Hospital Facebook post leads to ID theft

University of Arizona Medical Center (photo: UAMC)University of Arizona Medical Center (photo: UAMC)

'I want everybody to know about this.'

An Arizona hospital is facing scrutiny after one of its employees posted a workplace photo on Facebook, inadvertently including the protected health information and Social Security number of a patient.

The University of Arizona Medical Center South-Campus confirmed that an emergency room employee posted a photo of her workstation back in June, which included a shot of a computer screen containing the patient's information, according to a report from Green Valley News. Four months later in October, the patient notified law enforcement that she was the victim of identity theft, as someone had attempted to use her information to qualify for food stamps. 

Although the photo was removed from Facebook reportedly 30 minutes after it was posted, the patient expressed concern that the employee and their friends are still in possession of the photo. "I want everybody to know about this," the patient said to GVN. "I don't want anyone else to go through this kind of hell."

[See also: Ready or not: HIPAA gets tougher today.]

This is far from the first incident where hospital employees have posted patient data on social media sites -- either advertently or inadvertently. 

Back in 2010, Alexandra Thran, MD, was fired from Rhode Island-based Westerly Hospital after she posted a trauma patient's data to a social media site. Although the patient's name wasn't listed, enough information was available so the patient could be identified in the community. 

[See also: Email chain mishap exposes data of 3,700.]

In 2011, a staffing agency employee working at Providence Holy Cross Medical Center in Mission Hills, Calif., reportedly posted a patient data on his Facebook page, ridiculing the patient's medical condition, the Los Angeles Daily News reports. "Funny but this patient came in to cure her VD and get birth control," he wrote along with a photo of the patient's medical record. 

Incidences such as these, cropping up nationwide, have prompted many organizations to adopt strict social media policies for employees.

[See also: Arkansas data breach remains unclear, gender discrimination lawsuit at core.]