Sophos Cloud Optix
A US woman is suing the University of Cincinnati (UC) Medical Center, alleging that their employees posted her private medical records onto Facebook.
That’s after a screenshot of the private medical record of the unnamed woman, including her personal information and her positive diagnosis for syphilis, was posted to a Facebook group called “Team No Hoes”.
The group reportedly has over 2,300 members.
The woman’s attorney, Mike Allen, told WLWT News 5 that his client is “absolutely devastated”:
That is the most private of private medical information that was posted on Facebook and went out to a group on Facebook that had a huge dissemination.
Commenters on the Facebook post called the woman a “slut” and a “hoe” and told other page visitors that she had a sexually transmitted disease (STD).
Allen described the consequences to his client:
She doesn't want to go out. She doesn't want to talk to people. People who were formerly her friends have made fun of her for it. She's chastised in the community and all of this could've been avoided if UC Med Center had proper protections in place.
The woman is now suing the hospital for more than $25,000 in damages.
In the lawsuit, filed on Tuesday, the woman is suing UC Medical Center, an employee named Ryan Rawls, another unnamed UC employee who’s believed to be a nurse, and the woman’s ex-boyfriend, Raphael Bradley, WLWT News 5 reports.
Allen told WLWT that Bradley convinced the UC employees to release the medical records, thereby violating state and federal laws.
I reached out to Facebook to ask if it had removed the post with the woman’s medical record.
I couldn’t track down the specific image (most of these groups are closed/secret), so Facebook couldn’t tell me if it has actually taken the post down, but it did refer us to its community standards which state:
Facebook does not tolerate bullying or harassment. We allow users to speak freely on matters and people of public interest, but take action on all reports of abusive behavior directed at private individuals.
In the lawsuit, Allen is asking UC Medical Center to look at its procedures to ensure that something like this doesn’t happen again.
Somebody or somebodies obviously didn’t take HIPAA too seriously.
HIPAA, or the US’s Health Insurance Portability and Accountability Act, covers privacy with regards to information handled by medical professionals.
A screenshot is such a minor thing. It takes a fraction of a second to capture, and it’s so easy to post to Facebook.
Unfortunately, just as it’s easy to take and post a screenshot, it’s also easy for a medical worker to break their Hippocratic oath to do no harm:
I will prescribe regimens for the good of my patients according to my ability and my judgment and never do harm to anyone.
This is just one more reminder that when we rely on institutions’ promises to keep our data safe, it’s just that – a promise.
It’s not a guarantee.
Image of stethoscope courtesy of Shutterstock.
Only doctors take the Hippocratic Oath
Doesnt matter. ALL hospital and doctors offices and anyone in the healthcare field are ALL bound by HIPPA rules.
…which has nothing to do with patient privacy.
HIPAA and the Hippocratic Oath are not the same set of regulations.
The woman is now suing the hospital for more than $25,000 in damages. …
She should sue for $25 million, because the damage is immense and could last for the rest of her life. A severe penalty could deter these attacks on privacy committed by the medical system (hospital, staff, etc)
If you can sue McDonald’s for millions over hot coffee and win, you should be able to sue over medical records for $1billion and win.
Yes she should be suing for 25 million
who do we sue for infecting us with the STD? That is the real damage she is doing to society.
I thought that too.
She’s only suing for $25K?
Her lawyer must not think much of himself…or her.
This type of behavior is unconscionable. It should be punished by the strongest measures available. If it’s not, it sets a precedent that user or patient data is fodder for anyone to use for their own purposes with no consequences. (That’s assuming anyone really cares about privacy beyond all the political yapping that goes on.)
i agree jonathan! And as for the “illusion of privacy” we get from the govt, that’s bad enough! But to have private citizens posting our medical records is really going beyond! And the fact that he “made” her give him the records?? that just doesn’t wash. something funky going on there. How would he even have know this woman’s diagnosis unless the girlfriend told him in the first place, and did he know this woman or was it just a random “let me know her info so i can post it on this “cool” page i got going, kinda thing?
She’s suing for **more than** $25,000. HIPAA violations are worth criminal fines of $50,000 per violation and up to a year in jail.
That doesn’t cover civil damages, which could be far more.
Juries don’t like enormous claims. On the other hand they’re able to push damages up if they feel the amount is too small.
25k is enough to get the ball rolling and more than likely she’ll win if this is true. (In the EU, posting this kind of thing would probably result in a criminal investigation)
Well this saves her from contacting all her sexual partners and informing them they need to go get tested
Someone is going to lose their job over HIPPA violation. You would think the health care workers would know better.
It’s HIPAA, not HIPPA, please use the acronym correctly.
This is what is supposed to happen from the government’s side: HIPAA violation is due to willful neglect and is not corrected = $50,000 per violation, with an annual maximum of $1.5 million
It should be 250,000 not 25,000. Get a new lawyer.
To be fair, the hospital employees did NOT post anything to Facebook. They released the victim’s information to the boyfriend. The boyfriend then put it on Facebook.
Oops, this story was too new this weekend. The full story is even seedier than that. I guess the ex-boyfriend knew someone (the mother of his child) at the healthcare facility. Ugh. It’s a Jerry Springer situation.
In this case, hosting the “Team…” site makes Facebook an accessory to not only abuse, but illegal activity. I hope the page been removed.