A dramatic reminder has come with the news that a North Carolina medical technician, Olivia O’Leary, 24, has lost her job after contravening the Health Insurance Portability and Accountability Act (HIPAA) by posting about the cause of death of an accident victim on Facebook. O’Leary was working at the Jacksonville Onslow Memorial Hospital when a dead-on-arrival car accident victim arrived. Later that same day, after work, O’Leary saw an online article about the car crash which killed the individual, and added a comment which read, “Should have worn her seatbelt…” Within a short time, her comment had evoked a strong response from angry readers, and in answer to someone on the original thread, O’Leary wrote: “Yepp. I was working today when they came in the ER.” She later said that all she had wanted to do was highlight the danger of not wearing a seatbelt, and that she was sad because the city had recently had a lot of vehicle deaths.
HIPAA states that medical staff, including anyone with information about someone’s medical records or other health information, are not allowed by law to disclose any information relating to the privacy of medical patients. Although the act of posting on Facebook in this case was certainly unintentional, the information it contained allowed O’Leary and her workplace to be identified, resulting in a contravention of the law. Medical facilities should take renewed steps to warn staff about the privacy regulations, and that posting on social media as an identifiable employee of any facility or company means that they can legally be considered as representing their employers. This places both employers and employees in a very difficult situation which, as the O’Leary case has demonstrated, can have unintended and unpleasant consequences.
