• Categories

  • Archives

    « Home

    Ars Technica: MySpace gripe about patient sparks federal privacy complaint

    Ars Technica reports on a case in Pennsylvania concerning medical privacy. After reading posts about patients on an OB/GYN’s employee’s MySpace page, a patient has filed a complaint with the Pennsylvania Department of Health and Human Services alleging violations of the Health Insurance Portability and Accountability Act (HIPAA).

    None of the posts named the women they discussed, but one of the patients who spoke anonymously with reporters said that she had recognized both herself and a friend as the targets of one item. Under HIPAA’s privacy rules—except under specific authorized circumstances—health care providers may not share medical information when “there is a reasonable basis to believe the information can be used to identify the individual.” The statute provides for civil penalties of $100 per violation in cases of “willful neglect,” and a person who “knowingly” discloses private health information can face criminal sanctions of up to $50,000 in fines or a year in prison.

    I have previously written about how data from social networking sites are being used against employees, job applicants, applicants to colleges and graduate schools, and in criminal trials.

    Leave a Reply