The fallout continued Friday over the Sun’s disclosure in November that confidential patient information was being leaked from University Medical Center.
A lawsuit seeking class-action status was filed in District Court in Clark County against UMC and the man indicted by a federal grand jury in connection with the patient privacy scandal.
The suit seeks to represent “all emergency room/trauma patients who had their personal and confidential information leaked by UMC agents to third parties without their knowledge and consent from 2007 through the end of 2009.”
Besides UMC, the defendants include unnamed UMC trauma employees and Richard Charette, who was indicted April 28 by a federal grand jury on one count of conspiracy to illegally disclose personal health information, in violation of the Health Insurance Portability and Accountability Act, or HIPAA.
The indictment was prompted by the Sun’s investigation into an alleged conspiracy in which a UMC employee was paid for information about traffic accident victims that was used to drum up clients for attorneys.
The UMC employee faxed the registration sheets of trauma patients to Charette on at least 55 occasions and was paid about $8,000, the indictment said.
Friday’s lawsuit said Cummings and Poole were involved in car accidents in October and both went to UMC’s emergency room.
In January, they received letters from UMC advising them their confidential personal information may have been compromised and UMC was providing them a free one-year membership to a credit-monitoring service that would help them with identity theft protection, the lawsuit said.
The lawsuit claims UMC “recklessly” distributed news releases saying it was offering potential identity theft victims free credit monitoring services for one year.
“UMC’s statement to the media and the general public regarding the one-year credit monitoring placed the victims of UMC’s unlawful activities in clear and present danger of identity thieves by providing the identity thieves with notice as to the expiration of the credit monitoring subscription,” the lawsuit charged. “Unfortunately, after the expiration of the one year credit monitoring provided by UMC, an identity thief will likely endeavor to steal the identity of the victims, such as Ms. Poole and Ms. Cummings, without detection.”
The suit’s allegations include violations of Nevada’s medical privacy law, invasion of privacy, violation of Nevada’s Deceptive Trade Practices Act, breach of contract, breach of fiduciary duty, conspiracy, and negligent training and supervision of employees.
A hospital spokeswoman said she couldn’t comment on the allegations Friday.
Hospital officials told the Sun in November that they had heard rumors of patient data being leaked from the hospital, but said they had found no evidence of it. The FBI launched its investigation after the Sun’s report, and the hospital then acknowledged the leak.