University of Cincinnati Medical Center Sued for Facebook Leak of Patient Diagnosis

A suit has been filed against the University of Cincinnati Medical Center related to an alleged leak of patient medical records by two employees. The plaintiff alleges that hospital staff exposed her confidential medical file, which indicated that she had a sexually transmitted disease, to members of the community. The file was then uploaded to Facebook and used to ridicule the plaintiff. The suit seeks relief based on common- law claims of unauthorized disclosure of medical records, as well as negligent employee supervision and hiring. A similar suit was recently filed against Walgreen Co., alleging a violation of HIPAA regulations,  where a pharmacist wrongfully released records indicating the presence of sexually transmitted disease in  a customer. The court there held that the leak was sufficiently within the scope of the employee’s duties to warrant relief.

Nonprofit Settles $800,000 HIPAA Violation

Parkview Health System, Inc., has agreed to pay $800,000 for potential HIPAA violations, as part of a settlement with the U.S. Department of Health and Human Services Office for Civil Rights (OCR). Parkview, a nonprofit health care system serving Indiana and Ohio, was investigated by OCR in response to a complaint from a physician. Parkview’s employees had left over 5,000 patient records in the physician’s driveway, subjecting the records to a significant risk of unauthorized disclosure of protected health information. Parkview has also agreed to address issues with its HIPAA compliance programs as part of the settlement.