HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Oakwood Healthcare Worker Fired for HIPAA-Violating Facebook Comments

Michigan healthcare provider, Oakwood Healthcare, Inc., has confirmed that a member of staff at Oakwood Hospital & Medical Center in Dearborn has had her employment contract terminated after posting disparaging comments about a patient on her Facebook page.

WJBK Fox 2 reported that the hospital worker, Cheryl James, posted two comments on her Facebook page about a patient. One comment was deemed unrepeatable by WJBK, although Cheryl was reported to have said that she “came face to face with a cop killer” and that she hoped he “rots in hell”.

When Cheryl’s bosses learned of her Facebook posts they advised Cheryl that they would have to investigate the matter and Cheryl promptly removed the posts. She expected disciplinary action would be limited to a reprimand or even a suspension, but the hospital terminated her employment for violating HIPAA data privacy rules.

According to a statement released by Oakwood Hospital, “We all have a legal and ethical responsibility to put our personal opinions aside and provide the care required for any patient who has entrusted us with their health.”

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The hospital takes the privacy of its patients seriously and ensures that all employees are provided with training on data security and privacy rules. All employees are informed that patient details must always be kept confidential. Under the circumstances there was no alternative to terminate the employee’s contract as it was understood that HIPAA rules had been violated, even though the patient’s name was not disclosed.

Posts on social media networks containing protected health information and other confidential information violate HIPAA regulations, and the employee’s position at the hospital together with the details provided on the patient could potentially lead to his identification, even in the absence of a name. Cheryl is planning on fighting her termination on legal grounds as she did not reveal the patients name.

Healthcare organizations should take note of this incident and ensure that their social media policies are up to date and employees are trained on data privacy rules and regulations, in addition to being advised how regulations relate to social media posts and other online activities.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.