Facebook post, removed records among latest patient privacy breaches

As HIPAA compliance issues continue to rise, two recent California hospital incidents do nothing to suggest that patient data will be safer heading into the new year.

At Mission Hills-based Providence Holy Cross Medical Center, a hospital employee allegedly took it upon himself to post a picture of a patient's medical record on his Facebook account, reports the Los Angeles Daily News. The record contained the patient's name and date of admission.

The employee, who the hospital said was hired by a staffing agency, also made fun of the patient in comments on the post. Then he defended his actions, saying Facebook is "not reality" and the victim's name was just one "out of millions and millions of names," according to the Daily News. He continued: "If some people can't appreciate my humor [then] tough. And if you don't like it too bad because it's my wall and I'll post what I want to. Cheers!" 

The employee's name was not released because the matter is still under investigation, Meanwhile, an employee with Loma Linda (Calif.) University Medical Center was fired after taking home records for 1,336 patients around Dec. 19, reports KABC. The documents, which now are secure, contain birth dates, addresses, medical record numbers, driver's license numbers and Social Security numbers for the patients.

After the hospital discovered the breach, it sent notice to the sheriff, as well as the state health department and the patients themselves. One year of free credit monitoring has been offered to those affected.

For more information on either incident:
- check out this KABC piece
- here's the Daily News story

Suggested Articles

Ochsner Health System is partnering with Color to launch a population health pilot program to integrate genetic information into preventive care.

Nominations are open for our 2020 FierceHealthcare Fierce 15 awards. Think your company has what it takes? Submit your nominations here.

Health IT company Cerner announced a definitive agreement to acquire IT consulting and engineering firm AbleVets as a wholly owned subsidiary.