Middle TN Doctor Violates HIPAA Law By Posting Patient’s Personal Info On Social Media

Image Credit: Shutterstock

The Tennessee Conservative [By Jason Vaughn] –

A Middle Tennessee woman recently found out that her father’s doctor had posted his personal information on social media and there is no way to know who now has it and what is being done with it.

Tisha Russell’s father received a procedure at Maury Regional Medical Center to confirm a previous diagnosis of Stage 1 lung cancer.

According to Russell, her father’s pulmonologist, Doctor Jon Freels, took pictures during the procedure and posted them on social media.

The post contained details about the procedure and the associated picture had the patient’s personal information on it.

The post has now been deleted but Russell is concerned that her father’s sensitive, personal information was copied by potentially nefarious individuals and that it may be circulating on the web.

Scott Augenbaum, a retired FBI agent with expertise in cyber-crime prevention, said, “Nothing is ever really taken down off the internet” and that the information shown in the posted photo was enough for identity theft.

Augenbaum states that cyber criminals can use that information to, among other things, open up credit cards and “really cause a lot of havoc.”

Maury Regional Medical Center sent an apology letter to Russell, in which a supervisor stated that she regrets the incident and that the post was taken down immediately after she found out about it.

WSMV4 Investigates asked the supervisor whether the doctor would be disciplined for violating HIPAA laws but they only responded that the hospital had followed protocol and reported the incident to Health and Human Services.

Doctor Freels reportedly apologized to Russell’s family by email, partially explaining how the incident happened.

“I deeply regret that in sharing with colleagues’ information about the progressive technology we are using to better serve our patients, I inadvertently included patient information.  This is a mistake that shouldn’t have happened. This can happen to anybody,” Freels wrote.

Experts state that when something like this happens, victims can call their credit card companies and freeze their credit so that stolen personal information can’t be used for identity theft.

WSMV4 Investigates also spoke with local attorneys who stated that there is no ability for patients to sue for violations on this kind under federal law, but Tennesseans can bring a lawsuit under the state’s Patient’s Privacy Protection Act if the patient can prove they suffered damages from the exposure of their private health information.

Formal Complaints can also be filed with the U.S. Department of Health and Human Services.

WSMV4 Investigates also discovered that complaints against health care providers are confidential in Tennessee unless and until a complaint leads to the filing of formal disciplinary charges by a Health Professional Board.

About the Author: Jason Vaughn, Media Coordinator for The Tennessee Conservative  ~ Jason previously worked for a legacy publishing company based in Crossville, TN in a variety of roles through his career.  Most recently, he served as Deputy Director for their flagship publication. Prior, he was a freelance journalist writing articles that appeared in the Herald Citizen, the Crossville Chronicle and The Oracle among others.  He graduated from Tennessee Technological University with a Bachelor’s in English-Journalism, with minors in Broadcast Journalism and History.  Contact Jason at news@TennesseeConservativeNews.com