HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Lawsuits Filed Over Alleged HIPAA Violations

Two lawsuits have recently been filed in relation to alleged breaches of Health Insurance Portability and Accountability Act (HIPAA) Rules, one by a former hospital employee and another by a patient whose privacy was allegedly violated by a CVS pharmacy employee.

Former Employee of Mosaic Life Care Medical Center Takes Legal Action over Dismissal

A former employee of Mosaic Life Care Medical Center in St. Joseph, MO is taking legal action over wrongful discharge and retaliation for her taking steps to avoid a violation of the False Claims Act.

Debra Conard, 57, alleges she was wrongfully terminated for raising concerns about unlawful, unethical, and fraudulent billing practices. According to the lawsuit, in April 2017, Conard was instructed by hospital officials to release charges for billing even though the documentation did not support the claims. Multiple charges were required to be pushed through, which would induce payment by Medicare and other third parties, even though Conrad could not verify that the claims were correct.

Conrad raised her concerns about potential violations of the False Claims Act and told her supervisor of the possibility of substantial fines. Under instruction, Conrad processed the claims but also included notes stating that the claims were not supported by the documentation and the claims had been authorized to be released even though she believed them to be fraudulent claims.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Conrad was subjected to disciplinary action, including suspension, which was due to her opposition to fraudulent billing. She complained about the disciplinary actions and was later accused of violating HIPAA Rules. She also complained about that allegation and was fired shortly after.

The lawsuit states, “Merely because plaintiff could see patient information while performing duties in the coding program (that she needed to access to perform her job), she was subject to discipline and suspension.” Conrad is seeking $75,000 in compensatory damages, lost wages, lost benefits, attorneys’ fees, and reinstatement.

Lawsuit Filed over Alleged Disclosure of Viagra Prescription

A New York man is taking legal action against CVS Pharmacy over an alleged privacy violation in which details of his prescriptions were disclosed over the telephone to his wife. The man had visited a Long Island branch of the pharmacy chain to fill a prescription for 100 mg of Viagra with five refills. The man wanted to pay for the drug personally rather than have it covered by his insurance.

The man’s wife contacted the same pharmacy by telephone a few days later about an unrelated matter and was allegedly told about her husband’s Viagra prescription over the telephone by a CVS Pharmacy employee. As a result of the disclosure, the main claims his marriage is broken and he has suffered a “genuine, severe mental injury and emotional harm”.

The man, identified as Michael Feinberg, claims his wife had no right to be told about his medication and that by disclosing the information to a third party (his wife) the pharmacy violated the HIPAA Privacy Rule.

Legal Action Being Considered Over EMS Worker’s Facebook Post

A woman from Roane County, TN, is considering taking legal action over a Facebook post made by an EMS worker who visited her property to provide treatment to her husband who had collapsed after suffering a heart attack while in his chicken coop.

Kathy Raymond attempted to save her husband’s life by providing cardiopulmonary resuscitation until the emergency services team arrived. They took over but were unable to save her husband’s life.

Following the visit, an EMS worker posted a message on Facebook about the incident. The message was – “well, we had a first … We worked a code in a chicken coop! Knee deep in chicken droppings.” WATE reports that further comments were added to the post by the worker, who stated, “it was awful” and that “I’m pretty sure y’all could smell us in dispatch.”

Raymond contacted Roane County EMS to complain about the EMS worker’s unprofessional and insensitive behavior and the matter was investigated internally.

No PHI was mentioned in the post although questions have been raised over a possible HIPAA violation. Since no PHI was disclosed, the county attorney does not believe HIPAA has been violated, but did say that the post should not have been made on social media.

The employee concerned has been reprimanded and talks have been scheduled with EMS workers to explain that no work matters should be discussed or posted on Facebook.

Raymond was not happy with the response to the incident and said, “this is wrong for her to just get a slap on the wrist. I don’t want her to be able to have a job as an EMS worker if she does not have more compassion than that. Even though she did not mention his name, she said it was the first time they had ever had a call in a chicken coop. Everybody knows where my husband died.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.