When a Florida business collects confidential medical data, it assumes the responsibility of protecting that information on behalf of its patients and clients. This is a duty that is taken very seriously by all business owners and management personnel, no matter how large or small the company. One hospital is currently facing a breach of fiduciary duty lawsuit brought by multiple former patients over the theft and dissemination of their private and protected information.
The lawsuit was filed on behalf of 12 former patients of North Shore Hospital, a northeastern medical facility. The patients assert that the information contained on their medical record face sheets was stolen from the hospital and used to conduct acts of identity theft. They are claiming that the hospital was negligent in allowing this data to be stolen, and that the resulting breach of fiduciary duty also violated their contracts and is in violation of HIPPA laws.
The hospital has reported that the theft issue has been resolved. They have beefed up their information security systems, and report that there have been no additional theft issued within the past 11 months. They appear to be taking the stance that they are not at fault for the acts of identity theft conducted through use of stolen patient data.
This case will present an interesting question to the court. In an increasingly digital world, how far does a Florida business have to go to ensure that the private and protected data of its clients remains safe? When a security system fails, is it the fault of the business, the security provider or simply an act of theft that is never entirely preventable? The hospital at the center of this breach of fiduciary duty case will likely argue that they take their client’s data very seriously, and that there are instances in which theft will occur, no matter how thoroughly a company acts to prevent such crime.
Source: HealthITSecurity.com, “Patients sue hospital for health data breach damages,” Ouellette, Feb. 7, 2013