An Ohio woman filed a lawsuit Tuesday against University of Cincinnati Medical Center for the illegal release of private medical information.
Hours after UCMC became aware of the suit, hospital management fired an employee believed to be responsible for the leak.
The suit claims private medical records of a sexually-transmitted bacterial infection were posted to the Facebook group "Team No Hoes" on Sept. 19, 2013, days after her doctor's visit to UCMC when she was tested for the disease on Sept. 6. A screen shot of the woman's name, date of birth, hospital ID number, diagnosis, testing and test results was displayed online. Soon after the post became visible to the public, the suit says an offensive message was sent to the woman's inbox, along with comments on the post that labeled her a "hoe and a "slut."
"(Name) supposed to have a girl preg n she supposed to have syphilis n bet after seeing that medical record you hoes pleading the 5th," a comment read.
(Due to the explicit nature of other comments, WCPO chose not to include that information in our report.)
According to the suit, the woman kept the reason for her appointment a secret from the father of her unborn baby, Raphael Bradley. He repeatedly tried to ask her, but she denied his request of the information multiple times. Bradley told the woman he would ask his other child's mother, Ryan Rawls, who was an employee at UCMC.
Bradley called the woman on Sept. 18, 2013, and told her he was aware of her doctor's visit, and read her medical file to her over the phone.
The suit claims Rawls, along with an unknown nurse, posted the patient's medical records to Facebook. Rawls would not reveal the second defendant's identity, who maintains possession of the records and is making harassing phone calls to the plaintiff, the suit says.
The woman who filed the suit said she suffers from extreme emotional distress, and has to live in a city where her family, friends and colleagues are aware of her private medical history and treatment.
The woman claims she lost friends because her contagious disease was made known to the public, her attorney, Michael Allen said.
"She was embarrassed by this, she didn't want to go out in public, she didn't want to see her friends. She was a real mess," Allen said. "When you go to the hospital to get treated for anything - much less what she was treated for - you have an expectation that information is going to remain private and not be posted on somebody's Facebook page."
Bradley told WCPO he was unsure when he was even listed in the lawsuit. He claimed he was not a UCMC employee and forced no one to do anything.
UCMC President and CEO Lee Ann Liska issued a statement Thursday night regarding the case:
"We took swift action and our investigation revealed that the record had been accessed by a Financial Services employee who did not have a business reason to do so. This employee had been fully trained and acknowledged her responsibilities under law and UC Health policy, but apparently accessed the billing record through a personal motivation. The individual’s employment was terminated, and we reported the incident to federal authorities. This occurred within days of the patient making us aware of this occurrence."
Liska said UC Health investigated the suit's concerns, but found no other employee had inappropriately access the record, and the medical information's exposure did not require help from another employee.
"We made Mr. Allen aware of these findings, but he chose to include the allegations in the complaint that was recently filed," Liska said.
"We are outraged that anyone might misuse a position with UC Health to attempt to embarrass or cause harm to another person. This is contrary to our ethic and the training we provide to our associates, and we took immediate action as a result. The allegations in the recent lawsuit are isolated to the people named in the lawsuit, and by no means reflect the conduct of UC Medical Center associates, who are dedicated to serving thousands of patients annually and safeguarding the personal health information that has been entrusted to them. All associates have been reminded that the unauthorized access or viewing of medical records, or the unauthorized sharing of PHI, is a betrayal of that trust, and cause for immediate termination."
Nine counts makeup the suit, including unauthorized disclosure of nonpublic medical records, invasion of privacy, negligent infliction of emotional distress, negligent supervision and hiring, intentional infliction of emotional distress, inducement of unauthorized disclosure of nonpublic medical records, malice of defendant (Bradley), malice of defendant (Rawls) and Respondeat Superior.
Allen said his client seeks damages in excess of $25,000.
The defendants have 26 days from Thursday to answer the lawsuit. Then, the court will set pretrial conferences.