Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search
 

davidn3600

(6,342 posts)
Thu Jun 5, 2014, 06:26 PM Jun 2014

Woman sues hospital for posting her STD test results on facebook leading to harassment

Imagine that someone broadcast your very personal secret on Facebook. Unfortunately for one Ohio woman, that’s exactly what happened when several hospital employees leaked her medical records that revealed she had an STD to the social networking site. She’s now suing the hospital for more than $25,000 in damages.

Back in September, the woman, who remains anonymous and lives in the town of Winton Hills, was being treated for Syphilis at the University of Cincinnati Medical Center. Shortly after, hospital employees snapped a photo of her records, including her name and diagnosis, and posted it to the Facebook page “Team No Hoes,” prompting commenters to call the woman a “hoe” and a “slut.”

Local news affiliate WLWT reports that, on Tuesday, the woman filed a lawsuit in Hamilton County against the medical center; a female employee named Ryan Rawls; an unnamed female employee believed to be a nurse; and the nurse’s ex-boyfriend, Raphael Bradley (who doesn’t work at the hospital). According to the woman’s attorney Mike Allen the release of the medical records violates state and federal laws.

“Any time you go to the hospital, you should expect to have your information protected,” Allen tells Yahoo Shine. “We are suing for four reasons — unauthorized disclosure of non-public records which is a civil offense, invasion of privacy, emotional distress, and negligent supervision of hiring, meaning the hospital is responsible for the behavior of its staff.”


https://shine.yahoo.com/healthy-living/uc-medical-center-std-syphilis-ryan-rawls-mike-allen-diana-lara-204829199.html
70 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Woman sues hospital for posting her STD test results on facebook leading to harassment (Original Post) davidn3600 Jun 2014 OP
Can't blame the gal for that.. Bandit Jun 2014 #1
Her reputation? AAO Jun 2014 #45
The assholes who did this should not be allowed to work in the profession again. Initech Jun 2014 #2
that's a major HIPAA violation. They will be fired and they won't work in the industry again. magical thyme Jun 2014 #9
Yup...I'm surprised she's only suing for $25K...I bet she could joeybee12 Jun 2014 #26
That's what I was thinking as well. Jackpine Radical Jun 2014 #33
It was willful and with malice MattBaggins Jun 2014 #38
yup. it's potentially criminal magical thyme Jun 2014 #69
I agree. Forget $25K, sue for $25M n/t aggiesal Jun 2014 #37
Absolutely correct! FarPoint Jun 2014 #32
Agreed. surrealAmerican Jun 2014 #15
Yep. I wonder if she could also go after the guilty individuals. Laffy Kat Jun 2014 #52
Wow, what disgusting people. Vultures sitting atop their fence post arthritisR_US Jun 2014 #3
The release of her private information is a done deal Trajan Jun 2014 #10
So you're okay with what was done to her? SwankyXomb Jun 2014 #36
Not at all Trajan Jun 2014 #55
Really? MattBaggins Jun 2014 #46
That was a poorly written post Trajan Jun 2014 #56
Well, what you say is true and the last time I checked there is no way to legislate Grammy23 Jun 2014 #47
That struck me as a piddly amount too! nt arthritisR_US Jun 2014 #50
Indeed ... I would fire that lawyer Trajan Jun 2014 #57
They can judge all they want but they have no right to act on arthritisR_US Jun 2014 #49
Just to be clear Trajan Jun 2014 #59
We are on the same page then arthritisR_US Jun 2014 #65
This message was self-deleted by its author LanternWaste Jun 2014 #60
I'm surprised it's only $25,000... CAO Jun 2014 #4
That's what I thought too. That's a drop in the bucket for the damage that has been done monmouth3 Jun 2014 #5
And presumably others. I doubt she was the only one that happened to. PeaceNikki Jun 2014 #7
My thought too. laundry_queen Jun 2014 #20
That was my thought also. uppityperson Jun 2014 #6
My thought exactly. HooptieWagon Jun 2014 #16
Me too Renew Deal Jun 2014 #17
The complaint could read "in excess of $25,000...some jurisdictions you joeybee12 Jun 2014 #28
Probably a requirement of the local court rules. The Velveteen Ocelot Jun 2014 #30
I wonder why the hospital posted her info on Facebook when HIPAA regulations Louisiana1976 Jun 2014 #8
"The hospital" didn't post it Trajan Jun 2014 #11
The hospital is still responsible for it because they were its employees pnwmom Jun 2014 #41
What if it turns out that the hospital did everything right, Nye Bevan Jun 2014 #66
If a doctor who worked for the hospital did something wrong, even though pnwmom Jun 2014 #67
Only if the hospital was somehow negligent in not properly checking the doctor's credentials Nye Bevan Jun 2014 #68
There is no "hospital".. sendero Jun 2014 #61
Indeed ... I would sue the whole bunch Trajan Jun 2014 #62
Of course... sendero Jun 2014 #64
'the hospital' didn't do it. Employees who had info access did it. It is a gross HIPAA violation magical thyme Jun 2014 #12
Good, can she sue them individually? smirkymonkey Jun 2014 #23
you can pretty much sue anybody magical thyme Jun 2014 #24
I was thinking that she could drag their names through the mud. smirkymonkey Jun 2014 #44
once they're identified, they are destroyed professionally magical thyme Jun 2014 #48
It must be a mixed race thing too, because Jamastiene Jun 2014 #54
Hospital should be in trouble for violating HIPAA too. bluesbassman Jun 2014 #13
they'll get dinged frylock Jun 2014 #22
I've heard of an employee walked out the door due to an accidental violation magical thyme Jun 2014 #27
This is disgusting. bigwillq Jun 2014 #14
A link to that shameful Facebook site: arcane1 Jun 2014 #18
disgusting standingtall Jun 2014 #19
only 25K? frylock Jun 2014 #21
i would like to know more about the employees who did this JI7 Jun 2014 #25
only $25,000? barbtries Jun 2014 #29
See #30. The Velveteen Ocelot Jun 2014 #31
I'd like our local hospitals to imagine my reaction if something similar happend to me. 47of74 Jun 2014 #34
Wonder if the employees vankuria Jun 2014 #35
Unconscionable. blackspade Jun 2014 #39
Hospital should settle immediately itsrobert Jun 2014 #40
Sooooo dumb to post that. tofuandbeer Jun 2014 #42
The people who did this are toast. Stonepounder Jun 2014 #43
Yes, intensive HIPPA training is required by all providor/payor contracts tosh Jun 2014 #63
There are some really nasty trolls out there........I hope this lady can move on. nt AverageJoe90 Jun 2014 #51
More power to her. I hope she wins. Jamastiene Jun 2014 #53
+1. n/t FSogol Jun 2014 #58
She may lose her lawsuit (or not win much) Sgent Jun 2014 #70
 

AAO

(3,300 posts)
45. Her reputation?
Thu Jun 5, 2014, 09:40 PM
Jun 2014

Getting VD is nothing to be shamed of. You could get something the first time you have sex, if you are so unlucky. And she's cured now, so why should anyone shy away from dating her?

Her reputation is that of a person egregiously betrayed, and a person that fought back. She has my respect.

 

magical thyme

(14,881 posts)
9. that's a major HIPAA violation. They will be fired and they won't work in the industry again.
Thu Jun 5, 2014, 06:57 PM
Jun 2014

Un-fucking-believable.

That is exactly what the HIPAA laws are intended to protect against.

Jackpine Radical

(45,274 posts)
33. That's what I was thinking as well.
Thu Jun 5, 2014, 08:44 PM
Jun 2014

Super-major HIPAA violation; I'm just a shrink & not a lawyer, but I think it might even be criminal for the individuals who did it since it was obviously intentional and malicious.

 

magical thyme

(14,881 posts)
69. yup. it's potentially criminal
Fri Jun 6, 2014, 11:01 PM
Jun 2014

not on the part of the hospital, but the employee who accessed the file and distributed it. Up to 10 years in prison and $250K in fines.

(b) Penalties
A person described in subsection (a) of this section shall—

(1)be fined not more than $50,000, imprisoned not more than 1 year, or both;

(2)if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and

(3)if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both.

surrealAmerican

(11,340 posts)
15. Agreed.
Thu Jun 5, 2014, 07:03 PM
Jun 2014

It was a horrible thing to do, not only because of the damage to this patient, but because such actions are likely to discourage others from seeking treatment for potentially embarrassing contagious diseases.

 

Trajan

(19,089 posts)
10. The release of her private information is a done deal
Thu Jun 5, 2014, 06:57 PM
Jun 2014

That bell cannot be unrung ...

Btw ... people are allowed to judge - is what we do, everyday, all day ... we judge ...

I am not a court of law ... I'm a human being with an opinion ... like it or not

 

Trajan

(19,089 posts)
55. Not at all
Fri Jun 6, 2014, 09:31 AM
Jun 2014

I can see where my post could be confusing ...

The release of her information is a done deal, due to the CRIMINAL choice that was made by the hospital personnel ... what THEY did was atrocious ...

I am judging the hospital personnel for their cruel act, NOT the woman ...

I read that post above as a defense of the hospital personnel, as if we cannot judge them .... that is what I disagree with .... along with the release of her private information .... that was heinous

MattBaggins

(7,894 posts)
46. Really?
Thu Jun 5, 2014, 09:42 PM
Jun 2014

So a woman with an STD is automatically a slut?

A nurse should never have done this and should remain non judgmental. This was way out of line as was your response. It would seem the medical profession would not be a good fit for you. It requires something called professionalism.

Your post is beyond facepalm.

 

Trajan

(19,089 posts)
56. That was a poorly written post
Fri Jun 6, 2014, 10:20 AM
Jun 2014

I wish I would have gotten back here sooner

I was responding to the person who complained of the hospital personnel being judged ... NOT the woman or her test results ... that is private and should have NEVER been released in the public domain ...

I hope that clears up any misunderstanding ...

Grammy23

(5,808 posts)
47. Well, what you say is true and the last time I checked there is no way to legislate
Thu Jun 5, 2014, 09:44 PM
Jun 2014

public opinion or the opinions all of us form every day. However, we can and do legislate taking action based on having an opinion about a situation. What these low lives did to this woman was wrong and illegal. I cannot fathom how they thought they could get away with it and you can be SURE that as hospital employees they full well knew that they were violating the law. Anyone who works in a place that has access to personal health information is reminded of that regularly and is required to sign off on documents stating that they understand the sensitive nature of the information AND that there are penalties for releasing it without authorization.

I can't believe she is only suing for a measly $25,000. They are lucky she is not suing for millions.....
 

Trajan

(19,089 posts)
57. Indeed ... I would fire that lawyer
Fri Jun 6, 2014, 10:23 AM
Jun 2014

And find another with a better sense of proportion ...

You are apparently the only response that understood what I was trying to say ... congratulations for parsing my unclear post

arthritisR_US

(7,269 posts)
49. They can judge all they want but they have no right to act on
Thu Jun 5, 2014, 10:41 PM
Jun 2014

it and make public private health information. Sanctimonious a-holes.

 

Trajan

(19,089 posts)
59. Just to be clear
Fri Jun 6, 2014, 10:25 AM
Jun 2014

I was defending the woman and castigating the hospital personnel ...

Not completely clear in my previous post ...

Response to Trajan (Reply #10)

monmouth3

(3,871 posts)
5. That's what I thought too. That's a drop in the bucket for the damage that has been done
Thu Jun 5, 2014, 06:50 PM
Jun 2014

to her personal life....

PeaceNikki

(27,985 posts)
7. And presumably others. I doubt she was the only one that happened to.
Thu Jun 5, 2014, 06:53 PM
Jun 2014

Some people are fucking horrid.

laundry_queen

(8,646 posts)
20. My thought too.
Thu Jun 5, 2014, 07:44 PM
Jun 2014

She should never have to work again, IMO. Imagine a potential employer searching her up?

 

HooptieWagon

(17,064 posts)
16. My thought exactly.
Thu Jun 5, 2014, 07:05 PM
Jun 2014

I believe the judge could increase the damages. And certainly the woman can amend her suit to higher damages.

Renew Deal

(81,802 posts)
17. Me too
Thu Jun 5, 2014, 07:26 PM
Jun 2014

Does employment status, education, income, etc affect how much she would expect to collect? It seems low.

 

joeybee12

(56,177 posts)
28. The complaint could read "in excess of $25,000...some jurisdictions you
Thu Jun 5, 2014, 07:52 PM
Jun 2014

can can't state exactly how much...here in Vegas, you have to state in excess of $10,000 in the complaint, and you could truly be asking for millions.

The Velveteen Ocelot

(115,280 posts)
30. Probably a requirement of the local court rules.
Thu Jun 5, 2014, 08:06 PM
Jun 2014

In some jurisdictions you ask for a certain amount "in excess of $XXXXX" because you have to plead a minimum jurisdictional amount but you don't want to limit the damages a jury might award. I'm fairly sure that's what this is.

Louisiana1976

(3,962 posts)
8. I wonder why the hospital posted her info on Facebook when HIPAA regulations
Thu Jun 5, 2014, 06:55 PM
Jun 2014

call for patient info's being kept confidential. I think she should have sued for much more than $25,000.

 

Trajan

(19,089 posts)
11. "The hospital" didn't post it
Thu Jun 5, 2014, 06:59 PM
Jun 2014

Specific persons did it on their own accord ...

Complete assholes ... $25,000 is too small a price ...

pnwmom

(108,925 posts)
41. The hospital is still responsible for it because they were its employees
Thu Jun 5, 2014, 08:59 PM
Jun 2014

and they had access to the info as part of their employment.

This is why the hospital needs liability insurance.

Nye Bevan

(25,406 posts)
66. What if it turns out that the hospital did everything right,
Fri Jun 6, 2014, 11:25 AM
Jun 2014

in terms of training, restricting access to data to a need-to-know basis, and so on, but a rogue employee went ahead and divulged the personal information anyway?

I think if the hospital can show that it did all that it reasonably could to prevent such a thing from happening, it should only be possible to sue the individual concerned.

pnwmom

(108,925 posts)
67. If a doctor who worked for the hospital did something wrong, even though
Fri Jun 6, 2014, 11:33 AM
Jun 2014

the hospital itself did nothing wrong, do you still think they couldn't sue the hospital?

Nye Bevan

(25,406 posts)
68. Only if the hospital was somehow negligent in not properly checking the doctor's credentials
Fri Jun 6, 2014, 12:16 PM
Jun 2014

when he or she was hired, or ignoring previous complaints about the same doctor. My point is that if the hospital did nothing wrong, they should not be penalized or be liable for damages.

If I run a business and hire someone who by all accounts is a wonderful person, and that employee at some point snaps and murders someone while working for me, I should not bear any civil or criminal liability, unless I had been negligent in some way such as ignoring warning signs in this employee's behavior.

sendero

(28,552 posts)
61. There is no "hospital"..
Fri Jun 6, 2014, 10:37 AM
Jun 2014

.... a "hospital" is its employees. If an employee of a hospital divulged the information the HOSPITAL is liable under HIPAA...

And I'm pretty sure the penalties can range way beyond $25K. Our organization is positively anal about preventing this by not letting anyone have access to any data that they don't have a compelling reason to access.

Personally if I were the woman, I'd sue the hospital and separately sue every individual involved.

 

Trajan

(19,089 posts)
62. Indeed ... I would sue the whole bunch
Fri Jun 6, 2014, 10:43 AM
Jun 2014

I was only objecting to the use of a broad term, 'hospital', when it was clearly the work of individuals without the sanction of hospital administrators ...

This does not mean the hospital is off the hook ... they are liable for the acts of their employees ...

This should be a $2,000,000.00 lawsuit, at minimum ...

sendero

(28,552 posts)
64. Of course...
Fri Jun 6, 2014, 10:47 AM
Jun 2014

.. I am not asserting that anyone with authority approved of or contributed to the action. But the way HIPAA is crafted, that doesn't matter.

the idea being that if you don't create an environment that makes confidentiality a top priority, then confidentiality will just never happen.

If you don't make the hospital (or insurance co, or any number of other business that have access to medical records) liable, there won't be such an environment or culture.

Personally, I think a lot more of our laws should be written this way, as it is HIPAA is one of the few that companies cannot wriggle out of.

In any event, the hospital is likely to fire everyone involved and they won't be getting comparable jobs from any company familiar with their infraction.

They just fucked themselves good.

 

magical thyme

(14,881 posts)
12. 'the hospital' didn't do it. Employees who had info access did it. It is a gross HIPAA violation
Thu Jun 5, 2014, 06:59 PM
Jun 2014

and the hospital will now face major fines for the violation. Those employees will be fired and no other health care companies will touch them with a 10' pole. Their careers are toast.

 

smirkymonkey

(63,221 posts)
23. Good, can she sue them individually?
Thu Jun 5, 2014, 07:48 PM
Jun 2014

I cannot believe this can happen. How did these jerks think that this would not come back to haunt them?

 

magical thyme

(14,881 posts)
24. you can pretty much sue anybody
Thu Jun 5, 2014, 07:49 PM
Jun 2014

but people are only worth suing if they have deep pockets. Or if the suer has really deep pockets and just wants to ruin them.

 

smirkymonkey

(63,221 posts)
44. I was thinking that she could drag their names through the mud.
Thu Jun 5, 2014, 09:31 PM
Jun 2014

Like they did to her. Even if she didn't get much money, she could destroy them professionally. It's worth a try. I guess I am a bit vindictive. I would do anything to get back at them. I guess it might be an Italian thing.

 

magical thyme

(14,881 posts)
48. once they're identified, they are destroyed professionally
Thu Jun 5, 2014, 10:02 PM
Jun 2014

No hospital is going to hire them due to the obvious risk involved. We live in fear of accidental HIPAA violations. To do it deliberately is insane.

Jamastiene

(38,187 posts)
54. It must be a mixed race thing too, because
Fri Jun 6, 2014, 05:42 AM
Jun 2014

I'm mixed race (Caucasian, NA, and AA) and would do the same thing you mentioned doing, if I possibly could.

bluesbassman

(19,310 posts)
13. Hospital should be in trouble for violating HIPAA too.
Thu Jun 5, 2014, 07:00 PM
Jun 2014

Absolutely disgusting behavior. I hope all of the employees involved are terminated for this.

 

magical thyme

(14,881 posts)
27. I've heard of an employee walked out the door due to an accidental violation
Thu Jun 5, 2014, 07:50 PM
Jun 2014

Deliberate? Their toast. They'll be fired and won't work in the industry again.

 

bigwillq

(72,790 posts)
14. This is disgusting.
Thu Jun 5, 2014, 07:00 PM
Jun 2014

Not only posting personal info, but the name calling? WTF.

I would have sued for a lot more than 25K.

 

arcane1

(38,613 posts)
18. A link to that shameful Facebook site:
Thu Jun 5, 2014, 07:27 PM
Jun 2014
https://www.facebook.com/#!/groups/1418819821714582/


It's a closed group, so the staff must be members in order to post pictures. This increases the likelihood that this woman isn't the only victim


On edit: I've reported it as hate speech.

JI7

(89,182 posts)
25. i would like to know more about the employees who did this
Thu Jun 5, 2014, 07:50 PM
Jun 2014

because anyone who is going to work in any way related to the medical field, even if it's more of a clerk type job and has access to this info is taught not to do this.

did they have something against her ? did they know her before ? these people are fucked up.

and i agree that it should be a lot more. and the people should never ever be allowed to work anywhere where they can get access to this type of info on people.

barbtries

(28,702 posts)
29. only $25,000?
Thu Jun 5, 2014, 07:52 PM
Jun 2014

she deserves more than that. and i'm wondering if the perpetrators could not be criminally charged. how could they do that.

 

47of74

(18,470 posts)
34. I'd like our local hospitals to imagine my reaction if something similar happend to me.
Thu Jun 5, 2014, 08:46 PM
Jun 2014

And how unpleasant the resulting legal shitstorm will be.

vankuria

(901 posts)
35. Wonder if the employees
Thu Jun 5, 2014, 08:49 PM
Jun 2014

responsible could face criminal charges for violating HIPAA regulations?

Cannot imagine what the heck they were thinking and if there may be other victims of this prank. Not only will they never work in the health care industry but wonder if any employer would want them involved in their business?

itsrobert

(14,157 posts)
40. Hospital should settle immediately
Thu Jun 5, 2014, 08:58 PM
Jun 2014

pay her $50,000. She should ask for a lot more if you ask me. Millions.

Stonepounder

(4,033 posts)
43. The people who did this are toast.
Thu Jun 5, 2014, 09:10 PM
Jun 2014

They are criminally liable for violating HIPPA which is a Federal statute and carries criminal penalties. They are also civlally liable, individually and together. The big question is the hospital's liability. It is not a given that the hospital shares liability. That depends on the facts. What kind of audits does the hospital have in place to catch HIPPA violations? Are all employees aware of HIPPA and the consequences of violating it? Etc.

I worked in the medical software industry for about 15 years until I retired and was around when HIPPA came in. It was a massive headache from a programming point of view, since it basically says you have to be able to audit everything. Who touched a record, when, why, what did they do, etc. We had levels of security authorization from the head nurse who could look at the records of anyone on her wing, to individual nurses who could only look at their own patients, to who could look, who could enter, who could change, what times of day were they authorized for. Every time a record was touched for any reason, an audit record was generated. And even with all that we disclaimers on our software that we did not claim that it was fully HIPPA compliant. (And this was software that started at about $1,000,000 per hospital and went up from there.) I do know, however, that it was banged into our heads from the very beginning that we were all considered under HIPPA regulations and that if we were caught breaking any of the privacy rules we were out the door in a heatbeat and don't ask for references.

In this instance, if there was a nurse involved who, as part of her regular duties, was expected to access the patient's chart, and who then decided to knowingly violate both hospital policy and HIPPA, the hospital may be able to avoid a large part of the liability. My experience with hospitals is that they take HIPPA very seriously.

It will be interesting to see how this all plays out. If a nurse was actually involved, she will lose her license and will probably never get another job in health care again. It will also be interesting to see if the case stays civil or if state and/or federal prosecutors decide to get involved. personally, I would like to see the feds go after these lowlifes and make an example out of them. I'm not sure what the penalties for violating HIPPA are, but I would love to see the book thrown at these creeps.

tosh

(4,422 posts)
63. Yes, intensive HIPPA training is required by all providor/payor contracts
Fri Jun 6, 2014, 10:44 AM
Jun 2014

including - and especially - Medicaid. All employees in contact with patient info must be HIPPA certified annually and certification records must be kept, subject to audit.

The hospital's contracts are at stake at the very minimum.

Edited to add that certification records must include outside contractors as well as employees.

Jamastiene

(38,187 posts)
53. More power to her. I hope she wins.
Fri Jun 6, 2014, 05:35 AM
Jun 2014

Where I live, the local paper published the names of people who tested positive for HIV back in the 90s. I was astounded that they would do such a thing. Someone's health is no one's business but their own, unless they decide to share the information themselves. Everyone else should butt the fuck out. If we can't even trust doctors, nurses, and hospitals, how are people supposed to get medical care?

Sgent

(5,857 posts)
70. She may lose her lawsuit (or not win much)
Fri Jun 6, 2014, 11:41 PM
Jun 2014

There is no private right of action for HIPAA violations. The feds can fine you, and may very well be able to imprison the nurse, but you cannot sue due to a HIPAA violation.

The release of information is still unethical and the actions probably violate state medical licensure laws, but the hospital may or may not be liable depending on the negligence standard required. If it was a nurse who posted it, presumably he or she would be liable.

The problem is that in most states you have to prove financial harm, and the patient is going to have a tough time doing this.

I wish her luck, and she may be able to get the nurse professionally sanctioned possibly with jail time, the hospital fined, and yet only get $1 for her efforts.

Latest Discussions»General Discussion»Woman sues hospital for p...