HIPAA Horror Stories

Negligent Naked Pics

one-minute read

Twelve patients sued a St. Louis, Missouri, plastic surgeon after discovering their pre- and post-surgery breasts were displayed, complete with their identities, on their physician’s website.

While the patients had provided written authorization for their images to be displayed, their identities were to to be protected, according to a St. Louis Post-Dispatch report.

The problem occured when the images were uploaded to the website. Dr. Michele Koo, allegedly, failed to rename the files or edit the image description text, which immediately became searchable from anywhere in the world.

Creating content on most medical practice websites is as easy as creating a Facebook post. Dr. Koo said she believed her patients were protected because her website was managed by Mednet, a company that specializes in medical websites. But as soon as the lawsuit was filed, that company distanced itself from their client.

In their 2011 lawsuits, patients claimed Dr. Koo was negligent in her use of their protected health information.

According to The Post-Dispatch story, Mednet blamed Koo for the privacy breach. “(Mednet) did not post, control, or influence the content.” The company also claimed legal immunity as a website host under the Communications Decency Act. One thing is clear, neither understood HIPAA.

A visit to Dr. Koo’s website still reveals before and after images, but the image file names appear to have been edited to protect patient identities.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2023 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Use | Privacy Policy | Cookies Policy | Privacy Settings | HTML/XML Sitemap

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

Office
8820 Ladue Road Suite 200
St. Louis, MO 63124

Powered by JEMSU