25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Mayo Clinic Settles Lawsuit Alleging Former Employee Viewed Nude Patient Images

Posted By on Jan 18, 2023

Mayo Clinic has settled another lawsuit that stemmed from a data breach involving a former employee, who was discovered to have accessed the records of patients without authorization, including nude images.

In October 2020, Mayo Clinic notified 1,614 patients that some of their protected health information had been viewed by a former employee. That information included demographic information, birth dates, medical record numbers, and clinical notes. The employee was also discovered to have viewed photographs of patients that had been taken for medical purposes, which included nude images.

The employee in question, Ahmad Maher Abdel-Munim Alsughayer, 28, of Saginaw, MI, was a doctor at Mayo Clinic, and terminated his employment in August 2022 around the time that the privacy violations were discovered. The Olmsted County Attorney’s Office opened a criminal investigation into Alsughayer over the privacy violations after a complaint was received from a patient who obtained a copy of her records and discovered they included three nude images that were in her medical records at the time the alleged privacy violations occurred. She obtained the records in response to being notified about the breach.

Alsughayer faces a gross misdemeanor charge for unauthorized computer access. His legal team sought to dismiss the case on the grounds that there was no probable cause to believe the defendant committed the alleged privacy violations; however, those efforts have been unsuccessful. Alsughayer pleaded not guilty to the charges in August 2021. A date has yet to be set for the trial.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

At least three lawsuits were filed against Mayo Clinic over the privacy violations. One of those lawsuits was settled out of court with the complainant last year and another – filed in May 2021 – is scheduled to go to trial in September 2023. The third lawsuit, which was filed in November 2020 on behalf of Mayo Clinic patient Olga Ryabchuk, sought class action status for the 1,614 patients whose privacy was violated. That lawsuit was dismissed by an Olmsted County Judge in December after all parties agreed to a settlement, the details of which have not been publicly disclosed.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist