Mount Sinai St. Luke’s hospital was hit Friday with a $2.5 million lawsuit for negligently faxing a patient’s HIV diagnosis to his employer’s fax machine three years ago, an action that left the man devastated, forcing him to quit his job and lose his health insurance.
The patient, a man in his 30s, is known in the court documents as “John Doe” and the lawsuit was brought forward by the law offices of Jeffrey Lichtman so the man’s identity can remain confidential.
Earlier this year the Department of Health and Human Services found the hospital—Spencer Cox Center for Health, now the Institute for Advanced Medicine run by St. Luke’s-Roosevelt Hospital Center in New York City—failed to appropriately safeguard the patient’s private health information and violated the patient’s right under HIPAA and agreed to pay a $387,000 fine. HHS’ Office of Civil Rights also discovered during the investigation that Spencer Cox Center had experienced a data breach nine months prior to the one in the complaint but failed to implement safeguards or otherwise address gaps in its compliance.
The law firm said it was forced to sue the hospital, however, because the organization refuses to enter settlement negotiations with its client over the damages he suffered due to its negligence.But
The lawsuit, obtained by FierceHealthcare, states that the patient asked St. Luke’s to mail a copy of his medical records to his post office box or his New York home. But Spencer Cox kept its records separate and apart from St. Luke’s general medical record department so the patient again faxed a request to Spencer Cox asking staff to mail his records to the P.O. box or his home. Three days later the man’s manager handed him a copy of his complete medical records, which the mail room supervisor discovered via the fax sent to the mail room.
The stress of believing his coworkers were aware of his condition forced the man to quit his job and lose substantial health benefits and insurance. Lichtman said that because of the increased costs associated with his medical insurance at this new job, the man has had to discontinue seeing his therapist to cope with the stress, which he blames on the actions of St. Luke’s.
Mount Sinai St. Luke’s said in a statement sent to FierceHealthcare late Monday that patient privacy and security is a top priority at the organization and Mount Sinai West.
"We stand deeply committed to preventing any breaches. We are working with HHS to meticulously review privacy and security policies and procedures, ensuring all necessary safeguards are in place to protect patient privacy," the statement said. "Compliance with the Health Insurance Portability and Accountability Act is a core tenent of the work of our medical professionals; and we will continue to be vigilant and committed in our adherence to the policy."
The hospital privacy breach is the latest in a series of accidental disclosures of patient’s confidential health information by the healthcare industry. Last month Aetna was hit with a class-action lawsuit filed on behalf of customers who claim their privacy was breached when they received a letter containing a reference to filling HIV medications that was visible through a window in the envelope. Days later CVS Health announced it has halted mailings that inadvertently made a reference to HIV visible through a window in the envelope.