Iowa Doctor to Serve 5-Year Jail Terms for HIPAA Violations

An emergency room physician in Iowa has confessed to violating HIPAA laws by purposefully accessing the health data of two patients with no authorization nor treatment relationship with them. From 2020 to 2023, 30-year-old Dr. Gabriel Alejandro Hernandez Roman spent his residency at two University of Iowa hospitals – in Cedar Rapids and Iowa City. In that period, Hernandez Roman intentionally acquired the health data of two persons without their knowledge or permission. The two patients who were former romantic partners were not treated by Hernandez Roman.

University of Iowa Hospitals and Clinics (UIHC) started investigating at the begining of 2023 into the supposed privacy violations. It was confirmed that the doctor accessed patient records and so UIHC inquired Hernandez Roman with regards to his reason for accessing health records. Hernandez Roman said the first woman was his romantic partner and he viewed her records to find out if she was experiencing a psychotic breakdown. He also accessed another ex-partner’s records to see if her laboratory test data showed positive for sexually transmitted infections.

Another incident in January 2022, Hernandez Roman took a picture of the prolapsed rectum of a patient without valid medical reason and sent the picture plus an unprofessional comment via Snapchat to a lady he was dating. When investigated, Hernandez Roman lied by saying that the reason for sharing the picture to his mother was to tell her the necessity of fiber consumption. After the investigation, UIHC terminated the Emergency Medicine Residency of Hernandez Roman.

The Iowa Board of Medicine also investigated Hernandez Roman for his performance and HIPAA privacy violations during his residency. The Board of Medicine investigation showed that Hernandez Roman’s performance was not satisfactory. He has poor recordkeeping and spends a long time using his phone. Many patients had asked for a different doctor for their treatment. Nurses complained about his unprofessionalism in dealing with personnel, patients, and patients’ relatives. The board additionally discovered that he was moonlighting at an Ottumwa hospital without authorization from UIHC and he failed to complete his expected coursework.

Hernandez Roman attributed his unprofessional conduct to poor mental health and language and cultural barriers. The Board of Medicine rejected those excuses which he provided to justify his access to the private health data of women he claimed to have a relationship with because he had a record of dishonesty. The Board of Medicine suspended Hernandez Roman’s license indefinitely in February 2024 due to unprofessional behavior and incompetence. A $7,500 financial penalty was issued as well. To lift the suspension, Dr. Hernandez Roman must undergo a complete psychological assessment, finish the recommended treatment, and give a certification after taking a board-accredited course on professional boundaries, ethics, patient privacy, and recordkeeping.

Hernandez Roman also faced charges of criminal HIPAA violations. He admitted his guilt to one count of wrongfully obtaining individually identifiable health information of a person under false pretenses. He will serve up to 5 years in jail, pay a $250,000 penalty and be on supervised release for three years.

Tags

Daniel Lopez

Daniel Lopez

Daniel Lopez stands out as an exceptional HIPAA trainer, dedicated to elevating standards in healthcare data protection and privacy. Daniel, recognized as a leading authority on HIPAA compliance, serves as the HIPAA specialist for Healthcare IT Journal. He consistently offers insightful and in-depth perspectives on a wide range of HIPAA-related topics, addressing both typical and complex compliance issues. With his extensive experience, Daniel has made significant contributions to multiple publications such as hipaacoach.com, ComplianceJunction, and The HIPAA Guide, enriching the field with his deep knowledge and practical advice in HIPAA regulations. Daniel offers a comprehensive training program that covers all facets of HIPAA compliance, including privacy, security, and breach notification rules. Daniel's educational background includes a degree in Health Information Management and certifications in data privacy and security. You can contact Daniel via HIPAAcoach.com.

Get The FREE HIPAA Checklist

Discover everything you need to become HIPAA compliant
Scroll to Top

Get the free newsletter

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name

Get The FREE HIPAA Checklist

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name