Lawsuits For Unauthorized Release Of Private Medical Information

medical malpractice

We have previously written that the Health Insurance Portability and Accountability Act of 1996 (HIPAA), while requiring private health information be kept private, does not allow for an individual to file a lawsuit based on a violation of HIPAA. While a HIPAA violation does not provide the right for an individual to file a lawsuit when private medical information is released, one may still have the basis for such a suit under the torts of Invasion of Privacy or Breach of Confidentiality.

Invasion of Privacy 

State laws vary on the particulars, but in general an Invasion of Privacy lawsuit can be brought under three alternative theories: intrusion of seclusion, appropriation of a name or likeness of another, and publication of private facts. The release of personal medical information falls under the ‘publication of private facts’ category.

Who Can Sue for Publication of Private Facts?

Only actual live human beings, and not corporations or other organizations, can sue for publication of private facts. You cannot invade the privacy of a dead person. Therefore, an estate cannot sue you for publishing private facts about a dead person, unless your publication took place before the person in question died.

Unlike lawsuits for defamation, the truthfulness of the facts disclosed is not a defense in an invasion of privacy case. And also unlike defamation, the plaintiff does not have to prove special damages, meaning no actual harm must be proven in order to prevail.  Unlike defamation, where compensation is confined to actual injury, for invasion of privacy, damages are extended to presumed or punitive damages. Invasion of Privacy is a willful tort which constitutes a legal injury, and damages for mental suffering are recoverable without the necessity of showing actual physical injury.

A plaintiff must establish four elements to hold someone liable for publication of private facts:

1. Public Disclosure: The disclosure of facts must be public. Another way of saying this is that the defendant must “give publicity” to the fact or facts in question.

2. Private Fact: The fact or facts disclosed must be private, and not generally known.

3. Offensive to a Reasonable Person: Publication of the private facts in question must be offensive to a reasonable person of ordinary sensibilities.

4. Not Newsworthy: The facts disclosed must not be newsworthy. Stated differently, the facts disclosed must not be a matter of legitimate public concern.

Public Disclosure 

Public Disclosure, for the purposes of an invasion-of-privacy claim, means that the matter is made public, by communicating it to the public at large, or to so many persons that the matter must be regarded as substantially certain to become one of public knowledge.?Restatement (Second) of Torts § 652D In other words, there are two methods to satisfy the publicity element of an invasion-of-privacy claim: the first method is by proving a single communication to the public, and the second method is by proving communication to individuals in such a large number that the information is deemed to have been communicated to the public.

Courts have held that the publicity element of an invasion-of-privacy claim is satisfied when private information is posted on a publicly accessible Internet website. The Restatement and caselaw teach that proof of publicity under the first theory does not require evidence that the information has been communicated to a large number of people. Rather, the question is whether the information has been communicated to the public at large.?Yath v. Fairview Clinics, N. P., 767 N.W.2d 34 (Minn.App. 06/23/2009)

Private Fact

The term “private facts” refers to information about someone’s personal life that has not previously been revealed to the public, that is not of legitimate public concern, and the publication of which would be offensive to a reasonable person. For example, writing about a person’s HIV status, sexual orientation, or financial troubles could lead to liability for publication of private facts. However, the law protects you when you publish information that is newsworthy, regardless of whether someone else would like you to keep that information private. In addition, the law protects you if you publish information already exposed to the public eye and especially material obtained from publicly available court records.


A plaintiff bringing a publication of private facts claim must show that, under the circumstances, publishing the facts in question would have been highly offensive to a reasonable person of ordinary sensibilities. The question is not whether the plaintiff himself/herself found the public disclosure highly offensive, but whether an ordinary person reflecting community mores would find it so.

Newsworthiness — Matters of Legitimate Public Concern

Newsworthiness is ordinarily the most important issue in a publication of private facts case. In many states, a plaintiff bringing a publication of private facts claim must show affirmatively that the facts disclosed were not newsworthy, that they were not a matter of legitimate public concern. In other states, the defendant must raise newsworthiness as a defense. Many courts hold that publishers have a constitutional privilege to publish truthful information on a matter of legitimate public concern. You generally cannot he held liable for disclosing private facts about someone so long as those facts are of legitimate public concern.

Each state has its own definition of what constitutes invasion of privacy through the publication of private facts.  A plaintiff must look to the laws of the state in which the disclosure of private facts was made. Some states have specific statutes which create the right to sue for certain invasions of privacy. For example, Massachusetts has a statute which says “[a] person shall have a right against unreasonable, substantial,  or serious interference with his privacy”. Mass. Ann Laws Ch. 214 § 1(B)

Invasion of Privacy In Healthcare

As previously noted, HIPAA is irrelevant when it comes to filing a lawsuit for the disclosure of private medical information. Our previous article, HIPAA Violations: Not A Cause Of Action For A Lawsuit, discussed this:

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.

Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information.  If an entity is not a covered entity, it does not have to comply with the Privacy Rule or the Security Rule. Covered entities include health care providers, health plans and health care information clearing houses. Your best friend, family member or neighbor, unless they are also your health care provider, is not a covered entity.

The Privacy Rule, a Federal law, gives you rights over your health information and sets rules and limits on who can look at and receive your health information. The Privacy Rule applies to all forms of individuals’ protected health information, whether electronic, written, or oral. The Security Rule, a Federal law that protects health information in electronic form, requires entities covered by HIPAA to ensure that electronic protected health information is secure.

The U.S. Department of Health and Human Services’ Office for Civil Rights(OCR)  is responsible for enforcing the Privacy and Security Rules. Enforcement of the Privacy Rule began April 14, 2003 for most HIPAA covered entities. HIPAA does not create or allow for an individual to bring a lawsuit against a covered entity. If an individual believes a violation of their right to privacy or private medical information security under HIPAA has occurred, they must file a complaint with the OCR if they wish action be taken. Individuals of course have the right to file a lawsuit based on violation of privacy, etc., but such lawsuits are not a part of HIPAA itself.

If a patient consents to the release of medical information, the patient cannot later sue claiming Invasion of Privacy based on that release. All consents should be in written form signed by the patient whenever possible. If the consent is verbal, it should be noted in the medical record and signed and dated by the individual who obtained it. All written consents by covered entities must contain specific information detailed in the HIPAA Privacy Rule. 

Breach of Confidentiality (Physician-Patient Privilege)

Another theory of tort law under which a plaintiff might file suit is Breach of Confidentiality. It refers specifically to the unauthorized release of medical information that was gained under physician-patient privilege. While the information in question is covered under the physician-patient privilege, created by the physician-patient relationship, it is not only the physician who can be sued for releasing the information without authorization. In some states the scope, application and waiver of the privilege are governed by statute and in others the privilege was developed in common law by court decisions. Again, one must look to the specific state in which the violation occurred. 

In Ohio for example, the Supreme Court found in Biddle v. Warren General Hospital, 86 Ohio St.3d 395, 715 N.E. 518 (1999), the following:

1. In Ohio, an independent tort exists for the unauthorized, unprivileged disclosure to a third party of nonpublic medical information that a physician or hospital has learned within a physician-patient relationship.

2. In the absence of prior authorization, a physician or hospital is privileged to disclose otherwise confidential medical information in those special situations where disclosure is made in accordance with a statutory mandate or common-law duty, or where disclosure is necessary to protect or further a countervailing interest that outweighs the patient’s interest in confidentiality.

3. A third party can be held liable for inducing the unauthorized, unprivileged disclosure of nonpublic medical information that a physician or hospital has learned within a physician-patient relationship. To establish liability the plaintiff must prove that (1) the defendant knew or reasonably should have known of the existence of the physician-patient relationship, (2) the defendant intended to induce the physician to disclose information about the patient or the defendant reasonably should have anticipated that his actions would induce the physician to disclose such information, and (3) the defendant did not reasonably believe that the physician could disclose that information to the defendant without violating the duty of confidentiality
that the physician owed the patient. 

More recently the Court found that an attorney’s unauthorized disclosure of medical information obtained during litigation in a separate proceeding could be the basis of a tort claim.Hageman v. Southwest General Health Center, et al. Slip Opinion No. 2008-Ohio-3343 (July 9, 2008) 

Tags: , , , , ,

31 Responses to Lawsuits For Unauthorized Release Of Private Medical Information

  1. lawmed lawmed says:

    I presume from your message that you do not have an attorney. I presume also that I am not telling you anything you do not already know when I say you should have one representing you. All these issues would either have been avoided or handled easily by your lawyer. In general, and without knowing anything about why a guardian ad litem has been required or the children in this case, the guardian, as you indicate, does have the right to access the children’s medical records. She does not have the right to provide them to a parent who does not have custody of a child without approval of the court usually. Turning to your medical records, the guardian can issue subpoenas for whatever she wishes, this is not prohibited. It is up to you to quash the subpoena and you certainly should have been notified one was issued. However the holder of the medical records should have known that absent a judicial order your medical records are not to be released to a third party without your consent, even when a subpoena is issued. This is a clear, and major, HIPAA violation. The guardian is NOT a covered entity under HIPAA however so her further distribution of the records to your ex is not a violation of that Act. It IS a violation of the rules of evidence though and if you consult an attorney he/she might advise that a motion filed with the court demanding that all copies of records be returned either to the entity that released them or to your self and that any information obtained from them is ordered inadmissible should be filed immediately. Further he might advise that the motion request sanctions against the guardian possibly including her immediate dismissal and replacement. This is a big deal and you SHOULD make a big deal out of it. Thanks for your kind words about the website and good luck.

  2. I have a question. I’m in the middle of a 6 year divorce battle. We finally have a Guardian involved and after a year and a half my ex has violated the court order several times in regards to the children. The Guardian has been made aware of all of this. Well the unwillingness of the Guardian led me to file for an emergency hearing which I was granted for the safety and security of my children. The Judge required for the Guardian to be present (I’m guessing to explain as to why she hasn’t intervened) our hearing is tomorrow. We’ll within the 1 week from the time I filed the emergency hearing she has subpenoa my medical records from my doctor, without my knowledge. She’s supposed to make me aware of this so I can file a motion to Quash the subpoena. She doesn’t have my consent to obtain my medical records. That said, my ex ‘ s attorney has wanted a copy of my medical file for a couple of months now but I refused and told him to get a court order. He can’t obtain a court order because it’s irrelevant to our case. Then the Guardian had previously subpenoa my children’s medical records and then re-releases them to my soon to be ex ‘ s attorney. My soon to be ex did not request the medical records nor did his attorney, however, unbeknownst to me until yesterday the Guardian gave his attorney these records. I’ve got sole custody of the children and have had sole custody for the last 5 years and 9 months. The children’s father has a very limited visitation allowance and is court ordered not to take our children out of the state or to have them around his sister and her family. (That should speak volumes to you). My question is what is the verbiage about re – releasing medical files from one person who had the right to have them to another party who did not have any authority whatsoever to have access to them? By the way…. I cannot tell you how valuable this site is to the common folk out here who don’t know the ends and outs of our rights. How sad this is because we should all be able to know what our rights are and to find this information easily and to understand the verbiage.

  3. lawmed lawmed says:

    What sort of “agency”?

  4. sammi1466 says:

    I have a question.. I was seen by a fertility dr in September , he has given my medical records to an agency with no consent from me. They were able to view my personal information & I wasn’t even told about this. Is the dr office allowed to share my information?

  5. lawmed lawmed says:

    First, thank you for your service. Our thoughts go towards the family and friends of the young man who has passed away.

    While the family certainly should have been the first to be notified of the cause of death, records of the office of the medical examiner/coroner are public record. This is true regardless of the age of the victim. Since it seems you are talking about what appears to be an official cause of death I am presuming this did come from the medical examiner. I would not be too hard on the journalist. He/she was just doing their job and very likely would never have imagined that the family would not be notified by the time her newspaper was printed and delivered. Sudden illness/deaths of school age children while at an extracurricular activity practice spark great interest in the community and fear of the safety of children for parents. Concerns over things like meningitis, or lack of adequate hydration/supervision/etc.make such tragic incidents a community concern.

    In this case yes, medical information was revealed. It was however done lawfully and not in a way that was intended to cause emotional distress. Coroner and medical examiner records are not covered by HIPAA and can be accessed by any member of the public. No consent is needed from family regardless of the victims age.

  6. I have a question in regards to privacy. Recently, in Longview TX….A 16 year old Pine Tree High School football player had fallen ill during a conditions practice with his teammates. The next day, sadly, he passed away. The parents had been awaiting a confirmation on cause of death, but the local newspaper somehow received this information before the parents, who had to find out via the front page story on the newspaper specifying the cause of death being related to physical exertion with sickle cell disease. Their daughter, the young mans sister who passed away, had to find out from people at school who had seen it in the paper. The “jouralist” in question was never given any permission in any way to print the story let alone obtain private health information regarding cause of death. The young man was 16, still classifying him as a minor.

    My question is, since a lawsuit can’t be filed in accordance with a HIPAA violation and a dead person does not have any privacy rights, is there absolutely nothing that could be done in such a scenario in order to protect a family’s privacy from being invaded and reported on to the rest of the world without some type of consent even though this young man was a minor? Is there some type of loophole maybe that says since he was a minor, maybe the rules stating dead people have no privacy would not stand here because technically his parents permission would have been needed in order to report on his story? I find it severely appalling that if I had a child and he were to die, that his medical information can be retrieved by any old joe schmo who wants it without my permission as well as the death of my child be reported on should I not wish it to be so.

    Any information provided would be appreciated. I am working with the family to try and provide some means of punishment for the reporter in question, something beyond a slap on the wrist or suspension. This story was printed on the front page of the Longview News Journal today and the family in question has been devastated by the callousness of the reporter and the newspaper in question for deciding to blast this young mans private information out to everyone via the front page.

    I served in the US Army for 9 years and fought proudly for the people of this country and am totally for “freedom of the press,” but Only to an extent that involves a moral compass and ethical decisions regarding reporting whatever story has been acquired. But violating a families privacy to make the front page with a story you happened to acquire and dumping all over their right to privacy is NOT what I fought for.

  7. lawmed lawmed says:

    HIPAA requires covered entities to take ‘reasonable’ steps to safeguard protected individually identifiable health information. You say “i over heard my precription information being declosed and what the medication was for by the pharacist to everyone on the job”. But what does this mean? Was the pharmacist announcing to a room full of coworkers “guess what so-and-so takes for her (whatever)” (which would be a HIPAA violation)? Or was the disclosure part of routine filling of the prescription (which would make it rather insensitive but not a HIPAA violation). HIPAA violations are not the grounds for a lawsuit but can be the basis for a complaint filed here

    You have however included the elements which can meet the criteria for filing an invasion of privacy/severe emotional distress cause of action. The actual medication and the condition it was treating become important here. Obviously if it was, say, zythromax prescribed for an upper respiratory infection, the average person would not suffer emotional distress or any damages. If it was something far more personal like say, medications treating cancer, HIV, venereal diseases, etc., very well may have a case worth pursuing. Having to return to a work environment where everyone knows something very personal about you which you did not want disclosed can be emotionally draining.

    I might add that since most any CVS pharmacy employee can look up CVS pharmacy records, and this applies to ANY pharmacy, an employee should think twice about filling prescriptions at the pharmacy where they are working (the entire pharmacy chain should be avoided) if they truly want the records to be kept confidential to fellow employees.

  8. Angel Ganes says:

    I work for cvs i got my medication at the pharmacy i work at i over heard my precription information being declosed and what the medication was for by the pharacist to everyone on the job to where it made me uncomfortable and cause me to cry and call the ethic hotline i want to know if i have grown to sue the pharmacy.

  9. lawmed lawmed says:

    There are a number of issues, each of which has a different remedy. 1. The pharmacy, by both state and federal law, was prohibited from responding to the subpoena by providing your medical records to the attorney, or anyone else, without your expressed consent. They should be reported to the Department of Justice via a HIPAA violation complaint. Information on how to do this can be found at 2. I do not know whether you had an attorney representing you, but either he/she or you (if not represented by an attorney) should have objected to the medical records being used as evidence since they were illegally obtained. If no objection was made at the time you may not be able to appeal the decision based on improper evidence being considered. You need to consult a family law attorney. 3. While a HIPAA violation does not create a cause of action allowing you to bring a law suit, you can sue violators under “Invasion of Privacy”. Potential defendants would be the “W” pharmacy, the pharmacy tech, whoever actually sent the records and the lawyer who subpoenaed them, along with the mother-in-law, depending on her actual involvement in this. You certainly have a number of options and while the HIPAA violation complaint is something you can easily submit on your own, you will need to consult an attorney for the rest.

  10. bjc1153 says:

    Hope this isn’t too late but I have a question. Basically my girlfriend at the time now wife her mom hired an attorney for her ex husband and paid for everything to take my girlfriend to court because she moved to California with me and brought her daughter. Without going too much into it the lawyer without my consent showed the judge my medical records from a big chain pharmacy that starts with a W so that they could try and manipulate the judge into thinking i was a bad person and the child’s mother was an unfit mother for being with me and the judge granted custody to her ex who was in the state of Florida. Coincidentally my girlfriends mother was kin to the pharmacy tech that worked at W and when asked how she got my medical records she said the lawyer subpoenaed the pharmacy to give them all of my medical records which they did and that was the “smoking gun” so to speak in the whole court battle of custody. They took her daughter from her and gave her to the scumbag ex. I would like to know what my options are if anyone could help me I would appreciate it. Thanks

  11. lawmed lawmed says:

    This is not a HIPAA violation. HIPAA only applies to “covered entities” such as health care providers and insurance companies. An attorney is not a covered entity.

  12. dollygirl2013 says:

    I was sent someone elses medical records in the mail mixed in with my medical records from an attorney. Some of my medical records were missing. I found this to be very careless and unprofessional. I am concerned Who has my records and seeing them? What can be done about that? I’m pretty sure thats a Hippa violation, yes?

  13. Sara says:

    I am in need of advice…I underwent a custody hearing in 2002. My ex’s lawyer obtained my medical records in an attempt to prove I was unfit to care for my children. I was granted custody of my children. During this time, my ex disclosed my medical records to his wife, and now I have just learned through my children that his current (3rd) wife also has access to my medical records and has shown them to our children who are now teenagers. Do I have a case against my ex’es attorney for turning my records over to my ex? Or do I sue my ex for having my records and disclosing them to who he chooses? I objected the release of my med records but the judge ordered they be released due to the nature of the hearing. I didn’t understand this to mean that my ex would forever have my medical records. I am very disturbed that his wife would show my children. My ex’s second wife, who is now a friend of mine, told me he showed them to her as well. What, if anything, can I do?

  14. TonyFrancis says:

    If you are serious about pursuing the claim, you need to talk to a lawyer conversant in the law of privacy. Once again, the costs may be more than it is worth. But you won’t know until you talk to someone who can handle the case.

  15. Sarah says:

    I was seen at a physicians office where he told another patient (upon my standing at the check-out desk) that I had a particular health condition. I could identify the other patient and know specifics about their life (we talked in the waiting area). However, I don’t know this patients name or have any contact information. Can his patient log be subpoenaed? Can I still sue the physician for Breach of Confidentiality?

    Also, I have requested my medical records from this same physician. I have sent two requests -both through Certified Mail. I know this is a HIPAA violation and have filed a complaint with the OCR, but am wondering if I could sue privately for civil penalty money?

    Thank you!

  16. TonyFrancis says:

    The proof in these kind of cases can be difficult if you are relying on something someone said. In other words, the person who told you about it might not be willing to say the same in an affidavit, or in a deposition. And if they are, then it can boil down to her word against the word of the woman you are accusing. Enthusiasm can wane when there is the possibility of being impeached in a judicial proceeding. Make sure you aren’t letting your emotions get the best of your judgment.

    If you want to go forward with it, it would be best to discuss it with a lawyer who has experience with HIPAA complaints and invasion of privacy lawsuits. Filing a HIPAA complaint and a complaint with the state board might be a good place to start if you want to do something. If the information obtained by those agencies can be accessed, that may give you a better read on whether you have a case or not. However, that information is likely to be confidential. A lawyer may not be able get access to it. But they could try.

    Another thing to consider is the costs. They may become prohibitive without any real promise of getting anything. You might spend several thousand dollars simply to find you don’t have much of a case.

  17. lawmed lawmed says:

    Filing the complaint obviously should be done. Her employer can get fined thousands of dollars. If she has a professional health care provider license issued by the state you can also file a complaint with the state board which issues it. HIPAA violations are taken very seriously by state license agencies and can result in sanction, suspension or revocation of a license and fines on the individual. One might consider a letter to her employer detailing your concern as well as your intention to file the complaint. Obviously without knowing all the dynamics of the personalities, the information accessed, etc. it is hard to speak in anything but generalities here.

  18. Michelle Banks says:

    My husband has a child with her, and he has 2 children with me. She looked into MY child’s record (also my husband’s child. Not the child they have together) I am looking into filing a HIPAA complaint, but I am wondering if I can file a civil suit or something against her. She is not a good person and knowing she violated my child’s privacy really upsets me (and my child). Also, knowing the type of person she is, it is entirely possible she has looked into my other child’s record, mine, and then there is the possiblilty that it would continue if I don’t do something.

  19. lawmed lawmed says:

    I am a little confused. To be clear you are saying that the woman is NOT the mother of the child, with legal custody for such purposes, who’s records she looked at. You say ‘the mother’ and ‘my son’ so it is not clear.

  20. TonyFrancis says:

    You can go to this site which tells you how to file a complaint. Or you can google “filing a HIPAA complaint” to get to the same place.

  21. Michelle Banks says:

    She told someone… I don’t know if she looked into others, just the one, but the fact that she could look into the others disturbs me. I think they can check to see who has been in the records, it is all computerized. I haven’t filed a complaint yet, I wanted to know all of my options.

  22. TonyFrancis says:

    Michelle, it depends. Proving she looked at your records may be difficult. Because she had the opportunity does not mean she did.

    How do you know she looked into your son’s medical records?

  23. Michelle Banks says:

    I have a question. My husband has a child from a previous relationship. I just found out that the mother (who works in the medical field) has looked into my son’s medical records- Where she works, she would also have the opportunity to look into all of our records. Do I have any legal recourse?

  24. TonyFrancis says:

    That brings up another issue. If the information posted was not directly traceable to you, then it is more difficult to claim an invasion of privacy.

    Consider this hypothetical: A person posts on Facebook, “I just saw a patient with AIDS.” There is no identifying information shown.

    Another person comes on the Facebook page and says, “Hey, I was just at that doctor’s office. I have AIDS! They are releasing my private information!”

    That would be considered “self publication.”

    However, if the medical situation is so unique that it is apparent that publishing the information can reasonably be traced back to a specific person, then that is a different set of facts.

    An example: “I just saw a patient who was involved in the motor vehicle accident today in our town, and they have a serious brain injury.” And there was only one MVA in the town that day, then the information posted can reasonably be traced back to a specific person in the accident.

    Under any circumstances, it is poor form to publish specific medical information. If nothing else, it makes it uncomfortable for the patient.

    I post cases all the time on closed medical blogs. But I am careful to fictionalize the facts so it can’t be traced back to a specific individual, while keeping the medical aspects intact for discussion purposes.

  25. lawmed lawmed says:

    You describe a textbook example of someone divulging HIPAA protected private health information under the mistaken belief that simply removing names, or addresses, etc. renders the information ‘OK’ to blab about. It is also a fantastic example of how quickly someone identified that information as belonging to you. I won’t even comment on the fact that it was in your handwriting which any number of people would recognize. As I said this is a HUGE HIPAA violation without ANY doubt. Posting ANY patient information on social media websites, no matter how seemingly benign or unidentifiable is a VERY BAD idea as there is case after case like this. And of course if bad taste were illegal another crime would have been committed here.

    As for finding legal counsel you might try looking for an attorney who specializes in Health Law. You may need to contact a larger law firm.

  26. Tylerdurdin says:

    Famous, haha, no. I think she thought the fact I wrote that I was dying was funny. She took my personal info off. But a gentleman who worked with me came up to me about 45 minutes after I got back to work(from the MRI) and showed me her Facebook page and asked me if that was my information. It was his friend of his family.

  27. TonyFrancis says:

    Why would the woman post your private information on a Facebook page? Are you famous?

    Also were you identified? Or identifiable from the information posted?

  28. tylerdurdin says:

    Thank you so much for your insight. It’s great to know that there. Is help out there. One last question, if I were to pursue this, what type of attorney should I seek out? The few that I spoke to were so shocked by it that they said they had no idea how to proceed with a case like this.

  29. lawmed lawmed says:

    First, understand that this blog does not give legal advice. However one of the main elements for an invasion of privacy lawsuit is publication of private information to a large audience…and facebook qualifies in spades. If I understand correctly this person published a picture of some portion of what you wrote? This is a HUGE HIPAA violation and while doing so does not allow you to recover damages you most definitely should report this at You also need to save a copy of the facebook posting, both by actually saving the page as a html file AND doing a screen capture of the page (create a picture of it) in case it is removed. Then consult an attorney. It sounds like it may be worth your while.

  30. tylerdurdin says:

    I have a question, 3 weeks ago, I filled out my initial paperwork at a diagnostic center for an MRI. The female at the front desk posted some of the information that I wrote onto her facebook(via picture). Is it possible for me to sue?

    Thank you for your help on this matter.

  31. TonyFrancis says:

    Thanks for posting this most informative article. It has so much good information in it. I will keep it for future reference.