By Declan McCullagh, News.com
Published on ZDNet News: Oct 3, 2007 6:20:00 AM
Police Blotter is a weekly News.com report on the intersection of technology and the law.
What: Hospital respiratory therapist files lawsuit against hospital for unlawful termination, blaming malicious software for bookmarking pornographic Web sites.
When: U.S. District Judge Sarah Evans Barker rules on September 26.
Outcome: Hospital wins motion to dismiss.
What happened, according to court documents and other sources:
David Farr was once employed as a respiratory therapist at St. Francis Hospital in Indianapolis, Ind. He started there in October 2000 and was the only male respiratory therapist.
All of the seven respiratory therapists share a small office divided into individual cubicles with one computer in the center of the room. Each therapist is assigned a password, though it's unclear whether logs are kept of each user's individual activities.
In July 2005, Farr's supervisor informed him he was suspended from work because pornographic entries were found in his "Favorites" file, apparently a reference to Web sites bookmarked. Farr denied being responsible and said he was rebuffed when he asked for details about the allegations.
Farr was fired in August 2005. An e-mail message from the hospital's lawyer at the time claims to "have evidence that provides us with reasonable belief that he was accessing pornographic Web sites on his work computer."
After losing his job, Farr went through the formal grievance process listed in the hospital handbook and met with no success. He filed a lawsuit after the grievance committee upheld his termination in December 2005.
What makes this case relevant to Police Blotter is that Farr claims that "St. Francis failed to install and update effective antivirus protection on its computers" and that any pornographic bookmarks were inserted by malicious software. He also claims that antivirus software was required by Health Insurance Portability and Accountability Act.
Farr even retained a computer forensics specialist who concluded: "No one had intentionally loaded the list of Web sites on the computer. Rather, the list was placed on the respiratory therapists' computer by a common and well-known Internet virus that promotes fee-generating pornographic sites."
buy cialis doctor online 0in; font-family: Verdana” align=”justify”>That is plausible. One of the malicious programs known to inject porn bookmarks is CoolWebSearch, also called CWS or CoolWWWSearch, and it's been around since 2003. Some reports have estimated that 5 million sites are infected with it and that more than 60 strains of it exist.
Probably the most famous example of someone seemingly ensnared by malware is the criminal prosecution of substitute teacher Julie Amero, who was arrested after the computer (which had been in use by the students) began displaying porn ads. Amero's conviction was overturned and she was granted a new trial in June.
In Farr's case, though, the courts weren't as willing to listen. The district judge granted St. Francis' request to dismiss four counts in Farr's complaint: allegations of unfair dealing, negligence, defamation, and wrongful discharge. (He has also alleged gender discrimination, saying he was singled out because he was male.)
The thing is, though, that it should have been relatively easy to figure out if Farr had actually been a customer of those pay-to-play porn sites. A cursory examination of the browser's cache and other log files would have showed whether just the home pages were visited (probably malware) or whether pages requiring payment were visited (probably a human). In addition, antispyware tools would have detected the presence of malicious software. However, there is no evidence that the hospital did either type of analysis.
Excerpts from the judge's opinion:
Farr argues that St. Francis breached two duties owed to him: 1) a duty imposed by the St. Francis Handbook to conduct a "thorough and fair investigation of allegations of wrongdoing that can result in termination of employments," and 2) a duty imposed by HIPAA, to install and maintain antivirus software on the computer used by the respiratory therapists in the course of their employment.
Although artfully phrased, Plaintiff's first claim is nothing more than a general claim of negligent performance of an employment at-will contract on the part of St. Francis. As such, Plaintiff has failed to state a claim as Indiana has heretofore refused to acknowledge a cause of action in negligence based upon an employer's defective performance of an employment contract.
Plaintiff's second allegation of negligence also fails to state a claim as HIPAA does not create a duty on the part of employers to protect employees from computer-virus-related injuries; instead, HIPAA creates a duty owed by St. Francis to its patients to maintain the confidentiality of their protected health information…
The Indiana Supreme Court currently recognizes only three exceptions to the presumption that employment without a defined or ascertainable duration, or without a specific job security agreement, is terminable at-will: 1) when the employee supplies adequate independent consideration in return for permanent employment; 2) when termination contravenes a clear statutory right or duty; and 3) when the employee establishes promissory estoppel. (The complaint) implicates only the second of these exceptions, the public policy exception. In this count, Farr asserts that the termination of his employment constitutes wrongful discharge because St. Francis terminated him in order to cover up its violation of HIPAA.
The public policy exception to the at-will doctrine can be "generalized to the proposition that an employee who has been fired for exercising a statutory right or refusing to violate the law has a claim for wrongful discharge." This is a narrow exception to the at-will doctrine, and the Indiana Supreme Court has expressed its reluctance to broaden it absent direction from the state legislature.
Despite the reiteration of the narrowness of the public policy exception by the Indiana Supreme Court, Plaintiff implores us to extend the public policy exception to allow a claim for wrongful discharge when an employee is fired out of expediency to cover up an alleged violation of law by the employer. To bolster his argument, Plaintiff claims that his termination contravenes Plaintiff's "right to live his life free of specious and knowingly false accusations that were designed to hide his employer's wrongs." Although it is likely that most people would like to live a life free from specious and false accusations, Plaintiff fails to indicate how such a freedom is clearly secured by statute (specifically, HIPAA).
Pasted from <http://news.zdnet.com/2100-9588_22-6211377.html?tag=nl.e550>