A US woman is suing the University of Cincinnati (UC) Medical Center, alleging that their employees posted her private medical records onto Facebook.
That's after a screenshot of the private medical record of the unnamed woman, including her personal information and her positive diagnosis for syphilis, was posted to a Facebook group called "Team No Hoes".
The group reportedly has over 2,300 members.
The woman's attorney, Mike Allen, told WLWT News 5 that his client is "absolutely devastated":
That is the most private of private medical information that was posted on Facebook and went out to a group on Facebook that had a huge dissemination.
Commenters on the Facebook post called the woman a "slut" and a "hoe" and told other page visitors that she had a sexually transmitted disease (STD).
Allen described the consequences to his client:
She doesn't want to go out. She doesn't want to talk to people. People who were formerly her friends have made fun of her for it. She's chastised in the community and all of this could've been avoided if UC Med Center had proper protections in place.
The woman is now suing the hospital for more than $25,000 in damages.
In the lawsuit, filed on Tuesday, the woman is suing UC Medical Center, an employee named Ryan Rawls, another unnamed UC employee who's believed to be a nurse, and the woman's ex-boyfriend, Raphael Bradley, WLWT News 5 reports.
Allen told WLWT that Bradley convinced the UC employees to release the medical records, thereby violating state and federal laws.
I reached out to Facebook to ask if it had removed the post with the woman's medical record.
I couldn't track down the specific image (most of these groups are closed/secret), so Facebook couldn't tell me if it has actually taken the post down, but it did refer us to its community standards which state:
Facebook does not tolerate bullying or harassment. We allow users to speak freely on matters and people of public interest, but take action on all reports of abusive behavior directed at private individuals.
In the lawsuit, Allen is asking UC Medical Center to look at its procedures to ensure that something like this doesn't happen again.
Somebody or somebodies obviously didn't take HIPAA too seriously.
HIPAA, or the US's Health Insurance Portability and Accountability Act, covers privacy with regards to information handled by medical professionals.
A screenshot is such a minor thing. It takes a fraction of a second to capture, and it's so easy to post to Facebook.
Unfortunately, just as it's easy to take and post a screenshot, it's also easy for a medical worker to break their Hippocratic oath to do no harm:
I will prescribe regimens for the good of my patients according to my ability and my judgment and never do harm to anyone.
This is just one more reminder that when we rely on institutions' promises to keep our data safe, it's just that - a promise.
It's not a guarantee.Follow @NakedSecurity