In a case that seems like deja vu all over again, the Minnesota Court of Appeals held that posting someone else’s embarrassing personal information on the Internet can be a legal invasion of privacy, regardless of how many people view the site. In this case, the personal information concerned a woman’s sexually transmitted disease that was posted to a MySpace page (see an extremely similar case in Hawaii: Woman Posted Online HIV Patient Record).
The Star Tribune reports that in this case, a lawsuit was filed by a Twin Cities woman diagnosed with a sexually transmitted disease after a post about her showed up in 2006 on a MySpace page that displayed her picture and said she cheated on her husband and was addicted to plastic surgery.
The woman alleged that after she was found to have the disease at Fairview Cedar Ridge Clinic in Apple Valley, a medical assistant there read her file and conveyed the information to mutual relatives, including one who may have created the MySpace page, which was taken down a couple of days after its discovery.
The clinic eventually fired the employee for violating policy by accessing the patient’s records, and the patient sued Fairview Clinics, the former employee and two other women who allegedly helped spread the information.
Significantly, the court also held that HIPAA does not prevent the woman from recovering damages under a Minnesota law.
The case has been remanded to district court.
Update 6-26-09: The court opinion is available online here (pdf).