$300,000 in Damages Awarded to Alabama Plaintiff over HIPAA Privacy Violation

A woman was granted $300,000 in damages after winning the lawsuit she filed against a physician for illegally accessing and disclosing her protected health information (PHI) to a 3rd party.

In January 2015, Plaintiff Amy Pertuit of Alabama filed a lawsuit against Medical Center Enterprise (MCE), a former doctor at MCE, and a lawyer for the violation of her privacy.

According to the plaintiff’s lawyers, Amy Pertuit’s husband struggled with his visitation rights and was battling a child custody case with Deanna Mortenson, his ex-wife.

Deanna Mortenson contacted a doctor at MCE named Dr. Lyn Diefendfer. Mortenson persuaded the doctor to give her the health data of Amy Pertuit, which can be used for her ex-husband’s custody case. Even if Amy Pertuit was not a patient of Dr. Diefendfer, the doctor accessed Pertuit’s health information through the webpage of the Alabama Prescription Drug Monitoring Program. Then she disclosed the health information to Gary Bradshaw, Mortenson’s lawyer. Dr. Diefendfer was not authorized to access Pertuit’s health data. Hence, she violated not just the hospital policies but also the HIPAA Rules.

After discovering the disclosure of her medical data, Pertuit made a complaint to the Department of Health and Human Services’ Office for Civil Rights. OCR notified the hospital but the hospital did not implement any sanction against Diefendfer. Purportedly, Dr. Diefendfer likewise accessed more medical data in 2016 that was disclosed to the lawyer.

The plaintiff’s attorneys furthermore said that the privacy officer of MCE looked into the records of Dr. Diefendfer and found out that there were 22 other violation cases of hospital policies and HIPAA Regulations.

The lawsuit filed against Dr. Diefender, Deanna Mortensen and his lawyer, Atty. Gary Bradshaw, were settled out of court. The case against MCE had a trial by jury.

The jury unanimously concluded that MCE did not take the required action in relation to Dr. Diefender’s privacy violation. Plaintiff Pertuit received punitive damages worth $295,000 plus $5,000 as compensation for her pain, suffering, and humiliation.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone