U. of Cincinnati Medical Center not liable for employee’s Facebook post on a patient’s STD (updated)

Kevin Grasha has an update on a breach previously noted on this site.

University of Cincinnati Medical Center can’t be sued after an employee leaked private medical records about a patient who had syphilis, a judge ruled Monday.

The patient, a woman in her early 20s, filed the lawsuit last year. A screen shot of the woman’s private medical records from the hospital was posted on the Facebook group, “Team No Hoes,” in September 2013. The records listed the woman’s diagnosis as “maternal syphilis.” She was pregnant at the time.

Read more on Cincinnati.com.

In a way, and even though the patient may appeal the ruling, this ruling is consistent with other cases where covered entities were found not liable for employees’ egregious conduct that were outside the employee’s scope of work duties. In this case, the employee was reportedly in the financial services department.

It is not known what, if any, action HHS/OCR has taken as a result of their investigation into the incident.

Update: Jeff Drummond’s blog about this case mentions that this case has a different result than Hinchy v. Walgreens, a case that I covered last year, but temporarily forgot about it in writing up the Ohio case.  So we have cases in two states that found no employer liability and one case in a third state that found for the plaintiff/patient.

About the author: Dissent