DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ebola and Privacy: Snooping, Confidentiality, and HIPAA

Posted on October 22, 2014 by Dissent

Daniel Solove writes:

One of the things that struck me about the Ebola cases at Dallas Presbyterian Hospital was that all of the Ebola victims were named almost immediately. How could this happen? In all the swirling news coverage, I was struck by the fact that few were asking the question: Why were all of these individuals identified? Under HIPAA, state law, and medical ethical rules, healthcare providers owe a duty of confidentiality to patients, especially people infected by Ebola, where they can be subject to intense media scrutiny and their families can also be put under the hot glare of the spotlight.

Apparently, the Liberian government outed Thomas Duncan as the initial Ebola patient at the hospital. But it remains unclear who disclosed the identities of the two nurses who contracted Ebola while treating Duncan.

Read more on LinkedIn. As always, Dan provides a thoughtful analysis of important questions.

From the bit of digging I had done into the question as to who identified the two nurses, it appeared that some of it was investigative work by media that was confirmed by family members in one of the cases. If you know/see an apartment building being searched, it’s probably not too difficult a task to match the names of residents against the names of the employees who treated Duncan, and his family had given reporters his medical records.

Assuming, for now, that the hospital did not identify any of the employee-patients, there are still questions as to how much information they can disclose under HIPAA, unless the patients agree to the disclosure.

But how much of HIPAA restrictions fall by the wayside once public health officials are notified and make their own determination of need to know/need to disclose?

I think the public believes that it has a right to know and need to know because ebola can be life-threatening. By keeping the public informed, public health officials and the hospital(s) involved may prevent public panic. But what if the patients die and the hospital hasn’t kept the public apprised? Will there be greater panic?

This is a tough one. What if a patient is so ill that they cannot provide investigators with a recounting of where they’ve been and whom they’ve had contact with? Would that justify public health authorities posting a picture of the person and saying, “If you’ve been in contact with this person, please call us?” I don’t think so, but I can see where others might come to a different conclusion.

Category: Health Data

Post navigation

← Tenet agrees to pay $32.5 million to settle 17 year-old privacy breach class-action lawsuit
Lawsuit against USC Medical Center after photo of patient's injuries uploaded to the Internet →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.