$150,000 Settlement Proposed by Flowers Hospital for 2014 Data Breach

by | Jul 30, 2018

A class action lawsuit submitted after a staff-member related data breach at Flowers Hospital in Dothan, Alabama in 2014 is likely to be settled. The settlement is awaiting final court approval, although approval seems imminent and a resolution to this four-year legal battle is now achieveable.

Unlike the majority of class action lawsuits filed over the exposure/theft of PHI, this case involved the theft of data by an insider rather than a cyber criminal. Additionally, the former staff member used PHI for identity theft and fraud and was convicted of those crimes.

The breach occurred when a former lab technician, Kamarian D. Millender, who was found in possession of paper records the included patients protected health information. Millender admitted to using the data for identity theft and for filing false tax returns in victims’ names. In December 2014, Millender received a two-years prison sentence.

In the class action lawsuit, filed in 2014, it was alleged that between June 2013 and December 2014, paper records were left unsecured and unguarded at the hospital and could have been taken by staff members or third parties. In the case of Millender, that is exactly what occurred.

Flowers Hospital tried to have the lawsuit struck out, although that attempt was unsuccessful and the lawsuit was awarded class action status in 2017. The decision has now been taken to settle the legal action. The hospital has offered a fund of up to $150,000 to cover out-of-pocket expenses incurred by the 1,208 individual affected by the breach. The settlement would provide each class member with up to $250 each, although claims up to an overall value of $5,000 would be reviewed.

In order to be eligible to receive the compensation offered, class members would need to file valid claims. A valid claim would require a breach victim to show evidence that they purchased credit monitoring or identity theft protection services in response to being alerted about the breach.

Furthermore, breach victims would be permitted to claim money for the time they spent arranging those services – up to four hours of documented lost time – the cost of receiving credit reports, and any un-reimbursed interest due to a delayed tax refund as a result of there being a fraudulent tax return submitted between June 2013 and the claims deadline. The settlement does not incorporate any punitive damages.

If it happens that the total claims amount exceeds the allocated $150,000, all claims would be lowered, pro rata, so that the total claims value would not be more than $150,000.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy