Blog Update: How Good HIPAA Employee Practices Won the Day!

Are you training and monitoring your staff (1)Previously on your blog, we covered the case in our hometown Cincinnati.  The case involved UC [University of Cincinnati] Medical Center.  An employee gave patient lab results to a patient’s ex-boyfriend without authorization.  The lab results showed that the patient had tested positive for a viral disease.  The ex-boyfriend posted the lab results on Facebook.  The patient sued the ex-boyfriend, the employee, and UC Medical Center.


Read the initial blog post:  Cincy Ex-Boyfriend Learns about STD and Posts it on Facebook!  Click here or go to:


The verdict from the court is in.  UC Medical Center is not liable for the employee’s disclosure of patient information without authorization.  This is big win.  Numerous cases have been decided differently.  And, the liability of the employer’s health providers has been huge!


How could the UC Medical Center be found not liable?  Employee Training.  Employee Polices. Employee Disciplinary Code.  Yes, having the right things in place and doing the right things made all the difference.  The court held that UC Medical Center had trained its employees.  Employees were given the education about what was okay and not okay under HIPAA and other privacy laws.


Discover How a Rogue Employees Can Get You in Trouble with HIPAA; Click here or go to:


There were policies in place and employee disciplinary procedures for disciplining employees that violated HIPAA privacy and security.  Moreover, UC Medical Center followed the policies and procedures.  The bad acting employee was at fault.  This proves the old adage: an ounce of prevention is worth of pound of gold.



The case is not over, the patient’s attorney has indicated that they will appeal the court’s ruling.


Pledge Defense Button


Leave a Reply

Your email address will not be published. Required fields are marked *

Post Navigation