Florissant dialysis center faces class-action lawsuit after I-Team investigates

PJ Randhawa reports:

A popular Florissant dialysis clinic is the subject of a class-action lawsuit after an I-Team report uncovered the facility “lost” the medical records of up to 60 patients.

In July, the I-Team found dozens of private medical records for DaVita Dialysis patients dumped behind an abandoned building in north St. Louis.

We traced them back to a DaVita Dialysis location at 10887 W. Florissant Ave.

Read more on KSDK.

This is not DaVita’s first data security incident. Just reviewing previous coverage on this site, which may not be complete, I found:

• Davita notified patients after a laptop was stolen from an employee’s car with unencrypted information — 2008
• DaVita notified patients after office burglar stole computers with patient info — 2008
• DaVita notifies dialysis patients of stolen laptop — 2013

Past breaches that are that old would almost certainly not be considered by OCR in any investigation into DaVita’s compliance with the Security Rule.  Because the 2020 incident reportedly impacted 60 patients, it does not appear on HHS’s public breach tool, so it is not clear if OCR has any open investigation into the incident.