Blog
Hospital Sued for Loss of Patient Information in Potential Class Action
Blog
June 25, 2012
A purported class action filed against Emory Healthcare Inc. seeks damages for loss of personally-identifiable, protected health information. According to the complaint, potentially unencrypted computer disks containing patient information for approximately 315,000 patients were taken from an unsecured location that was overseen by an improperly trained employee. The information allegedly contained patients' social security numbers, addresses, and personal health information, such as dates of surgeries, diagnoses, and names of treating professionals. Plaintiffs claim losses from: (a) invasion of privacy; (b) time an expense to protect themselves against identity theft and damage to their credit ratings; and (c) deprivation of the exclusive use and control of their personal health information. The causes of action are: invasion of privacy, negligence, and breach of implied contract. All of the claims are brought under Georgia state law. The suit follows an April 2012 admission by Emory Healthcare that ten backup disks containing information about surgical patients between 1990 and 2007 were missing from their storage location.
TIP: This case serves as a reminder that companies should not only have clear security policies in place, but should also make sure that employees understand and follow those policies.
This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.