$150,000 Settlement Proposed by Flowers Hospital for 2014 Data Breach

by Ryan Coyne | Jul 30, 2018

A class action lawsuit submitted after a staff-member related data breach at Flowers Hospital in Dothan, Alabama in 2014 is likely to be settled. The settlement is awaiting final court approval, although approval seems imminent and a resolution to this four-year legal battle is now achieveable.

Unlike the majority of class action lawsuits filed over the exposure/theft of PHI, this case involved the theft of data by an insider rather than a cyber criminal. Additionally, the former staff member used PHI for identity theft and fraud and was convicted of those crimes.

The breach occurred when a former lab technician, Kamarian D. Millender, who was found in possession of paper records the included patients protected health information. Millender admitted to using the data for identity theft and for filing false tax returns in victims’ names. In December 2014, Millender received a two-years prison sentence.

In the class action lawsuit, filed in 2014, it was alleged that between June 2013 and December 2014, paper records were left unsecured and unguarded at the hospital and could have been taken by staff members or third parties. In the case of Millender, that is exactly what occurred.

Flowers Hospital tried to have the lawsuit struck out, although that attempt was unsuccessful and the lawsuit was awarded class action status in 2017. The decision has now been taken to settle the legal action. The hospital has offered a fund of up to $150,000 to cover out-of-pocket expenses incurred by the 1,208 individual affected by the breach. The settlement would provide each class member with up to $250 each, although claims up to an overall value of $5,000 would be reviewed.

In order to be eligible to receive the compensation offered, class members would need to file valid claims. A valid claim would require a breach victim to show evidence that they purchased credit monitoring or identity theft protection services in response to being alerted about the breach.

Furthermore, breach victims would be permitted to claim money for the time they spent arranging those services – up to four hours of documented lost time – the cost of receiving credit reports, and any un-reimbursed interest due to a delayed tax refund as a result of there being a fraudulent tax return submitted between June 2013 and the claims deadline. The settlement does not incorporate any punitive damages.

If it happens that the total claims amount exceeds the allocated $150,000, all claims would be lowered, pro rata, so that the total claims value would not be more than $150,000.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter