Patient's 'embarrassing' private health information posted to Facebook after Contra Costa County medical privacy breach
Patient’s ’embarrassing’ private health information posted to Facebook after breach
The woman's coworkers reportedly saw her private medical information, and her lawyer said this made her so uncomfortable she left the role.
By Tori Gaines | Mar. 16, 2023
FILE: An unidentified patient gets blood drawn for STD testing. (Photo by Joe Raedle/Getty Images)
Story at a glance
A woman has reported that the results of her test for sexually transmitted diseases were posted to Facebook after a worker at a California hospital gained access to her medical records, according to a complaint shared by her attorney.
In February 2022, S.B. learned that a Facebook page impersonating her had been created. The page posted copies of S.B.’s private medical records — including evidence of STDs and other “embarrassing” details — on the public page.
After she reached out to Facebook to take the page down, S.B.’s attorney says it took more than a month for the posts to be removed.
CONTRA COSTA COUNTY, Calif. (KRON) — A woman has reported that the results of her test for sexually transmitted diseases were posted to Facebook after a worker at a California hospital gained access to her medical records, according to a complaint shared by her attorney.
For privacy, the woman was identified by the initials S.B. Her attorney, Torin Dorros, alleges that an employee at the Contra Costa Regional Medical Center in Contra Costa County gained access to S.B.’s personal medical records and released the information without the patient’s consent, in violation of the Health Information Portability and Accountability Act (HIPAA).
Stanford employee arrested on suspicion of false rape claims on campus
In February 2022, S.B. learned that a Facebook page impersonating her had been created. The page posted copies of S.B.’s private medical records — including evidence of STDs and other “embarrassing” details — on the public page.
After she reached out to Facebook to take the page down, S.B.’s attorney says it took more than a month for the posts to be removed.
In a letter written to S.B. on May 30, 2022, the Contra Costa Health Plan confirmed that her private medical information, including test results, had been posted to social media. The letter also shared tips for how S.B. could protect her information in the future.
Dorros argues that the worker shared S.B.’s private medical information in “a fashion to try and harm and cause emotional distress, embarrassment, and other harm.” S.B.’s coworkers also reportedly saw her private medical information, and Dorros said this made her so uncomfortable she left the role, losing out on money earned.
According to the complaint, the employee responsible for this incident was a contract employee, and therefore not technically employed directly by Contra Costa County. However, Dorros argues that regardless of her employment status, the hospital is still at least partially liable for her actions against S.B.
Dorros said in a statement:
“Protected Health Information (“PHI”) privacy breaches or violations in and of themselves carry with them, or inflict, an enormous amount of harm, especially emotional trauma, simply based upon the inherently personal and often compromising nature of the private information revealed. Many of my clients over the years have indicated that their specific PHI privacy violation was one of the most traumatizing experiences in their lives. That is why I feel so strongly about this area.
As to this specific case, I generally refrain from providing the press a lot of detail at the early stages/pre-litigation as I do my very best to work with the providers to try to achieve a reasonable resolution without the need for court intervention. That of course is not always possible, but I do my best to achieve that goal. I can indicate that the Hospital’s counsel to date has been nothing but professional and courteous and I look forward to continue working with her and the Hospital / County to hopefully get the parties to a place of resolution.”
The woman's coworkers reportedly saw her private medical information, and her lawyer said this made her so uncomfortable she left the role.
By Tori Gaines | Mar. 16, 2023
FILE: An unidentified patient gets blood drawn for STD testing. (Photo by Joe Raedle/Getty Images)
Story at a glance
A woman has reported that the results of her test for sexually transmitted diseases were posted to Facebook after a worker at a California hospital gained access to her medical records, according to a complaint shared by her attorney.
In February 2022, S.B. learned that a Facebook page impersonating her had been created. The page posted copies of S.B.’s private medical records — including evidence of STDs and other “embarrassing” details — on the public page.
After she reached out to Facebook to take the page down, S.B.’s attorney says it took more than a month for the posts to be removed.
CONTRA COSTA COUNTY, Calif. (KRON) — A woman has reported that the results of her test for sexually transmitted diseases were posted to Facebook after a worker at a California hospital gained access to her medical records, according to a complaint shared by her attorney.
For privacy, the woman was identified by the initials S.B. Her attorney, Torin Dorros, alleges that an employee at the Contra Costa Regional Medical Center in Contra Costa County gained access to S.B.’s personal medical records and released the information without the patient’s consent, in violation of the Health Information Portability and Accountability Act (HIPAA).
Stanford employee arrested on suspicion of false rape claims on campus
In February 2022, S.B. learned that a Facebook page impersonating her had been created. The page posted copies of S.B.’s private medical records — including evidence of STDs and other “embarrassing” details — on the public page.
After she reached out to Facebook to take the page down, S.B.’s attorney says it took more than a month for the posts to be removed.
In a letter written to S.B. on May 30, 2022, the Contra Costa Health Plan confirmed that her private medical information, including test results, had been posted to social media. The letter also shared tips for how S.B. could protect her information in the future.
Dorros argues that the worker shared S.B.’s private medical information in “a fashion to try and harm and cause emotional distress, embarrassment, and other harm.” S.B.’s coworkers also reportedly saw her private medical information, and Dorros said this made her so uncomfortable she left the role, losing out on money earned.
According to the complaint, the employee responsible for this incident was a contract employee, and therefore not technically employed directly by Contra Costa County. However, Dorros argues that regardless of her employment status, the hospital is still at least partially liable for her actions against S.B.
Dorros said in a statement:
“Protected Health Information (“PHI”) privacy breaches or violations in and of themselves carry with them, or inflict, an enormous amount of harm, especially emotional trauma, simply based upon the inherently personal and often compromising nature of the private information revealed. Many of my clients over the years have indicated that their specific PHI privacy violation was one of the most traumatizing experiences in their lives. That is why I feel so strongly about this area.
As to this specific case, I generally refrain from providing the press a lot of detail at the early stages/pre-litigation as I do my very best to work with the providers to try to achieve a reasonable resolution without the need for court intervention. That of course is not always possible, but I do my best to achieve that goal. I can indicate that the Hospital’s counsel to date has been nothing but professional and courteous and I look forward to continue working with her and the Hospital / County to hopefully get the parties to a place of resolution.”
