts the Bill Fishburne show on WWNC-AM 570 Sunday afternoons, 1-4 p.m.

MedQuist Clams Up - See Original Source Link Below http://www.ashevilletribune.com/tailor_bank122.htm

Wednesday, October 22, 2003

"Your patient records are out in the open... so you better track that person and make him pay my dues."

A woman in Pakistan doing cut-rate clerical work for UCSF Medical Center threatened to post patients' confidential files on the Internet unless she was paid more money.To show she was serious, the woman sent UCSF an e-mail earlier this month with actual patients' records attached.

The violation of medical privacy - apparently the first of its kind - highlights the danger of "offshoring" work that involves sensitive materials, an increasing trend among budget-conscious U.S. companies and institutions.

U.S. laws maintain strict standards to protect patients' medical data. But those laws are virtually unenforceable overseas, where much of the labor- intensive transcribing of dictated medical notes to written form is being exported.

"This was an egregious breach," said Tomi Ryba, chief operating officer of UCSF Medical Center. "We took this very, very seriously."

She stressed that the renowned San Francisco facility is not alone in facing the risk of patients' confidential information being used as leverage by unscrupulous members of the increasingly global health-care industry.

"This is an issue that affects the entire industry and the entire nation," Ryba said.

Nearly all Bay Area hospitals contract with outside firms to handle at least a portion of their voluminous medical-transcription workload. Those firms in turn frequently subcontract with other companies.

In the case of the threat to release UCSF patient records online, a chain of three different subcontractors was used. UCSF and its original contractor, Sausalito's Transcription Stat, say they had no knowledge that the work eventually would find its way abroad.

The Pakistani woman's threat was withdrawn only after she received hundreds of dollars from another person indirectly caught up in the extortion attempt. The $20 billion medical-transcription business handles dictation from doctors relating to all aspects of the health-care process, from routine exams to surgical procedures. Patients' full medical histories often are included in transcribed reports.

While it's impossible to know for sure how much of the work is heading overseas, the American Association for Medical Transcription, an industry group, estimates that about 10 percent of all U.S. medical transcription is being done abroad.

For two decades, UCSF has outsourced a portion of its transcription work to Transcription Stat. Kim Kaneko, the owner of the Sausalito firm, said she maintains a network of 15 subcontractors throughout the country to handle the "hundreds of files a day" received by her office.

One of those subcontractors is a Florida woman named Sonya Newburn, whom Kaneko said she'd been using steadily for about a year and a half. Kaneko knew that Newburn herself used subcontractors but assumed that was as far as it went.

What Kaneko said she didn't know is that one of Newburn's transcribers, a Texas man named Tom Spires, had his own network of subcontractors. One of these, apparently, was a Pakistani woman named Lubna Baloch.

On Oct. 7, UCSF officials received an e-mail from Baloch, who described herself as "a medical doctor by profession." She said Spires owed her money and had cut off all communication. Baloch demanded that UCSF find Spires and remedy the situation.

She wrote: "Your patient records are out in the open to be exposed, so you better track that person and make him pay my dues or otherwise I will expose all the voice files and patient records of UCSF Parnassus and Mt. Zion campuses on the Internet."

Actual files containing dictation from UCSF doctors were attached to the e- mail. The files reportedly involved two patients.

"I can't believe this happened," Kaneko said. "We've been working for UC for 20 years, and nothing like this has ever happened before."

The files in question were quickly traced to Newburn, the Florida woman, who typically handled about 30 UCSF files every day.

An emotional Newburn said in an interview that she's as much a victim as Kaneko. "I feel violated," she said.

Nevertheless, she said she's taking responsibility for what happened, even though she said she explicitly told Spires not to send any work overseas. "What he did was despicable," Newburn said.

Spires could not be reached for comment. E-mail to his company, Tutranscribe, was returned as undeliverable this week.

Newburn said she contacted Spires as soon as she learned about Baloch's threat and obtained a number to reach the Pakistani transcriber at her home in Karachi.

"I spoke with her," Newburn said. "She was very upset but said she wouldn't have really released the files. So I said she had to take back the threat."

Newburn agreed to pay a portion of the money Baloch claimed she was owed - about $500 - and Baloch said she would tell UCSF that its files were safe.

On Oct. 8, UCSF received a second e-mail from Baloch. "I verify that I do not have any intent to distribute/release any patient health information out and I have destroyed the said information," she wrote. "I am retracting any statements made by me earlier."

The problem, however, will not go away so easily.

"We do not have any evidence that the person has destroyed the files," acknowledged UCSF's Ryba.

Moreover, how can UCSF or any other medical institution prevent something like this from happening again? Should legislation be passed barring U.S. medical data from going overseas?

"I don't know the answer to that," responded Amy Buckmaster, president of the American Association for Medical Transcription. "We don't say that outsourcing is a terrible thing. We say that it needs to be disclosed."

UCSF has reached the same conclusion. Ryba said the medical center is revising its contracts with transcription firms to require up-front notice of all subcontracting.

At the same time, she accepts that with a growing percentage of transcription work being exported abroad, there will always be a chance that something like this could happen again.

"We'll have to live with this risk on a daily basis," Ryba said.

David Lazarus' column appears Wednesdays, Fridays and Sundays. He also can be seen regularly on KTVU's "Mornings on 2."

Send tips or feedback to dlazarus@sfchronicle.com.

More On Outsourcing Lazarus: Sensitive data can get in the wrong hands (11/30/03)

Stopping ID theft by memo (11/28/03)

Pakistani threatened UCSF to get paid (11/12/03)

Credit agencies sending our files abroad (11/07/03)

Privacy takes a backseat (10/24/03)

Tough lesson on medical privacy (10/22/03)