5 Bizarre HIPAA Violations

Being HIPAA compliant is a very serious topic in the United States healthcare community. Following simple security and safety measures for confidential information should be common-sense, but to others…sometimes it can slip the mind. Don’t let HIPAA violations cost your medical practice lawsuits or hefty fines!

Learn from these absolutely bizarre, and seemingly humorous HIPAA violations. Yes…these ACTUALLY happened:

1. Facebook HIPAA Case:
One employee at a medical center posted a picture on Facebook of a patient’s medical record. This included the name of the patient, without any attempt to cover it up. According to the LA Daily News, the medical center wrote: “Funny but this patient came in to cure her VD and get birth control.”

The Los Angeles Daily News claims that when other Facebook users engaged with this employee and informed him that he was blatantly violating the patient’s privacy and HIPAA laws, the employee responded: “People, it’s just Facebook…not reality.” Perhaps the consequences of this HIPAA violation and lack of respect for patient confidentiality will be a cold hard ‘reality’ check and costly error for this medical employee.

2. Britney Spears HIPAA Case:
When it comes to celebrities, privacy is hard to come by. Unfortunately for Britney Spears, this included the UCLA Medical Centre when 13 employees and 6 doctors, decided to be nosy and access Britney’s medical records. This was shortly after her infamous breakdown and ultimate psychiatric hospitalization in 2008.

To make matters worse, many of the employees had no legitimate medical reason to access Britney’s confidential information, and many were just non-medical support staff.

3. File Conversion HIPAA Case:
In 2016, an orthopedic clinic decided to hire an outside vendor to convert all X-Ray films they had on file, to a digital form, and then recycling the silver from the hard films. Seems harmless right?

Unfortunately for the orthopedic clinic, this resulted in a $750,000 fine and a legal order from the OCR to implement a Corrective Action Plan. All of this could have been prevented had the clinic signed a BAA with the outside vendor.

4. Murder Victim HIPAA Case:
An EMT was fired after he took it upon himself to take pictures on his personal cell phone of a murder victim, and posted them on a social media site. After being caught, the medical technician had to surrender his EMT license and was ordered to complete 200 hours of community service.

Luckily for the fire station he worked for, they did not face any charges. Phew!

5. Surgeon Fired Accessed Celebrity Health Records Case:
It appears Britney Spears isn’t alone in invasion of health records privacy! A former cardiothoracic surgeon named Huping Zhou (a Chinese immigrant) was fired from his job as a researcher for the UCLA School of Medicine.

After his dismissal, he illegally accessed records of his co-workers, his immediate supervisor, and you guessed it—several celebrities. Leonardo DiCaprio, Arnold Schwarzenegger, Drew Barrymore, and Tom Hanks were among the celebrities Zouh peeked at. It seems that revenge and celebrity curiosity can go hand in hand!

Zhou ultimately was sentenced to 4 months in prison, and was given a $2000 fine.