If you’ve ever experienced the frustration of playing phone tag with a doctor’s office, you know the feeling. But one woman’s recent experience with her OB-GYN has moved past “annoying” and straight into a potential HIPAA violation battle.
TikTok creator Maddy Aubry (@maddy.aubry) recently shared a video that has amassed over 4.2 million views. She details a massive medical incompetence at her highly-rated doctor’s office that’s actually a HIPAA violation. The story begins with a joyful milestone: Maddy is pregnant and called to schedule her first prenatal appointment.
After she and her husband both left voicemails with their direct contact information, the office finally returned the call. Except, they didn’t call the patient or her husband. They called the husband’s ex-wife to discuss the pregnancy.
The ‘Emergency Contact’ excuse
According to Maddy, the office claimed they contacted the ex-wife because she was listed as an emergency contact. However, the couple has been together for years and married for nearly two. She tells that the ex-wife was only ever listed on the husband’s old insurance plan. She was nowhere on Maddy’s current medical file.
Despite that, the office pulled the ex-wife’s number who had no business knowing about Maddy’s pregnancy. It is a major breakdown in data security and common sense, to say the least. As Maddy pointed out in her video, even if the ex-wife were a valid contact, scheduling a routine appointment is not a medical emergency.
“Why are we calling an emergency contact to schedule an appointment? That’s not how this works,” she stated. On top of it, the office failed to verify exactly who they were speaking to before disclosing sensitive pregnancy information.
What is HIPAA and did the OB-GYN office violate it?
The situation has raised serious questions about the Health Insurance Portability and Accountability Act (HIPAA). It is the federal law designed to protect sensitive patient health information from being disclosed without consent.
Experts and healthcare administrators in Maddy’s comment section were quick to label this a “10000% HIPAA violation.” The office not only contacted an unauthorized third party, but also failed to perform a standard identity verification. Legally, offices have to ask for the name and date of birth before speaking about the patient’s medical status.
Some viewers suggested that because the office had to bypass the husband’s current contact info to find a number from an old insurance record, the act may have been more than just a clerical error. “Someone in that office KNOWS HER,” one user speculated.
An admissions worker also noted that staff often have to “go out of their way” to find such outdated information. It suggests that the “error” was deliberate and thus, is a HIPAA violation. Such violations can carry significant consequences for medical practices, with fines that can reach up to $250,000 depending on the severity and nature of the breach.
A ‘Good Practice’ with bad communication
Maddy expressed particular confusion because the office is considered one of the most sought-after and respected practices in her area. While her first experience was “amazing,” this second encounter has left her feeling like her private information is being given out “like candy.”
Compounding the issue is the office’s alleged lack of accountability. Maddy says she spent days trying to reach a human being to discuss the mistake, only to be met with endless phone prompts and unreturned voicemails. It proves that even a top-tier office is not immune to basic administrative failures. Or worse, deliberate privacy breaches.
Everyone asked the creator to sue the OB-GYN office immediately
The comments section turned into a strategy room for Maddy. Dozens of people urged her to file a formal complaint with the Department of Health and Human Services. “That’s absolutely a HIPAA violation… They’re supposed to verify your name and date of birth before anything,” one viewer remarked.
Another highlighted the absurdity of the office using her husband’s old records to contact someone about Maddy’s pregnancy. They wrote, “Who HIS emergency contact is is irrelevant. You’re the patient.” Healthcare workers backed the comment, writing, “Healthcare admin here: this makes no sense to contact an emergency contact for this.”
HIPAA is not a suggestion
Medical offices have a legal and ethical obligation to guard patient data. When the experience of scheduling a first pregnancy checkup involves an unwanted reveal to an ex-partner, it calls for an immediate lawsuit. Whether or not Maddy moves forward with the “sue them” advise, what happened was a clear HIPAA violation.
Still, you might want to double-check who is listed on your “emergency” files. And don’t forget to pray your office doesn’t have a long memory for your exes. Or worse, have someone who sympathizes with them so much that they don’t care about HIPAA.
Have a tip we should know? [email protected]
