Doctor accused of illegally accessing University of Michigan computers to change performance reviews
A former resident physician in the University of Michigan Health System's Department of Pathology is accused of illegally accessing health system computers last year to boost his performance evaluations, university police said.
Dr. Eric George Batterson, 34, of Scio Township, was arraigned Tuesday afternoon in 15th District Court on nine counts each of unauthorized access of computers and using computers to commit a crime, as well as one count of possessing a Taser.
He was released on a personal recognizance bond, university police spokeswoman Diane Brown said. If convicted, he could spend the rest of his life in prison.
Attempts to reach Batterson on Friday by phone and e-mail were unsuccessful.
According to court records, the alleged illegal activity occurred between March 1 and April 23 of 2009. Police say Batterson was working as a resident physician at the time.
Batterson is accused of installing software on computers that records keystrokes, allowing him to obtain passwords to access other computers and colleagues' e-mail accounts, Brown said.
Police say Batterson used that access to boost his performance evaluations, while negatively altering those of his colleagues. In some cases, Batterson sent out e-mails from colleagues' accounts, Brown said.
Investigators began the probe after "one of the employees in the unit observed that their e-mail account had been compromised," Brown said. Officers executed a search warrant at Batterson's home during the investigation and recovered items, including a Taser, Brown said. It's unclear why Batterson allegedly had a Taser, Brown said.
Asked whether Batterson illegally accessed patient records, Brown said she didn't know, but "it does not appear that that was his motivation."
Batterson began working as a resident physician in July 2007 and resigned in July 2009, Brown said. Records show he received an annual salary of roughly $48,000.
According to Michigan Department of Community Health records, Batterson has an application pending to become a fully-licensed physician. MDCH public information officer James McCurtis Jr. said Friday that officials are looking into the matter.
Batterson was licensed to practice medicine in Michigan under the supervision of a fully-licensed physician on June 18, 2007, MDCH records show. He also was licensed to prescribe medication on that date. According to records, both licenses have expired.
A preliminary hearing is scheduled for Sept. 29, Brown said.
Lee Higgins covers crime and courts for AnnArbor.com. He can be reached by phone at (734) 623-2527 and e-mail at leehiggins@annarbor.com.
Comments
rrt911
Sun, Sep 5, 2010 : 8:20 a.m.
Java--I know what residents are, I work with them on a daily basis, hence the RRT designation. I'm not talking about looking at patient files, I am referring to how he compromised the system itself. Big difference, not many employees know how to, or would do that.
javajolt1
Thu, Sep 2, 2010 : 3:58 p.m.
Residents are hospital employees. So are others with access. While this isn't a story about patient data being compromised...Doctors, residents, nurses...and many, many others have access to some patient data. If they didn't, the quality of healthcare would suffer significantly. There are rogue dishonest people everywhere. Look at Wall Street, white collar crime, your bank. It can happen anywhere. Even authorized people that have been vetted to the hilt can misuse data they have been authorized to access. You're not going to stop it if people are involved. Not sure about cell phone authentication when cell phones are generally prohibited and do not work within hospitals anyway. Most places, lead lined walls prevent any access whatsoever. These are tough issues with no easy solutions. If someone wants to commit a crime or be dishonest and has a mind to do so, it will probably happen regardless of the most stringent safeguards. Remember 9/11? Now there was a breach!
rrt911
Thu, Sep 2, 2010 : 1:42 p.m.
Well, isn't this just dandy? Some peon resident can acquire any personal information from UofM...I'm wondering about the stuff they haven't yet caught up with. They are nuts if they don't put out some kind of statement regarding this matter.
Dug Song
Wed, Sep 1, 2010 : 8:49 p.m.
@javajolt1: it can be done quickly, and conveniently - most doctors using our system don't even need to take their phones out of their pockets. FFIEC, HIPAA, PCI, etc. regulations exist to protect personal information from such trivial exposures as stolen passwords (with nearly 60% of US computers malware-infected, it's a bonafide epidemic). The argument that a medical professional couldn't be bothered to comply with such consumer protections doesn't really hold up in court.
trespass
Wed, Sep 1, 2010 : 8:39 p.m.
If UM was serious about HIPPA violations and patient privacy they wouldn't make every medical record, lab test, X-ray available to anyone with access to the Hospital Information System. Sure they can produce an audit trail if they suspect unauthorized access but that is only after the fact. They can punish someone but they can't undo the privacy invasion. This is still too much punishment for the offense, given past precedents. The University must be mad at him for something else we haven't been told about yet and may never be told about.
javajolt1
Wed, Sep 1, 2010 : 11:51 a.m.
@amarie is right..... This is about installing a keylogger on a U. Hospital computer - not "just" changing a grade. Perhaps Dug is right, about further challenges to authenticate users...but the practical response to this is if people are 'challenged' every time they access a secured system...sometimes multiple challenges, you may be able to authenticate them, but your IT business process may also exasperate them into not completing their tasks. I am chanllenged when I access my banking software...but not every time I authenticate. Plus...if someone installs a keylogger...game over. They can get into any system in America, uinless the challenge is to verify something OTHER than the computer they are authenticating from.
CountyKate
Wed, Sep 1, 2010 : 11:13 a.m.
One has to wonder if he got as far as he did by changing his grades in medical school and as an intern. Sounds reasonable, given what we know. Personally, I would not want to be treated by a doctor who got where he was by cheating, and I'm sure UMHS feels the same. It would tarnish that institute's reputation.
trespass
Wed, Sep 1, 2010 : 10:03 a.m.
Essentially this boils down to changing his grade. For that he is threatened with spending life in jail! There has got to be more to the story. There was a case a few years ago when someone was collecting records that showed that the UM Hospital was allegedly double billing Medicare. The next thing she knew the campus police showed up at her door to confiscate all her records. Is there physical evidence? The University IT folks can forge any kind of electronic trail. There was a case in the University of Iowa Hospital where some medical students stole some tests from a University computer. One was suspended for a year and several others were put on probation. None were threatened with going to jail for life. There is something more to this story.
Dug Song
Wed, Sep 1, 2010 : 10:01 a.m.
This is totally preventable. Our solution at Scio Security prevents such abuse by requiring medical staff to approve a secondary challenge on their cellphone to access sensitive systems. Our first customer was the second-largest physician-owned healthcare group in the country - in Columbus, of all places. Get with it Ann Arbor!
Hmm
Wed, Sep 1, 2010 : 9:30 a.m.
Wait, did I read that right? It says he could spend the rest of his life in prison for forging some documents? What kind of penalty is that!?
javajolt1
Wed, Sep 1, 2010 : 9:13 a.m.
Not to state the obvious but.... Regardless of the profession....those involved reflect society as a whole: Cheaters have been - and will always be - found everywhere. Dishonesty knows no educational, socio-economic, racial, religious or ethnic barrier. Those motivated to "get ahead" in a prestigious profession are as likely to cheat to get there as anyone else. The first post seems to relate an experience around patient data and HIPAA. Not really related to this story at all.
boom
Wed, Sep 1, 2010 : 8:59 a.m.
It kills me when doctors do things like this. After years of schooling and as smart as they are, why would he even have a second thought about doing something like this?
Somewhat Concerned
Wed, Sep 1, 2010 : 8:46 a.m.
He may have been a lousy almost-doctor, but he may have a brilliant career ahead of him in computer crime, and it's something he can do from jail.
Sally
Wed, Sep 1, 2010 : 8:22 a.m.
This happened to me, my medical records and HIPA violated when I brought this to the attention of their lawyers. Director of hospital I was threatened I have all the paper work letters after letters of threats not only from their personal but their safety personnel and paper trail.All because I went to have a baby and never walked out they damaged my spine in 8 places blew my knee out. I was thrown away like garbage I would like to know how many of these cover ups continue.I have of doctors in my records that don't exist or I have never been seen by I had never seen. I was told in a letter that if I was ambulanced there they would do only under federal law what is minimal.I know I am not alone had people and family members not had witnessed this it is unbelievable what Doctors think they can get away with. I suggest everyone you own your health history and charts check them frequently in case you made someone mad or they didn't like you.You spoke up. Monitor your records.If Ann Arbor.com wishes to see all the letters I would be more then happy to show them to a reporter.My medical records are altered forever and character defamation. They are Doctors and they are people too with issues and problems also. Why a hospital would allow this is beyond me other then everywhere you look they own they build when I had friends recently come to visit they were very disturbed at the way our town looks and why is it called Ann Arbor still????They said call it???