A military spouse, identified as Jane Doe, filed a lawsuit in Bell County, Texas and alleged Army Maj. Blaine McGraw, an obstetrician-gynecologist at Carl R. Darnall Army Medical Center at Fort Hood in Texas, secretly recorded women during intimate pelvic and breast examinations using his phone hidden in his lab coat pocket.
Jane Doe alleges she went to McGraw for pelvic pain and uterine concerns and later learned from Army investigators that her exam had been videotaped without her consent after images and videos were discovered on his devices.
According to the complaint and Army officials, investigators have identified dozens of potential victims. The Army has contacted more than 1,400 patients seen by McGraw at Fort Hood and previously at Tripler Army Medical Center in Hawaii. The Army has set up hotlines and outreach efforts while the Army Criminal Investigation Division continues its probe.
Jane Doe further claims that Army leaders had prior notice of concerns about McGraw's conduct from earlier complaints but allowed him to continue practicing. Army officials publicly maintain that he was removed from clinical duties and suspended as soon as the October 2025 allegation surfaced.
Source: https://www.nbcnews.com/news/investigations/army-gynecologist-took-secret-videos-patients-intimate-exams-lawsuit-s-rcna242846
Commentary
In the above matter, the accused is stated to have used a camera hidden in his lab coat.
Secret recording of patient examinations, whether by clinicians, staff, visitors or patients, creates significant legal, professional, and reputational exposure for healthcare organizations.
Covert recording undermines informed consent, violates reasonable expectations of privacy in exam rooms and procedure areas, and can constitute criminal conduct under state and federal wiretap and voyeurism laws, particularly when intimate body parts are captured.
For organizations, these incidents can trigger regulatory investigations, malpractice and tort claims, licensing board actions, employment disputes, and mandatory notifications to patients and, in some jurisdictions, law enforcement and regulators.
Loss prevention in this area begins with clear, written policies against unauthorized audio or video recording of examinations and procedures, including explicit prohibitions on secret recording by workforce members. Include detailed rules on when, if ever, staff may create images or recordings of patients for treatment, documentation, teaching, or quality improvement, with proper written and signed informed consent forms.
Policies should incorporate HIPAA's minimum necessary and authorization requirements, address state consent laws for audio recording, and forbid personal devices for imaging or recording patients. Staff responsibilities should be spelled out, including a duty to report suspected covert recording, tampering with cameras, or unusual device placement in exam rooms, bathrooms, changing areas, and staff-only spaces.
From an operational standpoint, organizations reduce risk when they tightly manage all sanctioned imaging and recording. Use only organization-owned devices, secure applications, and retention systems, with access controls, audit trails, and defined retention and deletion schedules aligned with medical record and regulatory requirements.
BYOD practices that allow staff to use personal phones for photography or video of patients, even with good intentions, markedly increase the risk of privacy breaches, loss or theft of devices, unapproved sharing, and blurred lines between professional and personal content.
Environmental controls also matter. Facilities should routinely survey exam rooms and other sensitive areas for non-clinical recording devices, cover or disable nonessential cameras, and ensure that any necessary security cameras are positioned and configured to avoid capturing exposed patients in clinical settings.
Culture and training are central to prevention because covert recording often exploits power imbalances, patient vulnerability, and normalized shortcuts around privacy.
Training should move beyond abstract privacy principles to concrete scenarios about recording, emphasizing that any secret recording of patients is a serious violation of policy, professional ethics, and the law. They will result in disciplinary action up to termination and, when appropriate, referral to licensing boards and law enforcement.
Staff should be taught how to respond if a patient asks to record a visit, including how to address clinical, privacy, and safety implications, when to involve risk management or the legal department, and how to document consent or refusal when recording is permitted.
Incident response planning is equally important because early, disciplined action can significantly reduce harm once covert recording or suspicious conduct is suspected. A defined protocol should address immediate steps such as securing devices, suspending the alleged wrongdoer from patient care, preserving electronic and physical evidence, notifying privacy, compliance, security and legal, and assessing whether there is an ongoing threat to patient safety.
The plan should also provide criteria for notifying law enforcement, regulators and insurers. Have a process for identifying and notifying potentially affected patients with trauma-informed communication, and coordination with public relations to avoid speculative or misleading public statements while still demonstrating that leadership is taking the matter seriously.
Finally, risk assessments and internal audits should periodically test controls around recording and imaging. Include spot checks of policy adherence, reviews of clinical photography workflows, audits of access to stored recordings, and interviews with staff about whether they feel empowered to report concerns.
The last takeaway is that leadership can strengthen deterrence. Consistently enforce policies, support whistleblowers, and visibly prioritizing patient dignity and privacy in decision-making. This can signal that the organization treats unauthorized recording not only as an isolated boundary violation but also as a core threat to patient trust and organizational integrity.
