Health IT Pulse

Jan 6 2012   2:03PM GMT

Ringing in the new year with a health data breach on Facebook

AnneSteciw Profile: AnneSteciw

Tags:
data breaches
health care data breach
social media

Perhaps the last health data breach to make the news in 2011 involves a temporary employee at Providence Holy Cross Medical Center who posted a picture of someone’s medical record to his Facebook page — and made fun of the patient’s condition.

Details of the health data breach provided by the Los Angeles Daily News indicate that the temporary employee, who was provided by a staffing agency, shared a photo on his Facebook page of a medical record displaying a patient’s full name and date of admission. The temp appeared to be completely ignorant of HIPAA laws.

Even after being told by other posters that he was violating the patient’s privacy, the temp argued: “People, it’s just Facebook…Not reality. Hello? Again…It’s just a name out of millions and millions of names. If some people can’t appreciate my humor than tough. And if you don’t like it too bad because it’s my wall and I’ll post what I want to. Cheers!”

Providence officials told the Daily News they are investigating the report and will work with the staffing agency to continue to provide privacy compliance training for temporary contractors.

Apparently that training did not make much of an impression on the temporary employee who thought it would be funny — and legal — to post someone’s medical record on Facebook. Even if the privacy training went in one ear and out the other, one would think the lack of a “share” button in the patient’s electronic record would have tipped him off.

One security expert believes the social media abuser “should not only lose a job but also should get a tough penalty for violating HIPAA as well as any applicable state regulations.”

In the era of Facebook, Twitter and YouTube, health care organizations and their business associates cannot underestimate the importance of training employees and contractors on how to properly handle patient information. Experts on the use of health care social media recommend showing employees how to exercise good judgment with social media.

11  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • iHT2
    #Facebook teaches #compliance officers a lesson in data breach http://t.co/3lReJ6RO #HealthIT #HIPAA #HITsm (RT@HITExchange) #iHT2
    0 pointsBadges:
    report
  • Matthew Mauldin
    #Facebook teaches #compliance officers a lesson in data breach http://t.co/3lReJ6RO #HealthIT #HIPAA #HITsm (RT@HITExchange) #iHT2
    0 pointsBadges:
    report
  • Jenny Laurello
    Ringing in 2012 with a #healthIT data breach http://t.co/TiLKRHJ1 Facebook teaching #compliance officers a lesson. #HIPAA #hcsm
    0 pointsBadges:
    report
  • SearchHealthIT
    Ringing in the new year with a #Facebook #HIPAA #databreach http://t.co/meHolTb0 Emphasizes need for #hcsm policy #healthIT #hitsm
    0 pointsBadges:
    report
  • Pivasys
    RT: SearchHealthIT: Ringing in the new year with a #Facebook #HIPAA #databreach http://t.co/iSgfA6IT Emphasizes need for #hcsm policy #he...
    0 pointsBadges:
    report
  • CleverConsulting
    RT @searchhealthit: Ringing in the new year with a #Facebook #HIPAA #databreach http://t.co/2zkAOOTz Emphasizes need for #hcsm policy
    0 pointsBadges:
    report
  • Patients Medical Record Posted to Facebook – HIPAA Violation | EMR and HIPAA
    [...] Steciw posted about the violation on Search Health IT. Here’s an excerpt from her post: Details of the [...]
    0 pointsBadges:
    report
  • Just My Type
    Ringing in the new year with a health data breach on Facebook http://t.co/UhtlKhUu
    0 pointsBadges:
    report
  • Just My Type
    Ringing in the new year with a health data breach on Facebook - Health IT Pulse http://t.co/asi7zHfx
    0 pointsBadges:
    report
  • Bobby Hunter
    Idiot violates HIPAA via Facebook, say's "It's not reality." http://t.co/65pX7Peh Dude should be neutered so he can't pollute the gene pool.
    0 pointsBadges:
    report
  • HIPAA Case Study: Temporary Employee Post Patient Records on Facebook, Hospital Faces Stiff Penalties - DexcommDexcomm
    [...] In the era of Facebook, Twitter and YouTube, health care organizations and their business associates cannot underestimate the importance of training employees and contractors on how to properly handle patient information. Healthcare social media experts recommend showing employees how to exercise good judgment with social media. Read the Full Story [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: