Ken Curtis reports the latest developments in a lawsuit stemming from an insider breach for tax refund fraud. The former Flowers Hospital employee is currently serving a prison sentence, but now others want to join the potential class action lawsuit against the hospital. Curtis reports, in part:
Legal documents show that Millender was in possession of 54 files stolen from the hospital. It’s not known the total he took while employed for nearly a year. Evidence shows he would return files after stealing vital data.
[…]
The lawsuit also claims files were routinely and negligently kept in an unsecured hallway of the hospital. “These daily file folders would each generally contain approximately 100 to 150 patient records.”
Read more on WTVY.
I’ve covered this breach previously on this site (follow links to past coverage), but I just went back to see what action, if any, OCR had taken when they investigated. The breach had been reported to them as affecting 629 patients. Here is their closing statement:
The covered entity (CE), Flowers Hospital was informed by law enforcement on February 27, 2014, that while one of its employees was being arrested, the CE’s paper facesheets were found in his possession. An internal investigation revealed that the employee may have accessed or allowed another individual access to the clinical and demographic information of 1,208 individuals. The CE provided breach notification to HHS, to affected individuals, and to the media. In response to the breach, the CE implemented procedures to further restrict access to paper records and improved its maintenance and storage procedures. OCR obtained assurances that the CE implemented the corrective actions listed above.
So that was it as far as OCR’s role, it seems. Will those affected get any satisfaction from the court? It remains to be seen.