HIPAA and ISPP Violations Cited in Aventura Hospital Damages Lawsuit
The Aventura HIPAA breach, identified in June last year, has resulted in a lawsuit being filed by a patient of the hospital, according to a Courthouse News Service report.
The lawsuit was filed by Aventura patient, Kellie Lynn Case, in the Miami Federal Court. She is seeking damages from the defendants, Hospital Corporation of America and Envision Healthcare Corporation, after they were provided with confidential patient data and failed to implement the appropriate controls to keep that data safe. The lawsuit alleges that the defendants have violated the HIPAA Security Rule in addition to Industry Standard Protection Protocols.
Under HIPAA regulations healthcare providers are not permitted to share confidential patient data without having first obtained consent to do so from the patients. They are also required to produce notices of privacy practices which must detail how the data they hold will be used, to whom it will be disclosed and under what circumstances that will happen.
The lawsuit alleges that the defendants used the Notice of Privacy Practices as a means to justify an increase in payments for medical services, and while that money was taken from patients, the security measures that it was supposed to cover had not in fact been put in place until after the hospital had suffered three data breaches, the latter being caused by one of its business associates, Valesco Ventures.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The lawsuit cites false advertising, but also a failure of the hospital to provide training on HIPAA privacy and security obligations to the staff. It is also claimed that the staff worked without supervision and that privacy and security failures resulted in sensitive data being stolen and used to commit medical fraud.
This is certainly not the first court case to be filed against a healthcare provider following a data breach. Many class action lawsuits and damages claims have been filed in courts around the country. However, previous HIPAA violation cases have all hinged on whether actual harm and damage was been caused and without proof that this was definitely the case the cases have been ruled in favor of the defendants.
This lawsuit differs in that the claim is being made for breach of contract damages, breach of implied contract and unjust enrichment after Case paid for services that she did not receive.
