Iowa doctor Dr. Gabriel Alejandro Hernandez-Roman is now imprisoned because of HIPAA violation. Allegedly, the doctor viewed the health records of present and past romantic couples with no consent and disclosed an unauthorized picture of a patient to his mom through Snapchat.
Dr. Hernandez-Roman, 31 years old, a resident of Isla Verde, Puerto Rico, was found to have viewed individuals’ healthcare records with no consent. He was a resident at two University of Iowa hospitals from 2020 to 2023, one in Iowa City, and one in Cedar Rapids. In June 2023, someone filed a complaint with a hospital where Dr. Hernandez-Roman worked. Allegedly, the doctor viewed the health data of two people without their knowledge or permission. The two people were not patients of Dr. Hernandez-Roman. They were ex-romantic partners. The complainant stated that the doctor was having relationships with the patients, and intimidated them after impermissibly viewing their health data. The University of Iowa Hospitals and Clinics (UIHC) investigated the complaint and confirmed the doctor’s privacy violations.
When one female patient found out that Dr. Hernandez-Roman accessed her health data, the doctor told her to notify the hospital that she had given the doctor her permission to view her data. Dr. Hernandez-Roman viewed another woman’s health data, including her medical files when she was a child and her adult psychological files, without permission. He told the investigator he did so because of his concern that she might be having a psychotic breakdown. In another case in January 2022, Dr. Hernandez-Roman photographed a patient’s prolapsed rectum and gave the photo to a woman he was dating at the time but he lied and told the investigator that he sent the photo to his mother using Snapchat, which he states was a reminder not to neglect fiber intake.
The Iowa Board of Medicine investigated Dr. Hernandez-Roman and ascribed his conduct to poor mental health as well as cultural and language limitations. Nevertheless, the Board of Medicine rejected those claims, penalizing him $7,500 and revoking his Emergency Medicine Residency license. Dr. Hernandez-Roman was accused of criminal HIPAA violations and on June 28, 2024, he pleaded guilty to one count of wrongfully acquiring personally identifiable health data associated with a person under pretenses. He might serve a jail term of 5 years and pay a penalty of about $250,000. Chief Judge C.J. Williams of the Cedar Rapids United States District Court sentenced Dr. Hernandez-Roman to 1 month in prison and 3 years of monitored parole and instructed him to give a $1,000 penalty.
Before the suspension of Dr. Hernandez-Roman’s license can be removed, the doctor should finish a detailed psychological test, accomplish any recommended therapy, and give a certificate of completion for finishing the board-approved course on ethics, recordkeeping, expert boundaries, and patient security.
Image credit: Teodor Lazarev, AdobeStock
