Another “small breach, big impact” story. Rick Carroll reports:
A former Aspen Valley Hospital employee who says a human resources manager outed him as HIV-positive is alleging the hospital repeatedly violated patient-confidentiality laws.
[…]
Doe joined the hospital in 2003 as its conference center coordinator. In August 2013, he was promoted to a technician in the hospital’s information technology department.
The hospital regularly gave him “outstanding” job reviews, the suit says, but his employment status began to unravel after it was revealed he was HIV-positive.
Unbeknown to Doe at the time, Alicia Miller, who is the hospital’s human resources director and privacy officer for the staff’s health plan, told another employee about his condition over drinks and dinner. That conversation transpired Sept. 23, 2012, after an industry convention in Denver, the suit alleges. Miller’s knowledge of Doe’s HIV status was a result of her analysis of the health-insurance records of staff employees as a way to reduce costs for the self-insured hospital, the suit says. Doe’s insurance records “stood out because his HIV anti-viral medications were expensive and therefore exceeded many of the other employees’ health-insurance costs,” the suit says.
Doe didn’t learn that his colleagues knew of his condition until 2014, the suit says. That’s when the employee who was informed of his health, after leaving the hospital, told him about her conversation with Miller, the suit says.
Read more on The Aspen Times.
Does this sound familiar – medical privacy breached in the context of talking about insurance? Remember Deanna Fei’s heart-wrenching story about her experience after the CEO of her employer revealed private information about her pregnancy and baby’s problems.
If we may take what is being reported at face value, Doe has a very, very strong case. Aspen Valley Hospital is going to pay for this almost unbelievable privacy screwup.
The fact that he has a strong case doesn’t necessarily translate into the hospital will pay. In some cases, the hospitals/employers have been found not liable for the conduct of an employee if the employee was violating their policies and procedures. So we’ll have to wait and see on this one, I think.