Live 5 Investigates: Baby’s photo posted by hospital worker without permission

CHARLESTON, S.C. (WCSC) - A Summerville mother was notified by MUSC that a picture of her baby was posted online without her permission and it’s not the first time the family received a letter about privacy violations at the hospital.

“Maddison is ten months old. She suffered some strokes in utero,” Elizabeth Runge said. “She has cerebral palsy. She’s had two brain surgeries and surgery to insert a feeding tube.”

Runge recently got a letter in the mail from MUSC Health. “I was very surprised to read that employee of MUSC had taken a photograph of my daughter and posted it on social media without my knowledge. I just think that would creep any parent out, and it makes me feel very violated.”

HIPAA is the Health Insurance Portability and Accountability Act of 1996, federal legislation that requires safeguarding of data privacy and security for patients like Maddison and Elizabeth.

Hospitals are required to notify patients of HIPAA violations.

This letter said, "A photo, with lettering imprinted over [Maddison's] face, was posted on the social media platform of an employee."

It also said "appropriate action was taken."

“I don’t know what appropriate action means. I don’t know what, where it was posted, if it was shared. Any of that,” Elizabeth said. She said she spoke to hospital attorneys who said they won’t provide her with that information.

MUSC apologized for what happened but said they can't legally provide specifics about the employee or the post made.

They did tell us they've had six social media related breaches in three years. To put that in perspective, they added, MUSC documents 1.2 million patient encounters a year.

“I’m in the medical profession so I understand things happen, but this is not the first time I’ve had a violation with MUSC,” Elizabeth said.

The first violation happened after a nurse announced her private medical information in a waiting room. She reported it and received a letter confirming the violation last September.

“Less than a year, two incidents with the same person or family. That’s just unacceptable.”

MUSC spokesperson Heather Woolwine said they have a zero-tolerance policy and have fired employees before for these kinds of breaches.

The U.S. Department of Health and Human Services creates breach reports if an entity has more than 500 HIPAA violations.

In South Carolina, there were four such breaches in the last two years:

Runge said she loves to share her daughter’s story and strength.

She just hopes her trust will not be breached again as they continue Maddison’s ongoing treatment.

Copyright 2019 WCSC. All rights reserved.