Facebook post, removed records among latest patient privacy breaches

Tools

As HIPAA compliance issues continue to rise, two recent California hospital incidents do nothing to suggest that patient data will be safer heading into the new year.

At Mission Hills-based Providence Holy Cross Medical Center, a hospital employee allegedly took it upon himself to post a picture of a patient's medical record on his Facebook account, reports the Los Angeles Daily News. The record contained the patient's name and date of admission.

The employee, who the hospital said was hired by a staffing agency, also made fun of the patient in comments on the post. Then he defended his actions, saying Facebook is "not reality" and the victim's name was just one "out of millions and millions of names," according to the Daily News. He continued: "If some people can't appreciate my humor [then] tough. And if you don't like it too bad because it's my wall and I'll post what I want to. Cheers!" 

The employee's name was not released because the matter is still under investigation, Meanwhile, an employee with Loma Linda (Calif.) University Medical Center was fired after taking home records for 1,336 patients around Dec. 19, reports KABC. The documents, which now are secure, contain birth dates, addresses, medical record numbers, driver's license numbers and Social Security numbers for the patients.

After the hospital discovered the breach, it sent notice to the sheriff, as well as the state health department and the patients themselves. One year of free credit monitoring has been offered to those affected.

For more information on either incident:
- check out this KABC piece
- here's the Daily News story

Related Articles:
Report: Healthcare accounts for 3 of the 6 worst data breaches in 2011
Health data breaches cost $6.5B annually
Healthcare industry poorly protecting patient privacy