UPMC Employees Found to Have Taken and Disclosed Photos of Patient’s Genital Injury

The University of Pittsburgh Medical Center’s Bedford Memorial hospital was investigated for a privacy violation that involved the hospital staff taking photos and videos of the genitals of a patient. In some instances, the media were disclosed to some people which include non-hospital personnel. The hospital admitted the patient on December 23, 2016 while the photos/videos were shared through the subsequent couple of weeks.

The patient suffered from a genital injury. A foreign object was put in his penis and protruded from the end. The strange injury drew plenty of attention and a number of personnel not concerned with the patient’s treatment of the patient were allowed inside the operating room to see the injury. Several employees took pictures and videos of the patient’s sex organ while the he was under sedation and without conscious.

One hospital staff reported the privacy breach who claimed pictures/videos were disclosed to other personnel not concerned with the patient treatment. The Pennsylvania Department of Health and Human Services investigated the complaint on May 23, 2017.

Although HIPAA violations seem to have taken place, the investigation just proved that there was violation of the Social Security Act. In accordance with the publicized result of the investigation, there were several aspects of the Social Security Act  – 42 CFR, Title 42, Part 482-Conditions of Participation for Hospitals violated which include: 482.13 – Patient rights; 482.51 Surgical Services; 482.22(c) Medical Staff Bylaws; and 482.42 Infection Control.

Based on a statement acquired from the interview of a personnel, there was a request made to take pictures of the patient’s injury to be used for clinical lectures in the future. The camera in the OR was supposed to be used for taking pictures. But somebody reported that it was broken and therefore personal phones were utilized. We thought just one photo taken yet we learned later that others were taken. When the reportedly broken camera was checked, it was working.

Pennlive reported this story after receiving from UPMC an emailed statement regarding the case and how it violates the mission and values of UPMC Bedford. UPMC immediately reported the privacy breach to the Pennsylvania Department of Health upon discovery and subjected the individuals involved under disciplinary action such as suspension and termination. UPMC also informed the patient about the privacy breach.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/