Lawsuit Alleges Hospital Worker Disclosed Information about Woman’s Sexual Assault to her Attacker
A lawsuit has been filed against Atchison Hospital in Kansas by a rape victim who alleges an x-ray technician at the hospital contacted her attacker and disclosed sensitive information about the treatment she received at the hospital.
According to the Kansas City Star, after being raped, the woman sought treatment at the hospital. She underwent a rape kit examination, and allegedly made it clear to the hospital that she did not want her health information to be disclosed to third parties.
Despite being against the patient’s wishes and a violation of the HIPAA Privacy Rule, information about the examination was disclosed to her attacker by a female X-ray technician at the hospital. The x-ray technician also told the man that he had been accused of sexually assaulting the patient.
Following the disclosure, the man repeatedly harassed and threatened the patient by phone and text message over the following weeks. In addition to receiving a barrage of abuse from her attacker, the lawsuit claims the woman was also harassed by hospital staff.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
A complaint was filed with the hospital over the privacy violation and an internal investigation was launched. The medical records system was checked to determine whether there had been any unauthorized accessing of her medical records and interviews were conducted with staff members.
No evidence was uncovered to suggest the woman’s electronic medical records had been accessed inappropriately, but the hospital concluded the X-ray technician had viewed the woman’s medical information in the hospital’s health information department. The hospital confirmed to the woman that the X-ray technician was not part of her care team and was not authorized to view her records.
The hospital apologized for the privacy breach and reviewed an updated its policies and procedures to reduce the risk of further incidents such as this occurring.
The X-ray technician was fired from the hospital over the privacy violation and was subsequently hired by Saint Luke’s Cushing Hospital. According to the patient’s attorneys, details of the former employee’s conduct were not disclosed to Cushing Hospital and a positive review was provided. The patient’s attorneys claim the hospital did not do enough to communicate the reason for termination to the woman’s potential new employer.
Hospital CEO, John Jacobson issued a statement to the Atchison Globe, saying “Patient confidentiality at Atchison Hospital and our ability to protect personal information is a top priority of ours… we are deeply disturbed by the actions of this former employee. In fact, when we were made aware of this situation, we took immediate steps to investigate and within two days, we terminated this individual’s employment.”
The lawsuit accuses the hospital of having inadequate policies in place to protect against the unauthorized accessing of patient information and claims the hospital was negligent, there was an invasion of the patient’s privacy, and the hospital breached its fiduciary duty. The lawsuit seeks punitive damages.
