Class-Action Lawsuit for Flowers Hospital Data Breach Moves to Discovery Phase
A class-action lawsuit filed after a Flowers Hospital data breach has survived a motion to dismiss. The case, which was filed against Flowers Hospital’s then parent company, Triad of Alabama, will now progress to the discovery stage, with most of the plaintiffs’ claims carried over. Last month the case went before a magistrate judge who ruled in favor of the plaintiffs. Lawyers for Triad had submitted a motion to dismiss the lawsuit claiming there were not sufficient legal grounds to justify the plaintiffs’ claims; however Magistrate Judge, Paul Greene, said in his recommendations, “Though they were given careful consideration, defendant’s arguments are ultimately unpersuasive.” The plaintiffs claim that Flowers Hospital, now owned by Community Health Systems, failed to put sufficient measures in place to protect patients’ data, and as a result, breached its contract with patients. They also claim the healthcare provider violated the Federal Credit Reporting Act, state laws and was negligent. The lawsuit was filed after a former employee of the hospital, Kamarian Deshaun Millender,...
Sentara Heart Hospital Reports Theft of Two Portable Hard Drives
Sentara Heart Hospital has notified 1,040 patients that some of their Protected Health Information (PHI) has potentially been exposed to criminals, after two unencrypted portable hard drives were stolen from Sentara Heart Hospital’s electrophysiology labs in Norfolk, VA. The theft occurred at some point over the weekend of August 14. The data breach affects patients who had electrophysiology procedures performed at the hospital between Sept. 4, 2014 and Aug. 14, 2015. The portable devices were stolen from an area of the hospital which is usually only accessible to patients and members of staff. It is not clear whether a member of staff, patient, or member of the public took the devices, although Sentara’s Risk Management team did conduct a full internal investigation into the security breach. That investigation included conducting interviews with members of staff assigned to work at the hospital over the weekend in question. The internal investigation did not result in the recovery of the devices, and the investigation was closed on September 29. The Norfolk Police Department was...
Healthcare Fraud Ringleader Given 15 Year Jail Term
The ringleader in a healthcare fraud and identity theft ring, that fraudulently obtained $24 million, has been sentenced to serve 15 years in a federal jail for her crimes. Ten other co-conspirators were also sentenced for their part in the fraud ring, resulting in jail terms of up to 13 years being issued. In addition to the 15 years jail term, Lanier has been ordered to repay $6 in restitution. Earlier this year, Keshia Lanier of Newnan, GA, pleaded guilty to one count of wire fraud and one of aggravated identity theft. Protected Health Information of patients of the Alabama Department of Public Health, a military hospital, and other healthcare providers was stolen and used to defraud the U.S Treasury by filing fraudulent tax returns. The government has gone to great lengths to bring all concerned to justice. A number of state and federal agencies were involved in the long-running investigation, and the sentencing of Lanier and her co-conspirators brings to an end an extensive and highly evolved identity theft and fraud ring. U.S Department of Justice acting assistant attorney...
UCLA Health Cleared in Landmark Patient Privacy Case
If a healthcare employee illegally accesses the medical records of a patient and discloses that information to a third party, is the healthcare provider liable to pay damages? According to a California jury, they are not. The recent ruling on the Lozano Vs UCLA Health case could well set a legal precedent, with the lawsuit almost certain to be named in future patient privacy breach cases. Norma Lozano, a patient of the UCLA Health System, had her privacy violated when a medical assistant, Alexis Price, illegally accessed her medical records, took a photo of her medical history, and showed the photo to her current boyfriend. That individual was a former partner of Lozano. Price had been provided with the login credentials of UCLA Health physician, Dr. John D. Edwards, in order to conduct certain work duties. Those login credentials were also allegedly shared with other members of his office staff. Lozano clearly had her privacy violated, and Price appeared to have illegally accessed and copied her medical records with apparent intent to cause Lozano harm. That proved to be the case,...
How to Respond to a Healthcare Data Breach
HIPAA-covered entities that have spent time developing and testing a health data breach response plan will be able to respond more quickly to a suspected data breach and execute an efficient HIPAA breach response. Those that have not invested time and effort into planning, are likely to struggle to react quickly and delays can prove costly. As the Ponemon Institute’s 2017 Cost of a Data Breach study showed, having a health data breach response plan helps organizations execute an efficient HIPAA breach response. The faster the response, the easier it will be to contain the breach quickly and limit the harm caused. Organizations that are able to respond to a data breach quickly end up paying less in breach resolution costs. The cost of a data breach increases the longer it takes to respond and deal with the breach. Cyberattacks and Data Breaches Are Inevitable With hackers targeting healthcare providers for the protected health information (PHI) they hold, data breaches are no longer a probability but an inevitability. In fact, it is now highly likely that healthcare providers,...



