By now, you’ve probably seen the strange note that Donald Trump’s longtime doctor, Harold Bornstein, wrote last winter to proclaim the Donald a model of health. It didn’t come as a result of a detailed physical. Nope, it came via note typed in five minutes with Trump essentially breathing down his neck. That should make you wonder about the kind of care Bornstein’s other patients get.
But if that doesn’t unnerve anyone who is under this doctor’s care, here’s something that should. Look very closely at the footage of Bornstein’s bizarre interview with NBC News on Friday night.
Notice what’s on Bornsteen’s computer screen? It’s the telltale desktop of Windows XP. Tim Burke of Deadspin noticed it, and alerted Matt Novak of sister publication Gizmodo. Both Burke and Novak came to the same conclusion–the nation may have borne witness to a flagrant HIPAA violation in plain sight, one that puts Bornstein’s patients in astronomical danger.
For those who don’t know, Microsoft largely stopped supporting XP in 2014. Last summer, it stopped providing updates for the XP version of Microsoft Security Essentials–virtually the only antivirus/firewall option for those holdouts still using XP. According to Novak, opinion in the computer security community is virtually unanimous that “Windows XP is unsafe at this point.”
Since 2015, critical updates have only been available to users who buy a “custom support” package at a price that would be steep even for the most profitable medical practice–$200 per PC in the first year, $400 per PC in the second year, and as much as $600 per PC in the second year. Unless I’m very wrong, that’s far more than it would cost to simply upgrade to a more secure operating system like Windows 8.1 or Windows 10.
Unless Bornstein has bought a custom support package, any patients’ information stored on his practice’s computer systems would essentially be wide open to hackers. HIPAA explicitly requires doctors to make continued updates to their systems in order to ensure patients’ privacy is protected. Indeed, this seems to be one of the very situations that HIPAA was written to prevent. If leaving your patients’ information exposed to hackers isn’t a violation of the doctor’s oath to do no harm, what is?
But there are some things where just doing what the law requires is not enough. Patients’ privacy is one of them. Even if he is paying a steep price for custom support from Microsoft, wouldn’t you think that money would be better spent on simply upgrading his systems? Oh, and there’s the little matter of peace of mind. No patient should ever have to question whether their doctor is adequately protecting their privacy.
Speaking of peace of mind–when I tried to check out Bornstein’s Website, I found this.
Yup, apparently his domain was hijacked and redirected to an e-commerce site selling singing teddy bears. Would you entrust your care to a doctor who couldn’t be bothered to keep his own Website from being hijacked? I wouldn’t.
Word to the wise, folks. If your doctor’s practice is running Windows XP, get your records and run, don’t walk, to another doctor right away. Don’t take a chance on your information being hacked.
(featured image courtesy NBC News)