Court Finds Patient Standing in Major Data Breach Lawsuit
The United States District Court for the Eastern District of Missouri granted in part and denied in part a health system’s motion to dismiss a putative class action lawsuit brought by patients following a ransomware attack that exposed Protected Health Information (“PHI”) and Personally Identifiable Information (“PII”). The court found that the patients had standing, in part due to the exposure of PII, which established a risk of future harm. As a result, the court allowed the core negligence claim and several state law claims to proceed, finding that the patient-provider relationship established a duty to employ reasonable measures, consistent with industry standards, to secure and protect plaintiffs’ PII/PHI from this foreseeable data breach. However, other claims, such as invasion of privacy, were dismissed. Negron v. Ascension Health
Court Modifies Trial Court’s Dismissal in Discrimination Lawsuit
The Supreme Court of New York, Appellate Division, modified the dismissal of a physician’s discrimination lawsuit against a medical school, allowing her New York State Human Rights Law (“HRL”) claims arising from the demotion and termination of her privileges to proceed. The court, however, affirmed the dismissal of the physician’s HRL claims related to the restrictions of her clinical privileges, finding them barred by state law, which creates an administrative review mechanism for privilege determinations. The court also dismissed the physician’s defamation per se claim based on the medical school’s report to the National Practitioner Data Bank, holding that the medical school was protected by federal immunity under the Health Care Quality Improvement Act. Joseph v. NYU Grossman School of Med.
Court Orders Production of Credentialing Documents from Non-Party Hospital
The Louisiana Court of Appeals affirmed a trial court’s decision to deny a non-party hospital’s motion to quash a subpoena seeking physician credentialing records, finding the records relevant to the plaintiff’s negligent credentialing claim. The plaintiff sought records from a non-party hospital to show what the defendant hospital knew or should have known about the physicians’ qualifications when granting them clinical privileges. The court, however, limited the scope of the subpoena, ruling that only records created prior to the physicians’ credentialing at their current hospital were subject to production. The court remanded the matter with further instructions for the trial court to conduct an in camera review to determine which documents were protected by the state’s peer review privilege. Dupre v. Our Lady of Lourdes Reg’l Med. Ctr.