For the past several years, we’ve been warning clients of the dangers of class action lawsuits filed against practices that breach patient privacy. A good example is the class action lawsuit filed in the wake of an employee-related data breach at Flowers Hospital in Dothan, Alabama in 2014.
In contrast to most class action lawsuits filed over the exposure or theft of PHI, this case involved the theft of data by an employee who used PHI for identity theft and fraud. The individual was convicted of those crimes and sentenced to two years in jail.
In a class action lawsuit filed the same year, patients claimed paper records were left unprotected and unguarded at the hospital and could have been taken by employees or third parties. In the case of the convicted employee, this is precisely what happened.
Flowers Hospital tried to have the suit dismissed, and failed. The lawsuit was awarded class-action status last year. Now, the hospital is attempting to settle by offering a fund of up to $150,000 to cover out-of-pocket expenses incurred by the 1,208 victims of the breach. The settlement would provide each class member with up to $250 each, although claims up to a total value of $5,000 would be considered.
We’re unsure the court will accept a $150,000 settlement offer; whatever the outcome, it’s obvious that the hospital will have spent several times that amount in attorneys’ fees alone.
Discover more HIPAA news and compliance tips at Smart Training.