HIPAA Violation: Healthcare Worker Writes About Patients On MySpace

What was this worker for a healthcare provider thinking…didn’t/doesn’t the provider provide any kind of information security or privacy training or awareness communications…?

Online Comments Lead To Privacy Complaint: Patients Say Their Privacy Was Violated
From April 2003 until the end of last year, the federal government has received nearly 1,500 complaints from patients in Pennsylvania, alleging privacy violations under HIPAA.”

Here

“are some of the comments, according to printouts one of the women saved: “Today is straight from hell!! I had enough yelling, swearing, bleeding, crying (expletive)” A woman’s abortions are mentioned. Another patient is ridiculed for asking about gingerbread cookies the doctor recommended for nausea, “Some women shouldn’t reproduce.””

The MySpace page reportedly contained names and details about patients and their care, complaints, symptoms, etc.
The healthcare provider should not only fire the worker, the Department of Health and Human Services (HHS) should also do an audit to determine if the provider should also be sanctioned. It looks like there may be some violations with regard to required policies, training and awareness.
We entrust some very sensitive information to our healthcare providers. They should be held to protecting that information, held to the full extent of the law, and sanctioned appropriately when they do not fully protect patient information.

Tags: , , , , , , , , ,

Leave a Reply