Erick Flack of WAVE reports that a lawsuit has been filed over the Our Lady of Peace breach. “The lawsuit accuses the hospital of negligence, invasion of privacy and emotional distress and asks for punitive damages.”
Even though the breached information did not include Social Security Numbers, diagnosis, or treatment information, this is one of those cases where just knowing that someone was admitted to the hospital conveys some information because the hospital is not a general hospital, but a psychiatric one.
Somehow — and not to dispute or demean the emotional distress the individual may have suffered or continue to suffer over others finding out that s/he was a patient at the hospital — I doubt the lawsuit will really go anywhere. HHS, on the other hand, could fine or penalize the hospital, but they generally haven’t issued fines for this type of thing. Maybe if they did fine or two, others would be more careful?