Class action lawsuit filed against hospital, former staff and Fleming College

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.mykawartha.com/news/article/1597294--class-action-lawsuit-filed-against-hospital-former-staff-and-fleming-college

(PETERBOROUGH) A multi-million dollar lawsuit has been filed against
the Peterborough Regional Health Centre (PRHC), some of its former
staff members and Fleming College.
The lawsuit comes after 280 patient files at the hospital were
breached. Information regarding the breach was released to the public
last spring by hospital officials. Seven employees were fired as a
result.
Since, Ottawa-based lawyer Michael Crystal has been meeting with
former patients in the Peterborough area to begin the process of
filing a class-action lawsuit. Those papers were filed in the Ontario
Superior of Court of Justice in Peterborough on March 21.
The lawsuit is seeking general damages in the amount of $5.6 million
plus punitive and aggravated damages in the amount of $1 million and
an additional $50,000 against each defendant named.
Mr. Crystal is confident the lawsuit will move ahead, considering that
hospital officials have acknowledged wrong doing and even went as far
as to fire seven employees last year involved in the privacy breach.
“There’s been acknowledgment that the records were accessed,” says Mr. Crystal.
The lawsuit was filed by Mr. Crystal’s firm on behalf of plaintiffs
Jessica Hopkins, Heike Hesse and Erkenraadje Wensvoort.
The defendants are Andrea Kay, Dana Gildon Cormier, Mandy Edgerton
Reid, Dawn Deciocci, Jane Doe “A”, Jane Doe “B”, Jane Doe “C”, the
PRHC and Fleming College.
Mr. Crystal says they chose three of the most compelling breach of
privacy stories to go ahead with the suit, but adds all those who had
their medical files breached are included. Last year, hospital
officials sent out letters of apology to 280 patients who had their
files accessed.
Mr. Crystal says one of the most concerning cases involves a former
hospital staff member who was also a teacher at Fleming College. In
the statement of claim it reads the staff member, Mandy Edgerton Reid,
accessed the medical files of a nursing student who went to the
emergency room in January of last year to be treated for a severe
cough. She was seen by a physician, given prescription drugs and was
sent home by her teacher, who was working at the hospital that day. In
the statement of claim it reads:
“Jessica was later informed that while attending the emergency
department of the defendant hospital, Mandy had accessed her
electronic medical records for the class of RPN (registered practical
nursing) students to view without Jessica’s consent.” It goes on to
read that, “Mandy improperly accessed numerous medial records and
showed the contents thereof to her students. Mandy accessed and
disseminated patients’ records, including but not limited to patients
in palliative care and those coming and going from the emergency
department, to her students.”
Because of her employment with Fleming College, the lawsuit names the
institution as a defendant.
Fleming President Dr. Tony Tilly declined to comment on the matter,
saying it was before the courts.
However, hospital officials did release a statement in light of the
lawsuit being filed. It states the hospital’s legal counsel will
review the lawsuit, but refused to provide any further details about
the legal matter.
“The standard to which we hold ourselves, our staff and our
physicians, is of the highest order. It’s not only what our patients
expected of us - it’s our ethical and legal obligation,” the statement
reads. “PRHC has a zero tolerance policy with respect to inappropriate
access of medical records. This standard is not negotiable. If a
breach is detected it is carefully investigated. If confirmed,
decisive action is taken.”
Another case mentioned in the suit involves a woman who visited the
hospital on numerous occasions suffering from injuries sustained while
in an abusive relationship with her husband. She left her husband and
went into hiding. When she did attend the hospital she wanted to be
named as an “unknown patient” for fear her former partner would find
her. She later found out her medical records were accessed only a few
months after she had left her husband. In the statement of claim it
reads the plaintiff became “paranoid, anxious and had an increase in
blood pressure at the thought of her husband locating her.” She feared
her husband knew someone at the hospital and had paid to have her
information accessed.
The third case mentioned in the claim involved a woman who went to the
hospital to have an abortion. She had kept the procedure from her
family and her partner. At the time, she had recently completed the
RPN course at Fleming and knew many people employed at the hospital.
She also feared her parents and partner would become aware of the
abortion as a result of the breach.
Mr. Crystal says his firm is continuing to investigate more breach of
privacy complaints related to the matter. He says anyone who was
contacted by the hospital about their medical files being breached are
urged to contact his firm’s investigator, Blair Nicholson at
613-355-5606. Mr. Crystal says he will also be heading to Peterborough
in the coming months to conduct more interviews.
The defendants have 20 days to prepare a statement of defence from the
day the lawsuit was served.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.