health care:

Lawsuit filed over UMC patient records leak

University Medical Center, which is Clark County’s only publicly funded hospital.

Saturday, July 3, 2010 | 2:01 a.m.

Man indicted in probe of UMC privacy leak (4-28-2010)
Source may hold key in solving UMC patient data leak (3-8-2010)
Another UMC breach surfaces with theft of computer hard drives (3-5-2010)
UMC: Patient info leaks likely date back to July (1-25-2010)
UMC faces criticism from within medical field (12-23-2009)
UMC suspends 6 staff members pending investigation(12-11-2009)
At UMC, audits show privacy lapses are not new(11-24-2009)
FBI looking at UMC records leak(11-21-2009)
Hospital privacy leak could harm patients(11-20-2009)

The fallout continued Friday over the Sun’s disclosure in November that confidential patient information was being leaked from University Medical Center.

A lawsuit seeking class-action status was filed in District Court in Clark County against UMC and the man indicted by a federal grand jury in connection with the patient privacy scandal.

Henderson attorney Jesse Sbaih filed the suit on behalf of patients Rachel Cummings and Suzanne Poole.

The suit seeks to represent “all emergency room/trauma patients who had their personal and confidential information leaked by UMC agents to third parties without their knowledge and consent from 2007 through the end of 2009.”

Besides UMC, the defendants include unnamed UMC trauma employees and Richard Charette, who was indicted April 28 by a federal grand jury on one count of conspiracy to illegally disclose personal health information, in violation of the Health Insurance Portability and Accountability Act, or HIPAA.

The indictment was prompted by the Sun’s investigation into an alleged conspiracy in which a UMC employee was paid for information about traffic accident victims that was used to drum up clients for attorneys.

The UMC employee faxed the registration sheets of trauma patients to Charette on at least 55 occasions and was paid about $8,000, the indictment said.

Friday’s lawsuit said Cummings and Poole were involved in car accidents in October and both went to UMC’s emergency room.

In January, they received letters from UMC advising them their confidential personal information may have been compromised and UMC was providing them a free one-year membership to a credit-monitoring service that would help them with identity theft protection, the lawsuit said.

The lawsuit claims UMC “recklessly” distributed news releases saying it was offering potential identity theft victims free credit monitoring services for one year.

“UMC’s statement to the media and the general public regarding the one-year credit monitoring placed the victims of UMC’s unlawful activities in clear and present danger of identity thieves by providing the identity thieves with notice as to the expiration of the credit monitoring subscription,” the lawsuit charged. “Unfortunately, after the expiration of the one year credit monitoring provided by UMC, an identity thief will likely endeavor to steal the identity of the victims, such as Ms. Poole and Ms. Cummings, without detection.”

The suit’s allegations include violations of Nevada’s medical privacy law, invasion of privacy, violation of Nevada’s Deceptive Trade Practices Act, breach of contract, breach of fiduciary duty, conspiracy, and negligent training and supervision of employees.

A hospital spokeswoman said she couldn’t comment on the allegations Friday.

Hospital officials told the Sun in November that they had heard rumors of patient data being leaked from the hospital, but said they had found no evidence of it. The FBI launched its investigation after the Sun’s report, and the hospital then acknowledged the leak.

Comments
Print
E-mail
Share
- Facebook
- Fark
- Digg
- Reddit
- Stumble
Tweet

Discussion: comments so far…

Comments are moderated by Las Vegas Sun editors. Our goal is not to limit the discussion, but rather to elevate it. Comments should be relevant and contain no abusive language. Comments that are off-topic, vulgar, profane or include personal attacks will be removed. Full comments policy. Additionally, we now display comments from trusted commenters by default. Those wishing to become a trusted commenter need to verify their identity or sign in with Facebook Connect to tie their Facebook account to their Las Vegas Sun account. For more on this change, read our story about how it works and why we did it.

Only trusted comments are displayed on this page. Untrusted comments have expired from this story.

No trusted comments have been posted.

By CynicalObserver

July 3, 2010

1:28 p.m.

Flag

Hey Steve, here's what I want to know: If this Richard Charette, to whom the patient information sheets were sent, a "runner" or "capper" for personal injury plaintiffs' lawyers (i.e. someone who gins up business for them), or some other more dangerous kind of manipulator?

Has anyone figured out what Charette was doing with the information he was sent?
By bflag

July 3, 2010

7:48 p.m.

Flag

Poor UMC, when will the bad luck end. This was done by individuals not the facility. And what are they talking about identity thieves? The info was sold to accident lawyers, scum maybe but not identity thieves.
By Hoss

July 4, 2010

4:20 a.m.

Flag

Let me see - 1st we have lawyers chasing patient information to sue insurance companies.
2nd we now have lawyers chasing patients to sue the lawyers chasing patients.
When will it ever end?
Oh, yea, when we stop producing more lawyers every year then produce doctors.
And by the way - do the 'two victims' have proof their information was stolen or are they just putting their name in the hat with attorney Jesse Sbaih to make a quick free buck?
Unless they can prove they are personal victims, the suit should be tossed and the 'victims' should be fined UMC's legal cost for frivilous lawsuits.