Dive Brief:
- HHS has launched a federal investigation into HIPAA privacy violations at the University of Cincinnati Medical Center.
- The investigation arose when a financial services employee of the medical center accessed detailed billing records of a patient with an STD and shared them with someone else, who in turn deliberately and maliciously published those records on Facebook, ridiculing the patient in the process.
- The hospital voluntarily reported the incident to HHS by this year's March 1 deadline, and has fired the employee.
Dive Insight:
In its defense, the hospital can always note that it was not the employee who conducted the vicious public attack on Facebook, but rather, the father of the woman's then-unborn child. However, in theory hospital policies and procedures should have prevented this from happening, as financial employees probably shouldn't have access to intimate details of a patient's medical history. HHS is likely to take this situation very seriously, as it's the epitome of the privacy breaches HIPAA exists to prevent. Expect to hear more about this case in the future, which isn't likely to end well for the medical center.