Data Privacy Breach to Cost Tenet Healthcare up to $32.5 Million
Tenet Healthcare is one of the leading providers of healthcare in the United States with the Texas based company operating healthcare facilities all over the country. For the past 17 years the company has been embroiled in a class action lawsuit stemming from a major data privacy breach at one of its psychiatric healthcare centers.
The lawsuit was originally filed in 1997 following the potential exposure of confidential patient mental health information contained in boxes that were dumped outside Tenet’s facility in Algiers. The data related to patients of the JoEllen Smith Psychiatric Center and a class action lawsuit was filed to recover damages.
The incident occurred when the center was ordered to be closed and the contents of the office were being cleared. While authorization was provided to empty the center of its contents, a number of boxes of medical records were included in the material to be disposed of and they were left in plain view in front of the shuttered healthcare center.
The boxes contained thousands of detailed medical records including admission logs, diagnoses, treatments and financial information. Recorded logs of the psychiatric health crisis telephone helpline were also present in the data, including information that identified the callers.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
According to Ray Orrill Jr., attorney for the plaintiffs, “There were enough documents out there to fill the bed of a pickup truck with cases of records stacked two (cases) high.” The records were amongst items of value such as lamps and filing cabinets, and some local residents had starting taking some of the material away.
A local resident and previous employee of the center, Victor Lloyd, noticed records on the ground and recognized some of the names as former patients of the center. Together with two other employees at the scene, a number of documents were taken; including the register of all of the patients who used the center between 1981 and 1992. This data was used as evidence of the data breach in the class action suit.
The case was finally due to be heard by a jury when at the eleventh hour a settlement was reached, with Tenet agreeing to pay $1,000 to each victim of the breach and additional damages if it can be established that additional losses and damages had actually been suffered by individuals as a result of the data exposure.
The $32.5 million settlement fund will be used to pay the individual claimants their allotted damages, although since this class action lawsuit has been active for 17 years, some of the 5,649 class members will be deceased or otherwise unable to be contacted and their damages may go unclaimed. The fund will also cover 17 years of legal bills from the plaintiff’s attorneys, which are estimated to stand at $13 million. Any funds remaining in the account will be returned to Tenet Healthcare and the final settlement total is expected to be significantly lower than the maximum.
After 17 years Tenet Healthcare finally agreed to the settlement to avoid any further “expense, inconvenience and distraction of further litigating this class action”. The case has been slow due to constant appeals by the healthcare provider’s legal team, with Tenet maintaining there had been no wrongdoing throughout.
Although the settlement has been reached, some of the finer points of payment have not yet been ironed out and a fairness hearing at the Orleans Parish Civil District Court has been scheduled for Monday, which should see the case finally closed.
