A patient who found her discovered that her private medical information was available on social media platforms is suing the Northwestern Medicine Regional Medical Group for PHI exposure.
Earlier this month, Gina Graziano discovered that an unauthorised individual had made some of her medical files available on Facebook and Twitter. She immediately contacted Northwestern Medicine to inform them of the breach. Posting medical information to social media platforms is a severe violation of the Health Insurance Portability and Accountability Act (HIPAA).
Northwestern Medicine investigated Graziano’s complaint. The investigation revealed that an employee of the hospital had accessed Graziano’s medical records twice, on March 5 and 6 2019. The employee had no justifiable or legitimate reason to access Graziano’s medical records. The hospital easily identified the employee involved, as they had used their unique login credentials to access the information.
Graziano’s medical file contained a range of sensitive information, including her personal details, the reason for a recent visit to the emergency department, lab test results, medications, medical history, imaging results, and other information.
In her lawsuit, Graziano claimed that she had been publicly humiliated as a result of the information being posted on social media sites. Initially, Graziano did not know which employee was responsible for the exposure of her PHI, as Northwestern Medicine did not include the name of the employee in the letter sent in response to her complaint. However, Graziano later learned that the employee in question was Jessica Wagner, the current girlfriend of her ex-boyfriend David Wirth. Both the lawsuit named both Wagner and Wirth.
Graziano’s lawsuit claims that Wagner accessed Graziano’s medical records for 37 minutes, then sent some of her medical information to Wirth. Wirth then posted the information on social media sites with the intent to cause Graziano shame and embarrassment.
Northwestern Medicine has confirmed that appropriate disciplinary action has been taken against Wagner over the HIPAA violation. Northwestern Medicine has informed the Department of Health and Human Services of the breach. It is unclear whether criminal charges have been filed against Wagner. CBS Chicago reports that Northwestern Medicine fired Wagner for the HIPAA violation.
Northwestern Medicine has issued an apology and has offered Graziano 12 months of credit monitoring services to protect her against identity theft and fraud.