MOS Legal Transcription Service 18006702809
The Walton and Walgreens HIPAA Violation Lawsuits HIPAA violation is the overriding theme in a lawsuit in which the attorney for a facial reconstruction patient alleged that her plastic surgeon from Chicago posted her before/after photos without her permission. The photos were posted under the “cocaine nose” treatment category. The Plastic Surgery HIPAA Violation Lawsuit The defendant is Dr. Robert Walton of Plastic Surgery Chicago LLC, and HIPAA violation is only one of the allegations, the other being confidentiality fiduciary duty breach. The cocaine nose condition is listed in the website as being an infection or damage caused to the septum or supporting cartilage, which eventually results in nose collapse, caused by chronic consumption of cocaine. The plaintiff claims that she had undergone treatment with Dr. Walton in 2004 and agreed for the photographs to be taken on the understanding that they would be maintained with confidentiality in her medical record. However that agreement had apparently been breached when Dr. Walton started a new practice in 2013
MOS Legal Transcription Service 18006702809
and posted the plaintiff’s photos as well on the website of the new practice. Dr. Walton isn’t the only defendant in the case. The University of Chicago Medical Center and the company behind the design and development of the new plastic surgery facility’s website are also co-defendants. The aim of the lawsuit is to seek compensation for the damages caused by the photos being posted, which the plaintiff argues has caused her “great harm” as well as embarrassment and shame. Walton was a part of the University of Chicago Medical Center though the Center claims that he left in 2007. The Leverage Offered by the HIPAA Point HIPAA is quite a sensitive topic when it comes to seeking compensation, mainly on account of its diverse possibilities of interpretation. HIPAA (Health Insurance Portability and Accountability Act) requires the healthcare practice or any related service provider to secure the patient’s written consent before the disclosure or use of his/her protected medical information for educational, commercial, marketing or publishing purposes, the lawsuit summarizes the law likewise. Now just how is the information protected by HIPAA? The protected information is called PHI (Protected Health Information), but unless it is received or created by a covered entity, which is a health plan, healthcare provider or a healthcare clearinghouse, the information is not protected. Employers sponsoring group health plans do not come under covered entities. HIPAA only governs the
MOS Legal Transcription Service 18006702809
utilization of PHI by a covered entity. The entity is also responsible for the actions of its employees who access PHI. PHI Disclosure Exceptions The only exceptions for disclosing PHI for covered entities are for providing treatment or referring patients for other treatment, coordinating patient care, payment purposes, or for use of recognition or identification of a patient in the facility by members of the family or others responsible for the person’s care. A complaint needs to be filed only under the administrative procedures that have been established. There is no shortage of penalties for violations of ethics in relation to HIPAA under the Federal Rule of Civil Procedure 37, while laws of the states could encourage civil actions for violation of their respective healthcare information laws. The Walgreens Case The Walton case draws precedent from another recent case in which HIPAA was controversially used, the reason for the controversy being the law’s exploitation for apparently settling personal grievances. This is the Walgreens case which showcased the skills of a young attorney who managed to successfully wield the HIPAA wand to secure settlement for the plaintiff. The Walgreens pharmacy was ordered to compensate the plaintiff for damages by paying $1.44 million, with the crime stated as violation of HIPAA by one of the employees. But close examination of the case reveals that it
MOS Legal Transcription Service 18006702809
perhaps may not be quite as black and white. This lawsuit was only the second case ever where HIPAA was successfully employed in court for securing damages. This will have a significant impact on the nation’s healthcare system. What the Walgreens Pharmacist Did The core of the case is the action of a Walgreens pharmacist who searched the medical records kept in the pharmacy of the ex-girlfriend of her husband on suspicion that she transmitted a sexually transmitted disease (STD) to him. Probably not realizing that the ex-girlfriend, who is the plaintiff, would take matters serious enough to go to court, the employee’s husband informed his ex about the findings. The woman complained to Walgreens but the action was repeated, which led her to file a lawsuit against the pharmacy. The defendant’s main argument was that what the pharmacist did would not come under her prescribed duties as a Walgreens employee, which implies that her actions were not the responsibility of the company. This point wasn’t accepted by the jury and the judge who considered the pharmacy to be the cause of 80% of the damages. How HIPAA Was Cleverly Exploited While Walgreens has declared its intention to appeal, the turn of events in this case, resulting in this verdict, was largely the result of the plaintiff’s attorney bringing in the point of HIPAA violation. The attorney later clarified to a blog that the principles of violation in the lawsuit were not
MOS Legal Transcription Service 18006702809
exactly direct HIPAA violations but rather instances of malpractice, privacy invasion and negligence. But in each of these violations HIPAA was used to prove the wrongdoing and to set the standard. What Goes on Behind a HIPAA Lawsuit It can therefore be concluded that HIPAA is quite a strong point that could swing the tide in the plaintiff’s favor. The legal process involved here is to prove that the actions performed by the defendant involve principles dealing with HIPAA. This requires a sound understanding of the act and some skillful interpretation from the attorney. There is a good deal of documentation of legal data involved too, including those of the testimonies of the plaintiff and defendants. The nature of the medical data whose security is claimed to have been breached would also need to be analyzed. The attorney for the plaintiff would ultimately aim to prove the existence of either malicious intent or procedural flaws, or both, on the part of the healthcare provider or any of its employees which contributed to the data breach. This requires in-depth analysis of the working procedure of the organization. If the attorney manages to prove that there was an agreement in the first place and that it has been breached, the plaintiff in the Walton case looks set to gain much in terms of compensation.