She had indicated her intention to sue back in February 2010, and I’m somewhat surprised it took so long, but now Brooke Mueller has filed a lawsuit against The Canyon rehab facility for privacy violations. TMZ reports that the lawsuit alleges the facility sold her confidential information to the media:
TMZ broke the story after the leak … someone was sending Brooke’s patient admissions document to members of the media … including TMZ, and the form very specifically outlined Brooke’s problems. TMZ never published info from the document.
Brooke claims it was all a crass money grab from staffers at The Canyon — and now, she’s suing for undisclosed damages, claiming her right to privacy has been violated.
A rep for The Canyon had no comment, although as we first reported, after the leak The Canyon officials said they would conduct their own internal investigation.
So… did The Canyon ever report a breach to HHS, and if so, did HHS ever investigate? Did the state of California, who has fined a number of hospitals for employee-related privacy breaches, ever investigate this? And were any criminal charges ever filed under HIPAA or California state law?
Obviously, as someone just reading about the case and allegations, I don’t know the facts of the case. But such allegations are serious because apart from the potential privacy harm to the patient and potential reputation harm to the facility, these types of reports or situations may make people reluctant to seek help. Patients seeking treatment for substance abuse issues or mental health issues really need to feel that their confidential information will be kept confidential or they may be frightened off from treatment.
So while this case works its way through the courts and media, I hope that relevant agencies have also been involved and will publicly share their findings as to whether there was a HIPAA violation here.