Lurie Children’s Hospital of Chicago is confronted with legal action pertaining to two privacy breaches that involved staff accessing the medical records of patients without having authorization.
The case was submitted on behalf of a mother and her daughter who is 4 years old. On December 24, 2019, Lurie Children’s Hospital advised the mom that a nursing assistant at the hospital viewed her child’s medical records even though there wasn’t any authorized work objective for doing so. The nursing assistant was found to be accessing patient information without permission from September 10, 2018 to September 22, 2019.
On May 4, 2020, another letter mailed to the mom stated that her child’s health records were viewed with no consent by another employee. In this instance, the employee was found to have looked at patient information with no legitimate work reason from November 1, 2018 to February 29, 2020.
In early 2019, the mom brought her then 3-year-old daughter to the hospital for a check-up because she believes that her child could have been sexually abused.
The mother looked for legal services on May 8, 2020 to learn how she might be sure that her child’s health files can be better kept safe in the future and to know more details regarding how two breaches of this type may have come about. The law agency Edelson P.C filed a legal case on May 8, 2020 in Cook County Circuit Court.
The lawsuit claims breach of confidentiality, negligence for not supervising employees and a breach of contract and make certain her daughter’s health data stayed personal and confidential. The viewing of the plaintiff’s health information was part of two bigger breaches that spanned a few months prior to the discovery of unauthorized data access. The legal action wants class-action status along with trial by jury.
The hospital investigated the two lawsuits, nevertheless, no evidence was found that indicates the employees obtained or misused any patient data. After the discovery and inquiry into the unauthorized access, the two staff were disciplined according to the hospital’s guidelines and they were dismissed from the hospital.
The legal action wants damages for all patients impacted by the incident, the offering of continuous credit monitoring services for victims of the breach, and requires the execution of measures to avert more privacy breaches down the road.