should we report husband’s ex-wife to her boss?

A reader writes:

My husband’s ex-wife has been breaking into his email for the past year. They have been divorced for 2 years. She just can’t stay out of our lives!

Well, here is why I am asking you. She works as a managing editor for a publishing company that produces a Catholic health care magazine. My husband is a physician with all this patient information in his email. We have proof she has been doing this and we have proof she has only done it from her work computer. Should her boss know she might be getting information improperly? Actually, it’s called federal wire tapping act, and breaking HIPAA violations, which could be thousands of dollars in fines for her company.

Why doesn’t your husband change the password on his email? If for some reason that won’t solve the problem (and I don’t know why it wouldn’t), he should set up a new email account. These are much cleaner and more effective solutions. You’re looking for drama when there doesn’t need to be any.

Your issue isn’t really that there’s patient information in your husband’s email account, and come on, you know that. Your issue is that she’s violating his privacy, period, regardless of where she’s doing it from or what she’s finding. Don’t engage; just change the email password or change the account if necessary, and move on.

{ 10 comments… read them below }

  1. Vishveshwar Jatain*

    Love the solution you gave on this! It's the most reasonable thing to do – change the password…

  2. jmkenrick*

    I like the solution you offered. It is of course, possible to hack into someone's e-mail without a password, but that doesn't sound like what the woman is describing.

    If that's taking place though, the person to notify first is not the woman's boss.

  3. Kate Hutchinson*

    I have to disagree with your response. Yes, the husband should change his password, that's the obvious solution, but just ignoring the fact that she has been breaking into a confidential source is not right.

    Instead of reporting the issue to the ex-wife's boss, this should be reported to the ex-husband's boss. The company should know that private information, particularly patient information, has been leaked. That's business critical information. Let senior management decide what the best course of action is.

  4. Charles*

    I'll second Kate's suggestion – report it to the husband's boss. Let the higher-ups in the "victim" company decide what to do.

    If the husband is a self-employed doctor, and therefore, the highest boss; he should then contact his lawyer.

    I do agree with the idea that reporting the ex-wife to her boss sounds like trying to create drama – as in "This will teach her!"

    It seems to me that this goes beyond a "he said, she said" issue. I'm not a lawyer; But, could it have legal ramifications?

    The bottom line is this:

    Protecting the patients' confidential information should take priority before all else in this situation.

    It doesn't matter that the ex-wife is NOT looking for patient inoformation; she is still breaking into a system where it is available – that's what should be reported. If I were a patient of his (where is this doctor, by the way? Just so I know If I should be concerned.) and I heard about this I would be upset.

  5. Rebecca*

    Bad news: HIPAA violations are very rarely pursued as criminal cases; they're more commonly used as evidence in civil suits. Usually all that ever happens is that the health care worker who allowed the leak gets fired.

    Worse news: That'll probably be the OP's husband if this gets out. And frankly, if he was sharing PHI (Protected Health Information, for those of you new to the HIPAA minefield) over personal e-mail, AND was so ignorant of data security that his ex-wife could read his e-mail… the best he could hope for is that this goes away quietly.

    The right/honorable thing to do is for the OP's husband to follow Kate's advice… the CYA thing to do is to make it so the ex can't read his e-mail anymore, and shut up.

  6. Prats*

    I have been reading ur blog on Feeds for a long time… But this post required a comment…

    Kudos to you, all your posts have been great, relevant and sensible….

    But this one is a bit different, since this is an Ethical issue more than a HR issue… Great advice highly practical and moral.

    Appreciate your writing a lot :-)

  7. Anonymous*

    To answer the title question:

    No, you should find another way to get back at his ex. Alternately, grow up.

  8. Anonymous*

    This is an interesting situation. I work in IT, and have had some… unfortunate encounters with HIPAA and data security issues. I have also seen situations similar to what the original poster describes.

    I have seen situations where following a breakup one partner has gone to extreme measures to violate the privacy of the other – ranging from installing spyware on computers to cracking password reset functions and even using social engineering tactics to get tech support to reset passwords. It is quite possible that this situation goes beyond simply changing the e-mail account password.

    First, I would ask what type of account is being accessed? If this is his personal account, why is patient health information going there? There are additional security measures that need to be taken under HIPAA, which usually include not using personal e-mail accounts or public servers to handle personal health information.

    If, on the other hand, this is a company account or an e-mail account that should be suitably secure, you may need to have a security audit done to determine how the person is getting access to the e-mails.

    As other respondents have mentioned, I believe that in the end, this is something that could come back to bite you. In a worst case scenario, the ex-wife may have something she can use against the husband – the fact she was able to access that medical information.

Comments are closed.