Dive Brief:
- Valley Children's Hospital in Madera, California is suing three pediatricians for allegedly wrongfully accessing patient EHRs.
- More than 164 patient records were accessed by the physicians while working at Valley Children's Hospital, which interim chief legal officer and administrative officer Michael Goldring called a "significant data breach" and a HIPAA violation.
- According to the HIPAA Journal, the physicians allegedly used Spanish-speaking interpreters to contact patients with cystic fibrosis and falsely informed them that their current hospital was closing and they were advised to follow physicians who had left Valley Children's and to move their medical records to a University Pediatric Specialists Hospital.
Dive Insight:
The defendants named in the suit are John Moua, MD, David Lee, MD, and Paul Do, MD as well as University Pediatric Specialists and Central California Faculty Medical Group. Valley Children's Hospital said its reputation was damaged as a result of the physicians' actions.
The lawsuit allegations include "unauthorized computer access, misappropriation of trade secrets, conversion and misappropriation of patients' personal health information...to divert patients for their personal financial gain and commercial advantage."
Legal concerns about inappropriate access to EHRs continue to grow as large data breaches have been repeatedly reported this year. A HIMSS survey in July 2015, reported in Healthcare Dive, showed two-thirds of 297 health IT execs had a "significant" data security breach in 2015, with the second major factor motivating security threats being staff improperly accessing patient records. Medical identity theft being the major factor.
There was a large healthcare data breach in August that affected almost 4 million people across Concentra - a health system with 300 medical centers in 38 states. Data breaches cost the healthcare sector an estimated $5.6 billion every year, as previously reported in Healthcare Dive.
A Washington Post blog from 2014 said that HHS has tracked 944 major breach reports affecting personal information from 30 million people.