[UPDATE] AITA for blocking my friend of 10 years after she committed a HIPAA violation against me?

Ellen Andrade Hours
Comments 1 Comment

A decade-long friendship is shattered when a clinic employee secretly accesses a friend’s personal health insurance records, takes photos, and sends them via text—causing a HIPAA violation that leads to a phone block and a breakdown in trust. The poster, struggling with worsening health issues with no answers, never gave permission for the search, and the friend claims she was just “curious” despite her good intentions to “help.” Complicating matters further is the boyfriend’s access to shared devices, raising concerns about wider exposure.

Fissures in the group of friends arise as one person dismisses the breach as a “joke,” another is suddenly affected, and the poster files a formal complaint that leads to consequences at work. Reflection reveals relationships that had long frayed before the incident, forcing them to painfully reassess loyalties amid anxiety and isolation.

‘[UPDATE] AITA for blocking my friend of 10 years after she committed a HIPAA violation against me?’

The breach begins with a trusted friend overstepping professional boundaries at work.

My best friend of ten years, (A is now Alice), used her work computer to look up my health insurance information, took a photo using her phone and sent me...

After no sincere apology and no response from her, I blocked her. After explaining what happened to (B is now Bella), Bella, who usually plays devil’s advocate, dismissed my concerns,...

I spoke to (C is now Cassie), who was the only one who saw the absurdity and seriousness of it all. But after Cassie went out with Bella, one the...

I was left feeling iced out, hurt and confused. . There were a lot of questions, so here’s some clarification. Update will be down below. . **Why did she look...

Motives surface amid the poster’s ongoing health struggles and lack of consent.

I have been dealing with health issues that are progressively getting worse and I have no answers and had no decent doctor. I think she took it upon herself to...

When asked why, she texted she was “curious.” I know she had good intentions but I never gave her permission to look up my info or take a photo.

If Alice had just asked me, I would have said no since I didn’t want her jeopardizing her job. But also, if she would have only asked me, I would...

ADVERTISEMENT

Theo As far as I know, just me. But her boyfriend uses her laptop and basically everything she owns. I believe he’s read our conversations, which I had no clue...

So there was a very real possibility he saw the photo. **More info:** My SSN was not in the photo. I only said, “what if it was?” If it was,...

The update reveals formal action, friend group reflections, and clinic resolution.

ADVERTISEMENT

UPDATE: After posting, I filed an official HIPAA complaint through the OCR website after many comments suggested it. I also reflected on this friend group and realized we had all...

Bella started showing more signs of animosity and resentment here and there. But Cassie? We were actually growing closer so when she started ghosting me, I was left hurt and...

Later, Bella sent me a text inviting me to a group hangout with some of her friends, including Cassie but not Alice. I assume this was an intervention disguised as...

ADVERTISEMENT

I replied that while I appreciated the thought, I was not comfortable hanging out and did not like how some things were handled or said, (especially since Bella tried shifting...

I also said that I needed space to reevaluate some things, but I told her to have fun and to stay safe. She replied, wishing me the best, but if...

Weeks passed and I was still stuck up on the situation. My SIL got tired and finally asked me why I couldn’t let it go. After taking some time to...

ADVERTISEMENT

I called, got connected to the manager and explained what happened. I offered to email the screenshots and because of the small size of the clinic, they had to create...

The next day, I received an email explaining that the clinic would be starting their investigation days earlier than they initially said. Days passed, and I received a conclusion email...

They put Alice on leave, and reviewed the logs for several days. They brought her in for an HR meeting and decided on training Alice with some HIPAA training and...

ADVERTISEMENT

I’m sure this is not the update many expected or hoped for. I did what many recommended but the decision was ultimately up to the clinic. I hope this was...

My thoughts are that Alice made a stupid and careless mistake that nearly costed her job and ended our friendship. She’s always had the habit of making careless mistakes without...

As for her boyfriend: I don’t know him that well but I’ve seen red flags he’s presented in person and from what Alice has told me. For why I didn’t...

ADVERTISEMENT

Besides, I wouldn’t be the first friend to drop her because of her behavior once she started dating her boyfriend. I also want to briefly say that when writing my...

I regret how messy it sounded with more gossip and ranting than actual facts of what happened and I apologize for that. I hope that this update shows that I...

Thank you everyone who responded to my original post with advice, support and even criticism. I think the blunt comments calling me a doormat were the most helpful in helping...

ADVERTISEMENT

I think this whole situation pushed me to improve myself for the better, not just as a person but to be a better friend to the future friends I’ll meet....

Edit: For those wondering, I deleted my first post. It had more detail and unnecessary venting that I was not comfortable leaving up but this update has the important facts...

The invasion of privacy in healthcare strikes at the core of patient trust and legal protections. The poster’s friend clearly violated HIPAA by accessing and sharing protected health information without permission, regardless of the poster’s good intentions. This action not only jeopardized the poster’s privacy, but also risked wider exposure through access to the boyfriend’s device. Opposing views may argue that curiosity or helpful motives might defuse the situation, but federal law requires strict consent, rendering such excuses meaningless.

ADVERTISEMENT

The group’s mixed reactions show that personal prejudice clouds judgment in conflicts. Bella’s “playfulness” ignores professional consequences, while Cassie’s “disappearance” suggests avoidance rather than confrontation. The poster gains new perspective by clearing up pre-existing conflicts, turning betrayal into personal growth. Society at large is grappling with digital privacy breaches where an impulsive click can shatter relationships.

Healthcare professionals stress zero tolerance for such criticism to maintain the integrity of the system. “Any unauthorized access to patient records, even by well-intentioned personnel, undermines the security that HIPAA is designed to protect,” notes the U.S. Department of Health and Human Services (HHS.gov). Clinics must implement training and audits to prevent recurrence. Ultimately, the incident exposed the fragile loyalties of long-standing friendships, pushing the poster to explore healthier boundaries and new connections.

See what others had to share with OP:

Many users rally behind the poster, commending her report and newfound clarity on fading friendships.

ADVERTISEMENT

2dogslife − That's fair to do retraining and have the write up in her folder. It's not something people in healthcare are supposed to do. I am sorry you lost...

Happy_Wolverine9888 − You did right by reporting the HIPPA violation. You were also right in realizing your friends were really no longer real friends anymore. You’re at an age where...

and *old* friends often go by the wayside as we come to find others that are more closely aligned with where we see ourselves in the big scheme of things....

ADVERTISEMENT

Basset_Momma − Longtime healthcare manager here. It wasn’t a mistake. She willfully accessed your information. You absolutely did the correct thing reporting her.

She is lucky she still has a job. We always fired people who did these things at my health system. Retraining would only be offered if it was an actual...

A few commenters offer nuanced takes, acknowledging the violation while noting the clinic’s lenient outcome and personal reflections.

ADVERTISEMENT

Chaoticgood790 − If Alice is anyone with a professional license I would also file a complaint or grievance with her official licensing board. It gives a paper trail and closes...

Medical_Mountain_895 − I would switch doctors and leave a review how they retain staff that break hippa. Just so others are aware.

ADVERTISEMENT

BothTreacle7534 − Your still nta Happy to hear about it gave you a push to reflect on things. Maybe also seek therapy, not for what people usually might think, but...

I also had a time of big changes, some doubt,… to me it helped then to take courses for e. g. new hobbies, further education, doing new to me things,...

Work related courses and certifications count too, just not too focused, to be for you is equally important, sometimes more important. Such courses… can also help to find new people...

ADVERTISEMENT

Light-hearted voices chime in to diffuse the heaviness, poking fun at the absurdity without malice.

-janelleybeans- − Cassie is gonna come crawling back in a few months all “they’re so toxic” as if her silence didn’t make her wholly complicit in the whole thing. Please...

She needs to learn the hard way that throwing in with the louder bullies makes her one too. Anyone in your life that didn’t immediately tell you to report Alice...

ADVERTISEMENT

False_Garden_3468 − Those aren't friends, friends treat you with dignity, respect and love. What these bitches did to you was gaslight, humiliate and belittle you to cover up their crimes....

TiredMother4 − NTA. Shes lucky she kept her job, in the UK she would have been sacked for breaching data protection and HIPAA

cthulularoo − Should have went to the governing board for the clinic. That would have given the clinic a hit. Reporting to the clinic only means they get to keep...

ADVERTISEMENT

The poster navigates a devastating privacy breach and friend group implosion by blocking the offender, filing a HIPAA complaint, and gaining closure through the clinic’s investigation and her own reflections. While Alice faces training and leave but keeps her job, the incident severs a decade-old bond and exposes underlying resentments, leaving the poster isolated yet empowered for growth.

How have privacy violations strained your own friendships, and when is reporting a loved one the right call despite the personal cost? What signs of drifting apart have you ignored in long-term relationships before a big blowup forced clarity?

Share this post

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

One Comment

  1. Not sure if it was your original post or a similar one I replied to, but if you’ve deleted it, here’s what I said.
    My country has ‘personal information’ and ‘health information’ protections, which have changed over the years – but ~48 years ago I was verbally ‘torn to shreds’ by my Vicar’s wife after sending them a Christmas Card with their full names on.
    I had a Summer vacation job (December to mid-February, here) between university years and was with the IRD (tax department). Sorting through thousands, literally, of paper returns and looking for someone with the same surname, I merely checked the COVER and confirmed she wasn’t the person. From the address, as their four kids were under 10 and wouldn’t have any return to file, it was clear she was ‘the Missus’ and I already knew his middle name.
    Nothing else.
    And even back then I would have, at the least, lost my job for using information from it ‘outside’ work.
    Your ‘friend’ went WAY beyond that.

    Reply