Patient Privacy Court Case: September 2022

On May 16, 2022, the U.S. District Court for the Middle District of Florida, Tampa Division, granted preliminary approval of a proposed settlement agreement that requires Musculoskeletal Institute, d/b/a Florida Orthopaedic Institute (FOI), a health care organization specializing in orthopedic care and related services, to pay a $4 million settlement.[1]

A ransomware attack occurred April 9, 2020, exposing personal identifiable information (PII) and protected health information (PHI) belonging to around 647,000 individuals.[2] Affected PII and PHI included individuals’ names, dates of birth, Social Security numbers, medical information, insurance plan identification numbers, payer identification numbers and claims addresses and histories. A class-action lawsuit was filed alleging that FOI had not taken reasonable care in preserving its patients’ privacy. The plaintiffs also argued that FOI failed to adequately investigate the ransomware attack and provide proper notice within a reasonable time. Specifically, the plaintiffs alleged two forms of negligence, invasion of privacy, breach of fiduciary duty, breach of confidence, breach of implied contract, unjust enrichment and violation of Florida’s Deceptive and Unfair Trade Practices Act.

This document is only available to subscribers. Please log in or purchase access.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field