Class Says Hospital Failed to Protect Data

     (CN) – The operators of Aventura Hospital in Miami failed to safeguard patient records, leaving them vulnerable to identity theft and exposure of their personal health information, a class claims in court.
     In a complaint filed in Miami Federal Court, named plaintiff Kellie Lynn Case says she is one of thousands of current and former patients whose personal information was entrusted to defendants Hospital Corporation of America and Envision Healthcare Corporation.
     Unfortunately, she says, defendants failed to safeguard their patients’ sensitive information, including their names, dates of birth, and protected health information as defined by the Health Insurance Portability and Accountability Act or HIPAA.
     Upon admission to their hospitals and facilities defendants provided patients with a “Notice of Privacy Practices” stating that they would keep their information confidential. This notice is also available on their websites.
     Case says that defendants used their data security and management practices statements through their privacy policies and public representations “to falsely inflate the advertised utility of their services, thus allowing Aventura Hospital to charge patients higher costs for treatment.”
     On September 2014, Case claims that defendants told their patients that without authorization an employee managed to get access to over 85,000 patient records at the Aventura Hospital during a period of nearly two years, from September 13, 2012 thru June 9, 2014.
     “Unfortunately, it took a large-scale medical data breach to reveal — for the third time — that defendants failed to provide their patients with the level of data protection that they promised and paid for,” the complaint says. (Emphasis in the court documents.)
     The complaint claims that due to their lack of security services and failure to protect their patients’ electronically-stored confidential information defendants violated the Health Insurance Portability and Accountability Act and the Industry Standard Data Protection Protocols.
     According to Florida Statutes the “patient’s records are confidential and must not be disclosed without the consent of the patient or his or her legal representative.”
     Defendants failed to properly train and supervise their employees who were in charge of viewing and accessing the records of their patients; making it easier for them to steal and misuse sensitive information, the complaint claims.
     Case says that she did not receive all of the services that she paid for in the Aventura Hospital, and that that if she would have known of defendants’ failure to protect their patients information, she would have paid less for their services or would not have paid anything at all.
     She seeks compensatory damages for breach of express contract, breach of implied contract and unjust enrichment. Case is represented by Edmund Normand of Orlando, Fla.

%d bloggers like this: