My daughter was on her facebook and showed me that a friend of hers who works in a doctors office, had posted a picture of someones lab results with "HIV Positive" highlighted. The picture showed part of a soc sec # and a partial name. The girl who did this wrote : "LOL" under th pic and posted it to facebook.
How could this be reported? Who should I call? There were comments from her teenager friends telling her : Girl this a major violation of hippa!
Since this is a federal crime, why not call the FBI, and ask them to please pursue the case. You have her name and her FB ID. You could even try local LE.
She has committed a crime, potentially punishable by jail time, and LE needs to step in and decide how/whether to prosecute or simply give her a warning.
Wow, how disturbing. Kudos to you for pursuing the matter. I'd stalk, er look back, on her previous posts and info page and try to find out her employer.
Even if the pic was a hoax, if she presented it as if it were from her employment, she would surely at least lose her job. I agree that your best option is to contact law enforcement. It won't take long for them to figure out where she works. Law enforcement may also be able to contact a state licensing agency if this individual is licensed and might determine through them where she works.
If the link does not work or show search for "hhs dot gov, and hipaa comlaint" (link hhs and gov, remove the word dot)
Interestingly she is immune under HIPAA law. She is not a covered entity. The doctor or clinic or doctor's office is not immune.
In other words if you find that your girlfriend has cancer and you post it on Facebook HIPAA is no recourse to you. Some states have privacy laws and in that case state privacy law would prevail.
Frankly I would file the complaint against the doctor's office. This callous person needs to be fired on the spot. Her post is far beyond insensitive, it's repulsive.
I do not know if you need to be the person whose rights were violated, or if a bystander (as this case is) can issue a complaint. Try it and let us know how it turned out.
I can remember, long ago, before HIPAA, seeing the doc at my college clinic for something routine, and there on the table was a list of seven woman's names with pregnancy results. I was shocked to see it, but pleased to see that most were "negative," and next to one that was positive, the words: "And totally thrilled!"
Not sure I understand when you say she is "immune" from HIPAA due to not being a "covered entity." Are you saying that individual employees in general are immune to HIPAA penalties and that only healthcare agencies can face HIPAA penalties? I always understood that individual employees can face charges, fines, and even jail time for HIPAA violations.
Specializes in Infectious Disease, Neuro, Research.
Not sure I understand when you say she is "immune" from HIPAA due to not being a "covered entity." Are you saying that individual employees in general are immune to HIPAA penalties and that only healthcare agencies can face HIPAA penalties? I always understood that individual employees can face charges, fines, and even jail time for HIPAA violations.
This is the beauty of HIPAA- as long as the clinic "takes action", as soon as they are notified, they will not be liable. The employee, however, is subject to all of the above, in addition to the civil damages which cannot be pursued against the clinic, again, as long as they take action.
Not sure I understand when you say she is "immune" from HIPAA due to not being a "covered entity." Are you saying that individual employees in general are immune to HIPAA penalties and that only healthcare agencies can face HIPAA penalties? I always understood that individual employees can face charges, fines, and even jail time for HIPAA violations.
Good point and let me review what I stated, here is the terminology of who is liable:
"Health care provider" is defined by HIPAA as any person who, in the normal course of business, furnishes, bills, or is paid for care, services or supplies related to the health of an individual.
Therefore, in reviewing the OP, I'll retract what I said earlier since this person is paid for services relating to the health of an individual. Good point and thanks for nudging me into reviewing the law, I stand corrected.
If a patient sees another patient's form at a doctor's office and then makes such a post, that person is immune, but the negligent doctor's office is not. Here the operative words are: "...is paid for..." And since this person works there, the complaint can be bought against her.
vanburbian
228 Posts
Since this is a federal crime, why not call the FBI, and ask them to please pursue the case. You have her name and her FB ID. You could even try local LE.
She has committed a crime, potentially punishable by jail time, and LE needs to step in and decide how/whether to prosecute or simply give her a warning.