(866) 445-2964

Hospital Privacy Violation Lawsuits

Patients who exchange information about their medical condition, treatment, and finances with their healthcare entities and providers have a reasonable expectation that this information will be kept private.

However, as the result of a recent major breach, hundreds of prominent hospitals and healthcare facilities violated their patients’ privacy by sharing personally identifiable information with third parties, including Facebook, in violation of state privacy laws. The affected facilities are located in the following states:

    • California
    • Florida
    • Maryland
    • Massachusetts
    • Pennsylvania
    • Washington

HIPAA violations related to social media are not new. In 2017, a 24-year-old North Carolina medical technologist posted about a patient killed in a car crash, using the words, “Should have worn her seatbelt…” Although the employee said the purpose of her post was to remind people to wear their seatbelts, the post went viral and was considered to have disclosed private health information (PHI) about the patient. As a result of the breach, the employee was fired.

Privacy Laws Hospitals Must Follow

HIPAA, (Health Insurance Portability and Accountability Act of 1996) not only gives patients rights over their health information, but also sets rules and limitations on who can look at and receive this information, whether it is electronic, written, or oral. Prior to HIPAA, no rules existed to protect patient health information, but with the emergence of new technologies to improve the quality and efficiency of patient care, the number and severity of potential security risks also increased.

Most health care providers, including doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists, must follow HIPAA’s privacy regulations, which apply to the following:

    • Information doctors, nurses, and other health care providers put in a patient’s medical record.
    • Conversations doctors have with nurses and others about a patient’s care or treatment.
    • Patient information contained in a health insurer’s computer system.
    • Billing information about patients.
    • Most other health information kept about a patient by those who are required to follow the regulations.

Under HIPAA’s Privacy Rule, covered entities and their business associates must put safeguards in place that will protect patients’ private health information (PHI) to ensure that it is not used or disclosed improperly. These individuals and entities are required to reasonably limit the use and disclosure of this information to the minimum necessary to accomplish their intended purpose, and must implement procedures to limit those who can access and view patients’ protected health information. Training programs to instruct employees about how to protect patient health information must be implemented.

HIPAA also includes a Security Rule that establishes a national set of security standards for protecting electronic health information that is created, received used, or maintained by a covered entity, and requires the appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI.

What is Considered a Breach of HIPAA?

According to federal law, a breach of protected health information occurs through the “acquisition, access, use, or disclosure of unsecured PHI in a manner not permitted by HIPAA which poses a significant risk of financial, reputational, or other harm to the affected individual.”

Some common examples of social media HIPAA violations include:

    • Posting information about a patient to unauthorized parties, even if the patient is not named.
    • Sharing any form of PHI, including photos, without written consent from a patient.
    • Assuming that posts are private or have been deleted when they are still visible to the public.
    • Sharing of comments or pictures that happen to contain protected patient information (charts or files).

Social media violations of HIPAA are becoming increasingly common, and although difficult to predict or prevent, their consequences can be severe. They can include civil lawsuits, loss of medical license, employee termination, civil fines ranging from $100 to $1,500,000, and criminal penalties of as much as $250,000 in fines and up to 10 years in prison.

Has a Hospital Violated Your Privacy? Contact an Attorney Today

A privacy breach is a very serious matter. You may be able to recover damages by filing a lawsuit if you:

    • Have a Facebook account.
    • Your hospital or doctor’s office was one of the affected facilities.
    • You have visited pages on the healthcare entity’s website and/or logged into a patient portal within the last two years.

If you have been the victim of a hospital privacy breach, contact the legal advocates at Consumer Safety Law to learn more about how you can protect your consumer rights today.

Receive a Free Legal Consultation

We have helped thousands of people across the country recover millions in verdicts and settlements.

make an appointment

"I am very pleased and had a wonderful experience with the firm. Would definitely use their services again."


"I appreciate all that the Simmons firm has done for me. I’m thrilled with the result they got for me and want to say thanks to everyone there."


"I lost my wife to a heart attack caused by a dangerous drug. While nothing I do will ever bring her back, the Simmons firm helped ensure that other people won’t have to suffer the same loss as me. That product is no longer on the market and the company responsible for selling it to my wife paid a heavy financial price for hurting people like her."


"My mom had a catastrophic stroke as a result of taking a weight-loss product. The Simmons firm fought tirelessly to get her the best result possible. Thanks to them we can afford to get her the medical and therapeutic care she needs."


We stand for our clients

We have helped thousands of people across the country recover millions in verdicts and settlements. Our dedication to customer service, our national resources, and our cumulative centuries of legal experience are what drives our results.

With the attorneys and legal staff of Simmons Hanly Conroy on your side, you can rest easy knowing that tremendous experience and knowledge, combined with resources and commitment, are hard at work for you.

We are resolute and unwavering in our stance against corporate wrong-doers.

Contact us today using the form to schedule your free, no-obligation legal consultation.

Get Your Free Consultation