HIPAA Journal reports:
A class action lawsuit filed by two former patients against BJC HealthCare over a March 2020 email data breach has survived two motions to dismiss.
Leaha Sweet and Bradley Dean Taylor took legal action against St. Louis-based BJC HealthCare in September 2020 after being notified that their protected health information had potentially been compromised in a data breach.
According to HIPAA Journal, in her June 29 order, Chief Judge Nancy J. Rosentengel dismissed an invasion of privacy claim as Illinois law states that the party alleging an invasion of privacy must demonstrate the act was intentional — a claim that the plaintiffs were unalbe to demonstrate. The plaintiffs’ claim of bailment was also dismissed because the plaintiffs did not allege that they sought a return of their property (their protected health information) or that the health system had failed to return it.
BJC Healthcare must face the remaining 8 counts, though.
Read more on HIPAA Journal.
BJC Healthcare has disclosed a number of HIPAA breaches involving PHI over the past five years, as previous coverage on this site (below) demonstrates, but this one potentially impacted the largest number of patients:
- MO: BJC HealthCare warns patients of possible data breach (the May, 2020 phishing incident that compromised several employee email accounts: 287,876 patients)