HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

HIPAA and ISPP Violations Cited in Aventura Hospital Damages Lawsuit

The Aventura HIPAA breach, identified in June last year, has resulted in a lawsuit being filed by a patient of the hospital, according to a Courthouse News Service report.

The lawsuit was filed by Aventura patient, Kellie Lynn Case, in the Miami Federal Court. She is seeking damages from the defendants, Hospital Corporation of America and Envision Healthcare Corporation, after they were provided with confidential patient data and failed to implement the appropriate controls to keep that data safe. The lawsuit alleges that the defendants have violated the HIPAA Security Rule in addition to Industry Standard Protection Protocols.

Under HIPAA regulations healthcare providers are not permitted to share confidential patient data without having first obtained consent to do so from the patients. They are also required to produce notices of privacy practices which must detail how the data they hold will be used, to whom it will be disclosed and under what circumstances that will happen.

The lawsuit alleges that the defendants used the Notice of Privacy Practices as a means to justify an increase in payments for medical services, and while that money was taken from patients, the security measures that it was supposed to cover had not in fact been put in place until after the hospital had suffered three data breaches, the latter being caused by one of its business associates, Valesco Ventures.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The lawsuit cites false advertising, but also a failure of the hospital to provide training on HIPAA privacy and security obligations to the staff. It is also claimed that the staff worked without supervision and that privacy and security failures resulted in sensitive data being stolen and used to commit medical fraud.

This is certainly not the first court case to be filed against a healthcare provider following a data breach. Many class action lawsuits and damages claims have been filed in courts around the country. However, previous HIPAA violation cases have all hinged on whether actual harm and damage was been caused and without proof that this was definitely the case the cases have been ruled in favor of the defendants.

This lawsuit differs in that the claim is being made for breach of contract damages, breach of implied contract and unjust enrichment after Case paid for services that she did not receive.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.