MARTINEZ — A healthcare contractor at an East Bay county hospital stole medical records and used them to impersonate the patient on social media, according to records and hospital officials.
The hospital contractor working at Martinez’s Contra Costa Regional Medical Center accessed the patient’s records after she tested positive for a sexually transmitted disease, according to a claim letter an attorney representing the patient sent to the county.
The contractor then used the information to create a fake Facebook page in the patient’s name and proceeded to post about the patient’s STD diagnosis, including details from her medical records, the letter written by Los Angeles-based privacy law attorney Torin Dorros says.
It took more than a month for Facebook to take down the posts. By then, they were seen by the patient’s friends and co-workers, causing “substantial emotion distress and trauma,” so much so that she had to seek professional help to cope with the privacy violation, according to Dorros.
The claim letter is meant to put parties to potential litigation on notice of what kind of claims and general legal argument are at issue. The goal of such letter is top trigger a resolution out of court, which often come in the form of a monetary settlement not publicly disclosed.
The Contra Costa County Board of Supervisors discussed the allegations of the February 2022 incident in closed session at a board meeting last week.
The protected heath information leak was confirmed by the hospital via a breach notice letter sent to the patient. It is not clear what position the contractor held or how she obtained unauthorized medical records, according to the claim letter. Her motive also remains unclear.
“The investigation is complete and the parties are working toward a resolution to the allegations,” Will Harper, a Contra Costa Regional Medical Center spokesperson, told this news organization. Harper added that Bryant never directly worked for the hospital.
While Dorros’ letter is a precursor to filing a lawsuit, he told this news organization that he was still working toward a resolution out of court with the hospital and county.
“Protected Heath Information (“PHI”) privacy breaches or violations in and of themselves carry with them, or inflict, an enormous amount of harm, especially emotional trauma, simply based upon inherently personal and often compromising nature of the private information revealed,” he wrote in a statement. “Many of my clients over the years have indicated that their specific PHI privacy violation was one of the most traumatizing experiences in their lives.”