PHI Breach Lawsuit Regarding California HIV Patient Will Go Ahead

by | Oct 8, 2018

A data breach, that saw the highly sensitive protected health information of 93 lower-income HIV positive individuals stolen by unauthorized individuals, will go to trial after a lawsuit submitted by Lambda Legal on behalf of a victim survived a motion to dismiss.

A motion to dismiss was submitted by the former administrator of the California AIDS Drug Assistance Program (ADAP), A.J. Boggs & Company, however it was rejected by the Superior Court of California in San Francisco.

In the legal action, Lambda Legal claims A.J. Boggs & Company breached the California AIDS Public Health Records Confidentiality Act, the California Confidentiality of Medical Information Act, and other state medical privacy legisation by failing to ensure an online system was safeguarded prior to introducing that system and allowing patients to submit sensitive information.

A.J. Boggs & Company went live with its new online enrollment on July 1, 2016, despite having previously receiving several warnings from nonprofits and the LA County Department of Health that the system had not been adequately tested for weaknesses.

It was claimed that the failure to make sure its system was safe meant that any data recorded on the portal by patients was in danger of exposure and could possibly be obtained by unauthorized parties. In November 2016, four months following the implementation of the system, A.J. Boggs & Company took the system offline to address the vulnerabilities.

However, in February 2017, the California Department of Health noticed that the flaws in its portal had been taken advantage of and unauthorized people had obtained access to the system and had downloaded the private and highly sensitive data of 93 patients with HIV or AIDS. After this discovery, the contract with the firm was cancelled and a new state-run system was implemented.

The ADAP program supplies states with federal funding to provide financial assistance to low-income people with HIV or AIDS to make HIV medications more affordable, widening access to Medicaid when patients incomes were too high.

Scott Schoettes, HIV Project Director at Lambda Legal said: “HIV is still a highly stigmatized medical condition. When members of already vulnerable communities — transgender people, women, people of color, undocumented people, individuals with low incomes — already face challenges in accessing health care, undermining the trust they have in the ADAP is not just a breach of security; it creates a barrier to care.”

Lambda Legal is requesting statutory and compensatory compensation for the patient and is looking for class action status to permit the other 92 breach victims to be incorporated in the legal action.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy