By Darren Smith, Weekend Contributor
A woman in Ohio claims a University of Cincinnati Medical Center employee provided her ex-boyfriend with a medical record indicating a diagnosis of Syphilis. The employee was later fired.
She states that she refused to inform her ex-boyfriend as to why she was a patient at the hospital, and in her lawsuit she alleges he then contacted an employee, who he was romantically involved, and she provided the record.
Allegedly the ex-boyfriend posted the medical record on a Facebook page that announced promiscuous women.
As a result, the hospital sacked the employee and referred the case to federal authorities. The Cincinnati Enquirer reports hospital CEO Lee Ann Liska Released a statement proclaiming:
[The University of Cincinnati Medical Center is] outraged that anyone might misuse a position with UC Health to attempt to embarrass or cause harm to another person. This is contrary to our ethic and the training we provide to our associates, and we took immediate action as a result.
Reportedly her attorney said his client is seeking damages in excess of twenty five thousand dollars.
If the allegations are proven this would be a clear violation of HIPAA and a quick settlement might be in the advantage of the UCMC.
By Darren Smith
Source: CBS News
The views expressed in this posting are the author’s alone and not those of the blog, the host, or other weekend bloggers. As an open forum, weekend bloggers post independently without pre-approval or review. Content and any displays or art are solely their decision and responsibility.
It is like looking up a skirt with a mirror on one’s shoe. Sicko.
Another interesting one Darren. I agree that the hospital better start digging into their pockets.
Let’s all say this together. There is no private cause of action under HIPAA. This may be a cause on action under Ohio state law which uses the HIPAA regs as a standard of care, but not under federal law.
So who has the clap? Or whatever the disease is?
Legal question: if the hospital acted immediately to sack the employee who leaked, they still have a liability? How does a hospital protect itself against a rogue/irresponsible/stupid employee? And, the relationship of the plaintiff and ex is full of questions…as in, was the timing of their relationship such that she had any obligation to let him know she had an STD?
iconoclast – I think there is a legal obligation to tell your partner if you are engaging is sex with them. Not sure if there is an obligation afterword. They seem to have broken up and it is possible that he gave it to her. In the olden days, if you got a STD you were morally obligated to tell the partners you knew might have been affected so they could be treated. I am not sure if there was a legal obligation.
True Nick and Paul in fact, as one example someone wrote makes it easier to get info re kids vaccinations.
Also the other rules make it clearer and involve EMR’s which were not in place in o3. Make business associates of covered
entities directly liable for compliance
with certain of the HIPAA Privacy and
Security Rules’ requirements.
• Strengthen the limitations on the
use and disclosure of protected health
information for marketing and
fundraising purposes, and prohibit the
sale of protected health information
without individual authorization.
• Expand individuals’ rights to
receive electronic copies of their health
information and to restrict disclosures
to a health plan concerning treatment
for which the individual has paid out of
pocket in full.
• Require modifications to, and
redistribution of, a covered entity’s
notice of privacy practices.
• Modify the individual authorization
and other requirements to facilitate
research and disclosure of child
immunization proof to schools, and to
enable access to decedent information
by family members or others.
• Adopt the additional HITECH Act
enhancements to the Enforcement Rule
not previously adopted in the October
30, 2009, interim final rule (referenced
immediately below), such as the
provisions addressing enforcement of
noncompliance with the HIPAA Rules
due to willful neglect.
I guess protecting to whom your info can be sold is a bad thing?
Expand ind’s rights to receive info is a bad thing? and so on.
but yes if youre against Obama then it doesn’t matter what is good or betters a law, if it is dem or this prez it is pro forma bad.
leejcaroll – even your list showed new or different people getting access to the info.
Wait a minute. Read that first paragraph again. Who was fired: the woman complaining, the medical center worker, or the ex-boyfriend?
I don’t think the Plaintiff’s attorney is doing her any favors. He will get a quick $12 grand for himself within a week and probably even let them have a secret, sealed settlement so no other attorney or victim will find the case in the court Index.
Here is the latest HIPAA changes in the Federal Register. You will note the date.
http://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf
leejcaroll – would you like to walk your statement back?
leej, You are absolutely correct about people who need to know the law being ignorant. But also, many record keepers use the law to make their lives easier by randomly saying, “I can’t give you that” and hanging up.
Paul oncer again you write before knowing the facts. “HIPAA regulations became effective on April 14, 2001, and April 14, 2003 is the date on which hospitals must have been in compliance with the HIPAA privacy rule” http://www.baycare.org/HIPAA-FAQs#2
Nothing to do with the ACA
http://www.hhs.gov/regulations/
Covers that latest in regulations to HIPPA and reporting.
leejcaroll wrote: “Paul once again you write before knowing the facts. … April 14, 2003 is the date on which hospitals must have been in compliance with the HIPAA privacy rule… Nothing to do with the ACA”
You make it sound like the rule stopped in April 2003 and has nothing to do with Obamacare.
I’m no expert on this, but I did find this kind of language on the web:
“Obamacare legislation added a host of new federal insurance regulations onto HIPAA’s basic structure…”
“A new rule – the HIPAA Omnibus Rule (the “New Rule”) – becomes effective September 23, 2013. Employers should reach out to their third-party administrators and health plan providers to confirm compliance with the New Rule.”
It seems to me like Paul is not shooting without facts on his side.
It certainly is both reprehensible and a serious HIPAA violation to give such med rex to the ex-boyfriend in a format that could be posted on the web.
But is there not some public health related duty to advise a person (the guy) that he has been exposed to a very serious venereal disease and needs to get carefully examined? Or at least a duty on the part of the hospital to at least ask the patient to notify him?
Or did all those duties go up in smoke when HIPAA was enacted?
Problem with HIPPA is some offices don’t have a clue how to do it and go too far in either direction.
Obamacare has caused a new layer of rules which many do not understand yet.
David, HIPPA is ~30% good and 70% stupid.
She is not asking a lot. Pay her and get it over with.
A friend of mine in the early 1970s was a social worker in East Saint Louis. He had some clients who came home from the hospital with twins. The couple said that the doctors named their kids. The names were Gonora and Siphylis. The kids were about three when the situation came up. The parents had been calling the kids by those names. The real names on the birth certificate will remain secret here. This goes to show that even parents can not be trusted to ascertain what is on their own kids’ records. I ran into the social worker lately and he is retired. He said that he ran into the couple lately as well and that one of the kids, now 40, goes by the nickname of Gonara.
I certainly don’t agree with an employee releasing records like this, but the HIPAA laws seem to cause a lot of problems. One of my employees this week was trying to get the vaccination history of her own children. They would not fax it to her, so she went down there, and then they would not give it to her because the doctor was not there to “sign off” on it. So to see the problems the law causes, and then a situation like this where even without the law, common sense would tell you not to release that information, well, it is troublesome.
Wherever there are confidential records there will ALWAYS be leaks. When the govt. tells you the NSA records are secure, THEY ARE LYING. Always remember that.
Reblogged this on U.S. Constitutional Free Press.