US Privacy and Information Security Class Action Attorneys
Nearly every day the media reports a story about privacy concerns including the failure of some of the nation’s largest corporations to protect sensitive customer information that is stored in a digital database. Even with cybercrime reporting on the rise, this is not the only area where consumers should be concerned about their privacy. Sensitive information is gathered by virtually every company a consumer does business with. Who has access to that information and how it is stored can make all the difference when it comes to a consumer’s expectation of privacy.
The Health Insurance Portability and Accountability Act (HIPPA) protects a patient’s right to privacy of their personal health information. But how safe is your personal information that a doctor’s office or pharmacy has on file?
One glaring example of negligence related to privacy concerns occurred in 2006 when reporters from WTHR Channel 13 in Indianapolis began an investigation into local drug stores Rite Aid, Walgreens, and CVS after concerned citizens contacted the station. The citizens claimed that these retailers failed to protect their private healthcare information from potential thieves by not properly disposing of prescription labels, patient information sheets, refill lists, and pill bottles. Instead, reporters found many of these items in unsecured dumpsters located right outside of these drug stores. The United States Department of Health and Human Services quickly launched its own investigation and found these retailers to be in violation of patient privacy regulations contained in the Health Insurance Portability and Accountability Act.
Rite Aid eventually agreed to pay $1 million to settle these violations. CVS, one of the largest retail drug store chains, agreed to a separate settlement of $2.25 million regarding claims that it violated patient privacy rights under HIPPA for failing to properly dispose of materials containing sensitive patient healthcare information.
A slightly different example of a HIPPA violation is illustrated by a recent lawsuit filed against Walgreens that involved a HIPPA privacy claim. However, the method of the information breach was considerably different. The case involved a Walgreens pharmacist who shared a pharmacy customer’s confidential information with the customer’s ex-boyfriend, who also happened to be the pharmacist’s current husband. The jury awarded the victim $1.44 million for damages as a result of the pharmacist’s disclosure of this sensitive information.
Health Information Data Breaches and Privacy Concerns
Anthem Data Breach
Privacy concerns related to personal information stored on computers have escalated in recent years—and for good reason. In February 2015, healthcare insurer Anthem Inc. announced that it was the target of a significant data breach. Cyber thieves accessed over 80 million customer files that contained sensitive information including names, addresses, dates of birth, social security numbers, phone numbers, email addresses, and employment information. This was considered to be the largest data breach ever. Concerns about identity theft of not only Anthem customers but also their children who were covered under insurance policies prompted lawsuits. While Anthem offered its clients two years of identity theft protection, the damage was already done as sensitive information was in the hands of thieves. After the data breach was announced, some Anthem customers discovered fraudulent loans and tax refunds associated with their personal information.
Premera Data Breach
Premera Blue Cross, a health insurer based in the Pacific Northwest, announced March 17, 2015, that hackers may have accessed health profiles of 11 million current and past customers dating back to 2002. Premera confirmed the profiles contained information including social security numbers, birthdates, addresses, bank account information, clinical information, and detailed insurance claims. The hackers accessed its database from May 4, 2014, until January 29, 2015, when the breach was discovered.
This data breach is eerily similar to a massive data breach reported by Anthem in February 2015 and, like Anthem, prompted .
Medical Informatics Engineering, Inc. Data Breach
More than 3.9 million consumers whose medical information was stored by Medical Information Engineering (MIE), a medical software company that contracts with numerous healthcare facilities across the United States, were recent victims of a data breach. The hackers accessed personal information including names, addresses, phone numbers, passwords, social security numbers, and protected health information.
On June 2, 2015, MIE announced that it was the subject of a data breach that began on May 7, 2015. The company stated computer hackers accessed sensitive client information including names, addresses, social security numbers, dates of birth and protected health information. Protected health information includes lab results, health insurance policy information, diagnosis, doctor’s name, medical conditions, and child’s name and birth statistics. This data breach also prompted .
Other Types of Data Breaches
Consumer data breaches have been on the rise over the past few years. Retailers including Target Stores, Home Depot, Neiman Marcus, Michael’s Craft Stores, and others reported incidents of computer hackers gaining access to consumer credit card and debit card information. After these data breaches were reported consumers spent countless hours reviewing their financial records for fraudulent transactions and correcting any errors they discovered. Consumers filed lawsuits against these retailers for failing to safeguard sensitive customer information.
The Office of Personnel Management also recently announced a data breach involving the background investigation records of current, former, and prospective Federal employees and contractors. Additionally, the personnel data of 4.2 million current and former Federal government employees had been stolen. This means information such as full name, birth date, home address and Social Security Numbers were affected.
The Gramm-Leach-Bliley Act (GLB) protects consumer privacy of personal financial information. It requires financial institutions of all types to safeguard personal consumer information in a variety of ways. It also requires financial institutions to advise consumers how their personal information is collected and used.
Protecting a consumer’s personal information extends beyond how sensitive information is stored. A business also has a responsibility to train its employees regarding communication of sensitive personal information of its clients. Employees should ensure they are not violating their clients’ right to privacy by discussing client information with non-employees or in public areas where information could be overheard by third parties. One example would be if a bank teller or loan officer were to discuss with a family member or friend the name and financial information of a customer they assisted.
Privacy and Information Security Lawyers
Businesses are required to safeguard sensitive personal information of their clients whether this information is stored digitally or via paper file. Failure to protect this information from third parties violates the customer’s trust and exposes them to identity theft, fraud, and embarrassment. Cohen & Malad, LLP has a depth of experience litigating class action lawsuits on behalf of consumers whose privacy rights have been violated whether through computer data breaches or lax information security practices. Contact us for more information about consumer privacy violation concerns.