Kyla Asbury reports on another small-n breach case that reportedly had huge consequences for the victim:
A Wayne County woman is suing St. Mary’s Medical Center after she claims it allowed people to access her private health information that should not have had access.
St. Mary’s Medical Management LLC; Cabell-Huntington Hospital Inc.; Rebecca Winters, formerly known as Rebecca Harmon; and Jessica Hatfield also were named as defendants in the suit.
On Oct. 25, 2013, C.H. went to her physician Dr. Joseph P. Assaley, for certain laboratory tests, which included testing for sexually transmitted diseases, according to a complaint filed in Cabell Circuit Court.
Okay, you’re probably thinking this is a snooping lawsuit. But there are other allegations of note:
C.H. claims Winters obtained a copy of her testing results, altered the results to indicate that she tested positive for Chlamydia and Gonorrhea and then published the falsified results to multiple third-parties.
And it didn’t happen just once, C.H. alleges in her lawsuit. The defendants’ actions resulted in her being harassed, she claims:
C.H. claims she began to see Internet posts alleging she had various STDs, and complaints were made to her employer alleging she had STDs and she began receiving insulting and intrusive prank phone calls from untraceable numbers.
Read more on West Virginia Record. There are a number of issues here legally, including who was responsible for auditing the access logs when the patient contacted Cabell with her concerns.
N.B.: This not the first time St. Mary’s has been sued for employee wrongdoing in exposing private information. See this earlier post/case. I wonder if HHS will consider that if OCR is investigating any complaint arising from this later incident.