The HIPAA Guide - Celebrating 15 Years Online

$150,000 Settlement Proposed by Flowers Hospital for 2014 Data Breach

July 27, 2018HIPAA Breaches, Violations, and Fines0

A class action lawsuit filed in the aftermath of a data breach at Flowers Hospital in Dothan, Alabama in 2014 will soon be settled. The settlement has yet to obtain final approval of the court; however, it is likely to be approved and this four-year legal fight will soon be over.

Many class action lawsuits are filed by data breaches when data theft and misuses is only suspected. These speculative lawsuits often fail when there is no evidence of actual harm caused as a result of the breach. In this case, data theft and misuse had been confirmed. A former employee of the hospital stole protected health information from the hospital and used the data to file fraudulent tax returns in the victims names.

The former laboratory technician, Kamarian D. Millender, was discovered to be in possession of paper records that contained patients’ PHI. Millender confessed to utilizing the data for identity theft and for filing fake tax returns. In December 2014, Millender was sentenced to serve two years in jail.

A class action lawsuit was filed in the same year in which it was claimed that from June 2013 to December 2014, the hospital had left paper records unprotected and unguarded, which employees and third parties could have easily taken. That is precisely what transpired in Millender’s case.

Flowers Hospital tried to get the lawsuit dismissed, but its attempts were unsuccessful and the lawsuit was granted class action status in 2017. Flowers Hospital has now taken the decision to settle the case and has offered class members up to $150,000 to cover the cost of credit monitoring services. The settlement will give every class member around $250 each, though claims as much as $5,000 could be considered.

To qualify for part of the settlement, class members must submit a legitimate claim. A legitimate claim requires a breach victim to show that credit monitoring or identity theft protection services were purchased after receiving its breach notification letter.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

In addition, breach victims are allowed to claim money for the time they spent arranging those services – Up to four hours of documented lost time and claims can include any non-reimbursed interest resulting from a late tax refund as a result of a fake tax return having been filed by Millender between June 2013 and the claims deadline. The settlement doesn’t include any punitive damages.

Should claims be received that total more than $150,000, payments will be made pro rata to ensure the total cost to Flowers Hospital is no more than $150,000.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/

Copyright © 2007-2023 The HIPAA Guide       Site Map      Privacy Policy       About The HIPAA Guide