DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Aspen Valley Hospital accused of patient-privacy breach

Posted on June 15, 2016 by Dissent

Another “small breach, big impact” story. Rick Carroll reports:

A former Aspen Valley Hospital employee who says a human resources manager outed him as HIV-positive is alleging the hospital repeatedly violated patient-confidentiality laws.

[…]

Doe joined the hospital in 2003 as its conference center coordinator. In August 2013, he was promoted to a technician in the hospital’s information technology department.

The hospital regularly gave him “outstanding” job reviews, the suit says, but his employment status began to unravel after it was revealed he was HIV-positive.

Unbeknown to Doe at the time, Alicia Miller, who is the hospital’s human resources director and privacy officer for the staff’s health plan, told another employee about his condition over drinks and dinner. That conversation transpired Sept. 23, 2012, after an industry convention in Denver, the suit alleges. Miller’s knowledge of Doe’s HIV status was a result of her analysis of the health-insurance records of staff employees as a way to reduce costs for the self-insured hospital, the suit says. Doe’s insurance records “stood out because his HIV anti-viral medications were expensive and therefore exceeded many of the other employees’ health-insurance costs,” the suit says.

Doe didn’t learn that his colleagues knew of his condition until 2014, the suit says. That’s when the employee who was informed of his health, after leaving the hospital, told him about her conversation with Miller, the suit says.

Read more on The Aspen Times.

Does this sound familiar – medical privacy breached in the context of talking about insurance? Remember Deanna Fei’s heart-wrenching story about her experience after the CEO of her employer revealed private information about her pregnancy and baby’s problems.

Category: ExposureHealth DataInsiderU.S.

Post navigation

← IE: Private investigator used civil servant to access personal data
Readers get notifications, Wednesday edition →

2 thoughts on “Aspen Valley Hospital accused of patient-privacy breach”

  1. John Nelson says:
    June 15, 2016 at 11:47 am

    If we may take what is being reported at face value, Doe has a very, very strong case. Aspen Valley Hospital is going to pay for this almost unbelievable privacy screwup.

    1. Dissent says:
      June 15, 2016 at 12:33 pm

      The fact that he has a strong case doesn’t necessarily translate into the hospital will pay. In some cases, the hospitals/employers have been found not liable for the conduct of an employee if the employee was violating their policies and procedures. So we’ll have to wait and see on this one, I think.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.