Medical centre staff post woman's STD diagnosis on Facebook

Filed Under: Facebook, Featured, Law & order, Privacy

A US woman is suing the University of Cincinnati (UC) Medical Center, alleging that their employees posted her private medical records onto Facebook.

Image of stethoscope courtesy of ShutterstockThat's after a screenshot of the private medical record of the unnamed woman, including her personal information and her positive diagnosis for syphilis, was posted to a Facebook group called "Team No Hoes".

The group reportedly has over 2,300 members.

The woman's attorney, Mike Allen, told WLWT News 5 that his client is "absolutely devastated":

That is the most private of private medical information that was posted on Facebook and went out to a group on Facebook that had a huge dissemination.

Commenters on the Facebook post called the woman a "slut" and a "hoe" and told other page visitors that she had a sexually transmitted disease (STD).

Allen described the consequences to his client:

She doesn't want to go out. She doesn't want to talk to people. People who were formerly her friends have made fun of her for it. She's chastised in the community and all of this could've been avoided if UC Med Center had proper protections in place.

The woman is now suing the hospital for more than $25,000 in damages.

In the lawsuit, filed on Tuesday, the woman is suing UC Medical Center, an employee named Ryan Rawls, another unnamed UC employee who's believed to be a nurse, and the woman's ex-boyfriend, Raphael Bradley, WLWT News 5 reports.

Allen told WLWT that Bradley convinced the UC employees to release the medical records, thereby violating state and federal laws.

I reached out to Facebook to ask if it had removed the post with the woman's medical record.

I couldn't track down the specific image (most of these groups are closed/secret), so Facebook couldn't tell me if it has actually taken the post down, but it did refer us to its community standards which state:

Facebook does not tolerate bullying or harassment. We allow users to speak freely on matters and people of public interest, but take action on all reports of abusive behavior directed at private individuals.

In the lawsuit, Allen is asking UC Medical Center to look at its procedures to ensure that something like this doesn't happen again.

Somebody or somebodies obviously didn't take HIPAA too seriously.

HIPAA, or the US's Health Insurance Portability and Accountability Act, covers privacy with regards to information handled by medical professionals.

A screenshot is such a minor thing. It takes a fraction of a second to capture, and it's so easy to post to Facebook.

Unfortunately, just as it's easy to take and post a screenshot, it's also easy for a medical worker to break their Hippocratic oath to do no harm:

I will prescribe regimens for the good of my patients according to my ability and my judgment and never do harm to anyone.

This is just one more reminder that when we rely on institutions' promises to keep our data safe, it's just that - a promise.

It's not a guarantee.

Image of stethoscope courtesy of Shutterstock.

, , ,

You might like

20 Responses to Medical centre staff post woman's STD diagnosis on Facebook

  1. Wilf · 84 days ago

    Only doctors take the Hippocratic Oath

    • Ms Beck · 84 days ago

      Doesnt matter. ALL hospital and doctors offices and anyone in the healthcare field are ALL bound by HIPPA rules.

    • ...which has nothing to do with patient privacy.

    • Jools · 75 days ago

      HIPAA and the Hippocratic Oath are not the same set of regulations.

  2. Visiting · 84 days ago

    The woman is now suing the hospital for more than $25,000 in damages. ...
    She should sue for $25 million, because the damage is immense and could last for the rest of her life. A severe penalty could deter these attacks on privacy committed by the medical system (hospital, staff, etc)

    • Anonymous · 83 days ago

      If you can sue McDonald's for millions over hot coffee and win, you should be able to sue over medical records for $1billion and win.

    • Jacquie valiente · 83 days ago

      Yes she should be suing for 25 million

    • wac · 57 days ago

      who do we sue for infecting us with the STD? That is the real damage she is doing to society.

  3. jonathanpdx · 84 days ago

    She's only suing for $25K?
    Her lawyer must not think much of himself...or her.

    This type of behavior is unconscionable. It should be punished by the strongest measures available. If it's not, it sets a precedent that user or patient data is fodder for anyone to use for their own purposes with no consequences. (That's assuming anyone really cares about privacy beyond all the political yapping that goes on.)

    • Ms Beck · 84 days ago

      i agree jonathan! And as for the "illusion of privacy" we get from the govt, that's bad enough! But to have private citizens posting our medical records is really going beyond! And the fact that he "made" her give him the records?? that just doesn't wash. something funky going on there. How would he even have know this woman's diagnosis unless the girlfriend told him in the first place, and did he know this woman or was it just a random "let me know her info so i can post it on this "cool" page i got going, kinda thing?

    • Lisa Vaas · 83 days ago

      She's suing for **more than** $25,000. HIPAA violations are worth criminal fines of $50,000 per violation and up to a year in jail.

      That doesn't cover civil damages, which could be far more.

    • Stoat · 83 days ago

      Juries don't like enormous claims. On the other hand they're able to push damages up if they feel the amount is too small.

      25k is enough to get the ball rolling and more than likely she'll win if this is true. (In the EU, posting this kind of thing would probably result in a criminal investigation)

  4. justsaying · 84 days ago

    Well this saves her from contacting all her sexual partners and informing them they need to go get tested

  5. Anonymous · 84 days ago

    Someone is going to lose their job over HIPPA violation. You would think the health care workers would know better.

  6. Anonymous · 84 days ago

    It's HIPAA, not HIPPA, please use the acronym correctly.

  7. KR · 84 days ago

    This is what is supposed to happen from the government's side: HIPAA violation is due to willful neglect and is not corrected = $50,000 per violation, with an annual maximum of $1.5 million

  8. Anonymous · 84 days ago

    It should be 250,000 not 25,000. Get a new lawyer.

  9. LonerVamp · 80 days ago

    To be fair, the hospital employees did NOT post anything to Facebook. They released the victim's information to the boyfriend. The boyfriend then put it on Facebook.

  10. LonerVamp · 80 days ago

    Oops, this story was too new this weekend. The full story is even seedier than that. I guess the ex-boyfriend knew someone (the mother of his child) at the healthcare facility. Ugh. It's a Jerry Springer situation.

  11. Jools · 75 days ago

    In this case, hosting the "Team..." site makes Facebook an accessory to not only abuse, but illegal activity. I hope the page been removed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.