Skip to content
  • About
  • Contact
  • Contribute
  • Book
  • Careers
  • Podcast
  • Recommended
  • Speaking
  • All
  • Physician
  • Practice
  • Policy
  • Finance
  • Conditions
  • .edu
  • Patient
  • Meds
  • Tech
  • Social
  • Video
    • All
    • Physician
    • Practice
    • Policy
    • Finance
    • Conditions
    • .edu
    • Patient
    • Meds
    • Tech
    • Social
    • Video
    • About
    • Contact
    • Contribute
    • Book
    • Careers
    • Podcast
    • Recommended
    • Speaking

HIPAA case studies: misguided mistakes and egregious errors

Michael J. Sacopulos, JD
Social media
March 7, 2019
Share
Tweet
Share

An excerpt from Tweets, Likes,and Liabilities: Online and Electronic Risk to the Healthcare Professional.

When it comes to HIPAA violations, there are, sadly, plenty of examples available to serve as cautionary tales. Some seem like innocent mistakes that just about anyone could make. Others are so egregious that those involved appear to be willfully inviting the wrath of regulators and malpractice attorneys. Unfortunately, some people assume that any post that does not include the patient’s name or photograph is a safe post. As we will see, that is a false and dangerous assumption. The following examples of HIPAA violations over the years offer valuable lessons for anyone dealing with patient privacy issues in the digital age.

Before and after

Because purely cosmetic procedures are not typically covered by health insurance, plastic surgery practices often need to market their services more aggressively than other providers. This often means posting patient “before and after” photos in order to showcase a surgeon’s results. Doing so can place the provider in the center of a digital minefield, where slip-ups can result in lawsuits and HIPAA violations. Mandi Stillwell, a San Francisco photographer, was stunned when a man she met on an online dating site informed her that his Google search of her name had turned up photographs of her bare breasts. Stillwell had undergone plastic surgery in Fresno and had agreed in writing to let Dr. Enraquita Lopez photograph her and use the images to market the practice. However, the agreement stipulated that if images of her results were used, Stillwell would remain unidentifiable. The photographs showed only her torso. Stillwell filed suit against Dr. Lopez. In court, Dr. Lopez’s lawyer explained that the doctor and her staff had made a mistake and accidentally placed identifiable photos of Stillwell on the internet. The photos were removed as soon as the doctor was made aware of them. The jury found in favor of Stillwell, and she was awarded an $18,000 settlement. Of course, just because the doctor had the photos removed from the internet does not mean they will not reappear. Any viewer with a computer could have copied them and could repost them at any time.

Even when a provider is confident that photos it has posted make it impossible to identify a patient, the digital world can prove them wrong. In one case, otherwise anonymous photos were posted on a practice’s website in such a way that clicking on the photos revealed their digital file names, which included the patients’ names. You must be aware of hidden or semi-hidden information in digital photos and other files and always make sure that all patient identifiers are removed.

To modify a line from Thomas Jefferson, the cost of patient privacy is eternal vigilance.

An inside job

An employee who unintentionally creates a HIPAA breach is bad enough, but a rogue employee who willfully creates them is every practice’s worst nightmare. Some employees can’t resist snooping in medical records; others go much further. Consider the case of a high-end plastic surgery practice located on Beverly Hill’s posh Rodeo Drive. A contract employee who started out as a driver and translator was soon given other duties, including data entry. Things went bad very quickly. Just six months after the employee started, the practice confronted her about missing funds. She quit but claimed she could not return her company phone because she had lost it. The practice was able to recover the phone when the ex-employee was caught trespassing at a facility that stored patient records. According to the office manager, the former employee had been surreptitiously photographing and videoing patients and procedures, patient records, and credit card numbers. It also appears the employee may have been responsible for a burglary at the practice, during which a large amount of data was downloaded to a hard drive and paper records were stolen. Some patients began receiving threatening and harassing phone calls and emails. As of this writing, the Los Angeles Sheriff’s Department is conducting an ongoing investigation.

Obviously, you should screen and background check employees carefully to help prevent “inside jobs.” And every employee should be thoroughly trained and know the boundaries that apply to their position. What’s more, you should be monitoring data access to ensure that no one is viewing, printing, or downloading any information that is beyond the scope of their duties. Doing so allows you to spot irregularities early on and deal with them in a timely manner.

Michael J. Sacopulos is a health care attorney and co-author of Tweets, Likes,and Liabilities: Online and Electronic Risk to the Healthcare Professional.

Image credit: Shutterstock.com

Prev

How to prevent ski injuries: tips from an orthopedic surgeon

March 7, 2019 Kevin 0
…
Next

To parents who have lost children: We never forget your children

March 7, 2019 Kevin 8
…

Tagged as: Practice Management, Twitter

Post navigation

< Previous Post
How to prevent ski injuries: tips from an orthopedic surgeon
Next Post >
To parents who have lost children: We never forget your children

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT

Related Posts

  • 3 surprising links to medical errors

    Health eCareers
  • How should physicians hear back about their diagnostic errors?

    Ashley Meyer, PhD and Hardeep Singh, MD, MPH
  • Medical errors? Sorry, not sorry.

    Iris Kulbatski, PhD
  • The case of HIPAA, an orthodontist, and Black Panther’s Michael B. Jordan

    Davis Liu, MD
  • 5 common and commonly overlooked mistakes in the medical school interview 

    Rajani Katta, MD
  • Made mistakes? How to spin them for your medical school applications.

    Michelle Finkel, MD

More in Social media

  • First impressions happen online—not in your exam room

    Sara Meyer
  • What teenagers on TikTok are saying about skin care—and why that’s a problem

    Khushali Jhaveri, MD
  • How social media and telemedicine are transforming patient care

    Jalene Jacob, MD, MBA
  • How DrKoop.com rose and fell: the untold story behind the Surgeon General’s startup

    Nigel Cameron, PhD
  • How I escaped the toxic grip of social media

    Dr. Damane Zehra
  • Why doctors must fight health misinformation on social media

    Olapeju Simoyan, MD
  • Most Popular

  • Past Week

    • Why removing fluoride from water is a public health disaster

      Steven J. Katz, DDS | Conditions
    • When did we start treating our lives like trauma?

      Maureen Gibbons, MD | Physician
    • Mastering medical presentations: Elevating your impact

      Harvey Castro, MD, MBA | Physician
    • Why the pre-med path is pushing future doctors to the brink

      Jordan Williamson, MEd | Education
    • Why what doctors say matters more than you think [PODCAST]

      The Podcast by KevinMD | Podcast
    • The hidden incentives driving frivolous malpractice lawsuits

      Howard Smith, MD | Physician
  • Past 6 Months

    • Why tracking cognitive load could save doctors and patients

      Hiba Fatima Hamid | Education
    • What the world must learn from the life and death of Hind Rajab

      Saba Qaiser, RN | Conditions
    • The silent toll of ICE raids on U.S. patient care

      Carlin Lockwood | Policy
    • Addressing the physician shortage: How AI can help, not replace

      Amelia Mercado | Tech
    • Why medical students are trading empathy for publications

      Vijay Rajput, MD | Education
    • Bureaucracy over care: How the U.S. health care system lost its way

      Kayvan Haddadan, MD | Physician
  • Recent Posts

    • Why the pre-med path is pushing future doctors to the brink

      Jordan Williamson, MEd | Education
    • Why the fear of being forgotten is stronger than the fear of death [PODCAST]

      The Podcast by KevinMD | Podcast
    • How a rainy walk helped an oncologist rediscover joy and bravery

      Dr. Damane Zehra | Physician
    • How inspiration and family stories shape our most meaningful moments

      Arthur Lazarus, MD, MBA | Physician
    • A day in the life of a WHO public health professional in Meghalaya, India

      Dr. Poulami Mazumder | Physician
    • Why women doctors are still mistaken for nurses

      Emma Fenske, DO | Physician

Subscribe to KevinMD and never miss a story!

Get free updates delivered free to your inbox.


Find jobs at
Careers by KevinMD.com

Search thousands of physician, PA, NP, and CRNA jobs now.

Learn more

View 1 Comments >

Founded in 2004 by Kevin Pho, MD, KevinMD.com is the web’s leading platform where physicians, advanced practitioners, nurses, medical students, and patients share their insight and tell their stories.

Social

  • Like on Facebook
  • Follow on Twitter
  • Connect on Linkedin
  • Subscribe on Youtube
  • Instagram

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT

  • Most Popular

  • Past Week

    • Why removing fluoride from water is a public health disaster

      Steven J. Katz, DDS | Conditions
    • When did we start treating our lives like trauma?

      Maureen Gibbons, MD | Physician
    • Mastering medical presentations: Elevating your impact

      Harvey Castro, MD, MBA | Physician
    • Why the pre-med path is pushing future doctors to the brink

      Jordan Williamson, MEd | Education
    • Why what doctors say matters more than you think [PODCAST]

      The Podcast by KevinMD | Podcast
    • The hidden incentives driving frivolous malpractice lawsuits

      Howard Smith, MD | Physician
  • Past 6 Months

    • Why tracking cognitive load could save doctors and patients

      Hiba Fatima Hamid | Education
    • What the world must learn from the life and death of Hind Rajab

      Saba Qaiser, RN | Conditions
    • The silent toll of ICE raids on U.S. patient care

      Carlin Lockwood | Policy
    • Addressing the physician shortage: How AI can help, not replace

      Amelia Mercado | Tech
    • Why medical students are trading empathy for publications

      Vijay Rajput, MD | Education
    • Bureaucracy over care: How the U.S. health care system lost its way

      Kayvan Haddadan, MD | Physician
  • Recent Posts

    • Why the pre-med path is pushing future doctors to the brink

      Jordan Williamson, MEd | Education
    • Why the fear of being forgotten is stronger than the fear of death [PODCAST]

      The Podcast by KevinMD | Podcast
    • How a rainy walk helped an oncologist rediscover joy and bravery

      Dr. Damane Zehra | Physician
    • How inspiration and family stories shape our most meaningful moments

      Arthur Lazarus, MD, MBA | Physician
    • A day in the life of a WHO public health professional in Meghalaya, India

      Dr. Poulami Mazumder | Physician
    • Why women doctors are still mistaken for nurses

      Emma Fenske, DO | Physician

MedPage Today Professional

An Everyday Health Property Medpage Today
  • Terms of Use | Disclaimer
  • Privacy Policy
  • DMCA Policy
All Content © KevinMD, LLC
Site by Outthink Group

HIPAA case studies: misguided mistakes and egregious errors
1 comments

Comments are moderated before they are published. Please read the comment policy.

Loading Comments...