HIPAA: Providence Holy Cross will probe claim as hospitals eye policy shift.
Providence Holy Cross Medical Center officials are investigating an employee who allegedly posted a patient's medical information on his Facebook page, apparently to make fun of the woman and her medical condition.
According to a printout of the Facebook page obtained by the Daily News, the employee displayed a photo of a medical record listing the woman's name and the date she was admitted, and posted the comment: "Funny but this patient came in to cure her VD and get birth control."
Providence officials said the employee was provided by a staffing agency.
"We are investigating this report and if necessary will work with the staffing agency to ensure the individual is not allowed to work in the future in any Providence facility," hospital officials said in a statement. "We also will work with the agency to continue to provide training for contractors to comply with our patient privacy policies and our core values."
Because it is an ongoing investigation, Providence officials said the patient's and employee's name will not be released.
On the Facebook page, the employee is scolded by some posters, who tell him he is violating the woman's privacy, as well as the federal law known as HIPAA or the Health Insurance Portability and Accountability Act of 1996.
But he defends the posting and insists he will leave it up, writing: "People, it's just Facebook…Not reality. Hello? Again…It's just a name out of millions and millions of names. If some people can't appreciate my humor than tough. And if you don't like it too bad because it's my wall and I'll post what I want to. Cheers!"
Such postings may grow increasingly common, as medical files move from paper to electronic, exposing personal information to companies for marketing purposes, said Doug Heller, executive director for Consumer Watchdog, a Santa Monica-based organization that helped expose how health care companies were denying patient coverage based on pre-existing health conditions.
"A Facebook post is just the tip of the iceberg," Heller said. "An attack like this is not just awful for the individual patient, but it sends a message to patients that they may not trust the health care providers."
Only about a third of all hospitals are believed to have specific policies in place regarding patient information and social media sites, such as Facebook and Twitter, according to published reports. The issue has become an increasing challenge, because so many workers who view health information are also using the Internet day-to-day and could easily violate HIPAA laws, some health experts say. Last year, five nurses in Oceanside were fired after allegedly discussing patients on Facebook.
Providence officials said employees are continuously trained not to violate laws.
"Providence Health & Services, guided by core values that include respect and dedicated to compliance with state and federal privacy laws, takes patient privacy very seriously and regularly trains employees on the importance of guarding patient records," according to the statement by Providence.