Legal Actions Submitted Over Alleged HIPAA Breaches

Two legal actions have recently been filed in relation to alleged breaches of Health Insurance Portability and Accountability Act (HIPAA) Rules, one by a former hospital worker and another by a patient whose privacy was allegedly violated by a CVS pharmacy worker.

Legal Action over Dismissal Taken by Former Employee of Mosaic Life Care Medical Cente

A former staff member of Mosaic Life Care Medical Center in St. Joseph, MO is taking a law case in relation to a wrongful discharge and retaliation for her taking steps to avoid a violation of the False Claims Act.

Debra Conard, 57, claims she was wrongfully terminated for raising concerns about unlawful, unethical, and fraudulent billing practices. According to the lawsuit, in April 2017, Conard was told by hospital officials to publish charges for billing even though the documentation did not support the allegations. Multiple charges were required to be pushed through, which would induce payment by Medicare and other external parties, even though Conrad could not verify that the claims were genuine.

Conrad raised her concerns about possible breaches of the False Claims Act and told her supervisor of the possibility of massive fines. Under instruction, Conrad processed the claims but also included notes stating that the claims were not supported by the documentation and the claims had been authorized to be shared even though she believed them to be fraudulent claims.

Conrad was subjected to disciplinary action, including suspension,  due to her fighting the fraudulent billing. She made a complaint about the disciplinary actions and was later accused of violating HIPAA Rules. She also complained about that claim allegation and was sacked shortly after.

The lawsuit says, “Merely because plaintiff could see patient information while performing duties in the coding program (that she needed to access to perform her job), she was subject to discipline and suspension.” Conrad is seeking $75,000 in compensatory damages, lost wages, lost benefits, attorneys’ fees, and reinstatement.

Legal Action Submitted over Alleged Disclosure of Viagra Prescription

A New York man is initiating a legal action against CVS Pharmacy over an alleged privacy violation in which details of his prescriptions were shared over the telephone to his wife. The man had visited a Long Island branch of the pharmacy chain to complete a prescription for 100 mg of Viagra with five refills. The man wanted to pay for the drug himself rather than have it covered by his insurance.

The man’s wife got in touch with the same pharmacy by telephone a few days later about an unrelated matter and was allegedly informed about her husband’s Viagra prescription over the telephone by a CVS Pharmacy employee. Due to the disclosure, the main claims his marriage is broken and he has suffered a “genuine, severe mental injury and emotional harm”.

The man, Michael Feinberg, alleges his wife had no right to be told about his medication and that by sharing the information to a third party (his wife) the pharmacy breached the HIPAA Privacy Rule.

Legal Case Being Considered Over EMS Worker’s Facebook Post

A lady from Roane County, TN, is thinking about taking legal action over a Facebook post made by an EMS worker who visited her house to provide treatment to her husband who had collapsed after suffering a heart attack while in his chicken coop.

Kathy Raymond tried to save her husband’s life by providing cardiopulmonary resuscitation until the emergency services team came on the scene. They took over but were unable to save her husband’s life.

After the visit, an EMS worker published a message on Facebook about the incident. The message read – “well, we had a first … We worked a code in a chicken coop! Knee deep in chicken droppings.” WATE reports that further comments were added to the post by the worker, who stated, “it was awful” and that “I’m pretty sure y’all could smell us in dispatch.”

Raymond got in touch Roane County EMS to complain about the EMS worker’s unprofessional and insensitive behavior and the incident was investigated internally.

No PHI was referred to in the post although questions have been raised over a possible HIPAA breach. Since no PHI was disclosed, the county attorney does not believe HIPAA has been breached, but did say that the post should not have been published on social media.

The staff member concerned has been reprimanded and talks have been scheduled with EMS workers to explain that no work matters should be discussed or published on Facebook.

Raymond was not satisfied with the response to the incident and stated, “this is wrong for her to just get a slap on the wrist. I don’t want her to be able to have a job as an EMS worker if she does not have more compassion than that. Even though she did not mention his name, she said it was the first time they had ever had a call in a chicken coop. Everybody knows where my husband died.”

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas should has data protection and innovations such as telehealth.