HIV-positive patients sue hospital over records lost on train

Glad it wasn't me. That's pretty dumb of MGH.

Except Mr. Yasi that there are no damages yet. When the damages occur, come back to court and sue people. Till then, later.

Why is the GLAD involved with this.?

Yes, why show compasssion to someone who made an honest mistake and then notifed her boss. Let's fire the truth-telling SOB and then let get ourselves a lawyer and go atter some some cash

Why are billing records/information protected by HIPPA laws allowed out of the hospital in the first place???

They are most certainly not allowed out of the hospital where I work.

What a terrible breach of privacy.

"Litigation doesn't always accomplish the goals people want it to," Klein said. "Our goal is to ensure that there are strong policies in place to prevent this from happening again and to ensure that Mass. General is responsive to the needs of the patients." - I call BS on this one. Someone wants a pay day for a mistake that was made. Poor Billing manager is probably over worked and under paid and thought she could catch up on work by taking some of her own time to do her work. Mistakes happen, get over it. I'm sure you didn't mean to catch the HIV virus, it was a mistake right? Can I sue you for causing me emotional distress because you've altered the health of this world?

Why are these extremely sensitive documents being carted around by an employee? There is no excuse for someone to be so careless with such critical information. I hope that employee is no longer doing that level of work. She obviously is unable to handle the responsibility. These documents should not be leaving the premises - for any reason unless they have been requested via subpoena.

You know what, I am sorry that this information was lost. No doubt it was a bad mistake but you know what, mistakes happen. Not everything in life needs a damn lawsuit.

Everyone wants health care reform, start with these attorneys and tort reform.

Yes, these four patients' privacy was breached. However, it was not done intentionally or with malice. MGH apologized for the mistake the billing manager made. Still, the patients resort to litigation. We need to come to our senses in this country and stop yelling "lawsuit" whenever we feel wronged. Nobody or institution is perfect. Mistakes get made. That's human. And we humans better learn to deal with mistakes in a more civil way.

What are their damages? This case is clearly just an attempt to extract money out of the hospital.

So few thousand dollars are going to make them feel better? What a BS! They don't even know if anyone Saw or read the records, those were probably tossed in the trash. This is shameful. No wonder law is the least respected profession. Vouchers!!!!! Get a real job!

what about the fact that this person is working over the weekend, most likely with no pay...I agree, forget the hard working people that make an honest mistake. No malice intent and I agree with the other poster, what are the damages? I can just see it now..., "Plantiffs receive a huge settlement" come on people...

An employee taking patient records home should NEVER be allowed. Any records such as health, legal or financial records should never be compromised outside the work place. Employers should be aware what employees are doing and need to have policies in place to protect the public.

Sounds like a lot of people commenting on this story oppose the lawsuit because it's being initiated by members of the gay community affected with AIDS. That's not a valid reason to oppose what's going on. Sensitive information was leaked, privacy was breached and laws were broken. I'm sure if your name were included in that batch of records you'd want someone to pay as well. And the "poor billing manager" was breaking the rules so shame on her.

to no
I agree, not everything needs a damn lawsuit. Mistakes do happen. The mistake in question here was leaving the information on the train. Of course, had the employee not had the information out of the hospital there would be no problem. The flagrant violation of stated hospital policy, removing any patient information from the premises, was not a mistake, it was grounds for termination (every employee signs a statement acknowledging that on a yearly basis, as part of the annual review process. For MGH to not enforce HIPPA policy IS reason for a lawsuit.

Simply removing the records from the hospital is a grounds for termination, forgetting them is unforgivable. At my hospital she would have been fired whether she lost them or not.

Whether this is grounds for a lawsuit is another question, but her termination was warranted. MGH could now be on the hook for a several million dollar lawsuit, not including fines for HIPPA violations.

I agree. Life should not involve lawsuits. People are just seeking money because of there situation and the economy. I mean who reads stuff on the T anyway besides the Metro.

Unless I missed something, it seems that the complaintants are outraged that their personal conditions *may* become public knowledge, so in order to make it better, they want to go on record with the news first. Oh, and get some cash, too.

Mistakes were made!!! CHACHING!!!!! I bet these peoples mouths are watering to sue the hospital since the only money they will see is social security disability checks. It's a short cut to your dream life, and frankly everyone is doing it so why
not join in the fun. If that wasn' t the case, why would it be in the paper? I am sure
they are going to suffer "extreme distress" because some schmuck in the MBTA
picked them up at cleanup time and threw them in the trash barrel he wheels around the train at the end of the day. Big deal. Can you see the "damaging"
person in the T, counting the dollar signs to what this information could be worth
on the market, damaging but profitable as his fingers tap together Dr. Evil Style.
give me a break.

This is why lawyers SUCK, making it a class action suit.
What right does the lawyer have to represent other patients without their consent.

The current HIPPA laws and regulations are supposed to prevent this sort of thing and these are the same laws cited by proponents of the centralized medical records system proposed by President Obama for the sake of cost reduction and efficiency. The HIPPA laws and regulations don't mean your privacy will be protected just that somebody can be prosecuted after they're released. The person involved should be fired and MGH should be fined severely for breaching medical confidentiality whether the patients involved are cancer victims, HIV positive, or just at MGH for a routine physical.

This is terrible thing that has happened...

And then to Soxsupporter who wrote: I'm sure you didn't mean to catch the HIV virus, it was a mistake right? Can I sue you for causing me emotional distress because you've altered the health of this world?

That is just an ignorant comment as you can get HIV/AIDS from a blood transfusion...Perhaps you should think before you write because you are causing the rest of us emotional distress by your ignorant comments.

"No doubt it was a bad mistake but you know what, mistakes happen. Not everything in life needs a damn lawsuit. "

Yeah but part of a lawsuit is that it makes others think twice before doing the same thing. Yeah, it was a mistake that any of us could have made, but tell that to one of the patients after someone steals their identity and they have to spend the next 5 years trying to clear their credit, and they lose pay for the time they have to spend resolving it, or they lose their job because someone finds out they have HIV and their customers start freaking out. Yes it is great that the person who did it was honest about it and owned up to it, but it is a very big deal - people should be able to get treated and not worry that their information will wind up in the wrong hands. Suing them will make sure they put measures in place to be sure this never happens again - they say it's against hospital policy but obviously no one did anything to make sure it was enforced.

I, for one,would not my personal confidential information be made for all eyes to be seen. What happened to doctor/patient trust, respect and above all, the next time you make an appointment how can you be sure you will be on the quiet line. In other words, your privacy won't be compromised. I don't care what other posters have to say, I am appalled the medical records were allowed to leave the premises. What about HIPPA violations

The number of times all of our rights are violated because sensitive information is lost is in the hundreds of thousands. When we are notified by our banks, credit unions, VISA cards, when companies systems are compromised and our information is revealed to god knows who. Does anyone really believe that their health care records or any other data is actually PRIVATE? I take issue with the lawsuit for the reason that if you take this to every level of breached security, we'd all be suing everyone. The attorneys will get rich, perhaps these companies' IT departments will add new systems/employees to enhance security and people who make mistakes will in this economy lose more then their jobs, likely any source of income. Is this punishment in line with what was done?

Well said, davdav.

HIPPA violations are serious offenses.

If people are going to comment on HIPAA laws, they should know how to spell HIPAA. It's the Health Insurance Portability and Accessibility Act. I'm not sure what the other P is that you're referring to when you spell it HIPPA.

Shouldn't have happened but why is The Globe always all over MGH?
Mistakes happen everywhere (but the The Globe), but they only focus
on MGHs?? The Globe has given other hospitals a skate on removing
a wrong kidney.
PS I don't work there

Yes, mistakes do happen. However, if MGH had made sure to enforce rules that PROHIBIT employees from taking files out of the office (because we are human, and mistakes do happen), then this would not have happened. I don't blame the woman for making the mistake (you can forget something in a split second of brain-freeze), but I do fault her for taking the files out when it is a clear violation of rules. MGH should know better - they are not a wimpy small town operation.... they are a huge hospital...

How come this employee was allowed to even take any paperwork home that is a major breach of HIPPA law!!!! I hope this employee loses their job.

They should not allow those records outside the hospital.
Too bad for everybody....except the lawyers of course

I call BS on most of YOU, hypocrites. I'd bet anything that if your records had been lost and a class-action lawsuit was filed, you'd jump right on that gravy train rather than take the high road and walk away from an easy windfall. Oh I'm sure you'd find some means to justify it, like you're doing it for your kid's education or something, so don't sweat it.

As to the issue in question: At the very least MGH should arrange and pay for each of these people to have credit fraud and identity theft monitoring services and cover any expenses incurred should such fraud/theft occur.

There is misinformation in this report. A family member, who was being treated at the Infectious Disease Dept. at MGH, was one of those who had records lost. Patients were specifically notified in the registered letter that they received that what was lost did NOT include social security numbers, though it did include MGH Patient ID numbers. It also did not include diagnosis information (at least not that I can recall reading in the letter), nor did it include addresses. What were were told, was that the information lost was concerning the schedule for one particular day in question. The Globe should get a copy of the letter that the patients were sent to verify exactly what it said regarding the information that was lost.

To SoxSupporter
First, your remarks about people with HIV have to be the most ignorant and flat out stupid things I have ever seen on this page, and that says a lot. People get HIV a number of ways, NO ONE deserves it, and making this about your discomfort and "world health" is insensitive and just inane. Second, taking personally identifying information out of a hospital is breaking not only hospital policy but also the law. What she did was not a mistake, it was careless and harmful no matter how overworked she might be. She violated their privacy and that's certainly, deservedly, actionable. Yes, there may be many nuisance lawsuits out there that are simply taking advantage of a situation, but this is hardly one of them.

To Joel - I don't think people are commenting "because it's being initiated by members of the gay community affected with AIDS". Actually nothing in the story even says this was initiated by members of the gay community, it only mentions that several patients (who may not even be the same patients who are suing) contacted GLAD, and GLAD along with other groups will be meeting with MGH.

Personally, I don't see it as a gay or straight issue. It just so happens the medical records had to do with HIV and some of those patients may be gay. It also could be that none of those people are gay. Besides, this could have happened with any type of medical records that were being processed (cancer, maternity, ....) I think that's why the one person who commented about GLAD was asking why they were even involved.

I think all of you people who are taking issue with this lawsuit need to put yourself in the shoes of these patients or their families. If your brother was HIV positive and one of his colleagues, former classmates, or friends happened to stumble on his records on the redline, I think you'd be feeling very differently. I'm not advocating destroying the life of this Billing Manager, but HIPPA rules are pounded into the heads of most hospital workers from day one. Financial officials are especially held to a higher standard of compliance.
HIV has a serious stigma attached, and therefore, serious consequences if a patient's identity is compromised.

What are the damages? Yes the medical records were lost. So? Can the plaintiff's prove that they were actually harmed by this? Methinks not. By the way; claming you were worried that someone looked through your files, in this case, is not enough.

This was not simply "an honest mistake" made by "an overworked/underpaid" employee!! Taking those documents out of the workplace was a flagrant violation of current law, whether she lost them or not! For those people who think this is not grounds for a lawsuit, just imagine how you would feel if they were your medical records (including your name, address, SS#, diagnoses, treatment plans, etc.) going home with some unknown billing manager, where God knows who might have access to them! Her roommates? Her spouse? Her kids? Her kids friends? The fact that MGH has not fired this woman shows that they could care less about enforcing the law, thus lawsuits are necessary!

You folks who ask "where is the damage" haven't a clue as to what really happened. . . when someone finds out such a thing about you, they don't TELL you that they are denying you a job or housing because of it! It happens and they don't tell you! These folks have every right to be angry and to sue. Not to mention this is a clear violation of federal HIPAA laws.
Yes the hospital apologized. Seal the deal with a settlement - that is the only way to make sure a big corporation like MGH will not do it again.

Folks, it is HIPAA (Health Insurance Portability and Accountability Act) not HIPPA ,
It drives me nuts when so called Healthcare product vendors come for presentations and have it as HIPPA in their PowerPoint slides!

These patients need to realize that some people on the T can't read medical records but there are exponentially more who read the Globe. Now I know they have HIV even though I wasn't on that subway. They deserve to have their privacy breached for being greedy.

If someone has HIV should let others know. I know many time I go refilled my
medication, once the pharmist asked got my name and put on the computer and
see all the stuff I took. Many time they give me a not a presant look. Because they
know alot about your medical history and I never like that look. But I get used to
eventually. I don't think MGH should responsible for this. People look at it and
don't even know the person so. no harm is done really. I think it is ashame that
HIV people keeping it to themselves and others. I don't care how you get it. If you
have HIV and have sex with others and not letting them know that's murder to me
my depression medication is very personally to me especially the way they look
at me. I never like the way they look at me. It is a look no one would like to see.

Poster soxsupporter is out of touch with reality. These poor people are already dealing with the stigma associated with the disease. Assumming that everyone that is infected with the virus is some kind of an outlaw " I'm sure you didn't mean to catch the HIV virus, it was a mistake right? Can I sue you for causing me emotional distress because you've altered the health of this world?'' is outragious and you also should be sued for this.

For those of you who are siding withe the "poor, overworked billing manager" who made an honest mistake.... There are very clear and strict rules about the handling of patient health records that all employees who handle patient records must abide by. This was not "an honest mistake". This was a case of someone who didn't want to stay overtime at the office in order to finish his/her work and opted to break the rules and bring the records home. This was selfish and irresponsible and it was grounds to be fired.

Health information is a highly sensitive subject. I'm pretty surprised that so many people who commented here feel that leaking one's health HIV status is not a big deal.

HIPAA, not HIPPA.

I was one of those patients who had thier records left on the train. The staff of the I.D. clinic on Cox 5 are wonderful,hard working and peole I am proud to call not only medical practionors but even friends. I truly love each of the ones I work with and I am fully aware of ther selfless dedication. That being said this is an issue of HIPPA and if nothing is done to enforce it then it remains an unenforcable joke somene and some entity must be held accountable to ensure that if not for anything HIPPA still has meaning annd is used to hold accountibility in the privacy rights of others. So for that reason alone I am contacting the aforementioned lawyer and ket him know I will support his action.

It's HIPAA, not HIPPA

Health Insurance Portability and Accountability Act.

The situation is unfortunate. Mistakes like these do and will continue to happen from time to time. The best course of action is to ensure that MGH implements new safeguards to prevent this from happening again. Most of the time, threat of lawsuit is the reason why policies arise in the first place. If no one ever filed a lawsuit, then there goes your threat.

All the laws and hospital policies in the world can not physically keep an employee from taking records home with them. This really isn't MGH's fault in that regard. What are they supposed to do now - put tracking devices on every piece of paper generated and have some alarm go off if one of them crosses a threshold of any one of their entrances?

Hey the state of Massachusetts 'misplaced' my social security info along with many others relative to our professional licenses; can I jump on board and sue, too???

First and foremost. A horrible mistake.
The most important question.....If mass transit is involved is it MBTA chasers or Redline chasers.
Little help here.

Yeah... sucks to have your privacy taken away like that. But on the other hand why sue? Someone *might* have seen your record so now you think you deserve some ridiculous monetary figure. Now I have to pay higher bills in the end. Get over it.

Praise Jesus!

The healthcare industry is way behind the curve when it comes to Technology. If that stuff was imaged and loaded within a secure, centralized environment, there would be no way for it to get lost by some shmuck manager on the T! That is just ridiculous that this important, sensitive information is still on paper. Not only would be a better way to manage that type of info, it would say the industry millions (possibly billions) of dollars, minimize errors and create a lot of jobs (I mean a lot)! I know there are some that do not believe that such information should be made electronic (the current existing platforms that faciliate this have their own flaws which need to be worked on). Overall, the industry would benefit from the increased incorporation of technology into its practice

I learned in my grad school training how dangerous taking home client/patient files could be. This is not the first time that I've heard of health care employees accidentally leaving files on a train. These scenarios should be incoporated in classes on ethics.

HIPPA = nucular = expresso = ex cetera = advertisement of stupidity

Bad enough some idiot took the records home but then left them on the "T"? Guess it's time to reexamine their records security procedures.

My friend who was part of this billing ticket breach is suffering--MENTALLY. Do you realize that he has PTSD just from having HIV? Do you know that there are people out there that suffer from PTSD from wars, clinical mistakes, cancers and even HIV!

My friend has been pacing the floors back and forth, couldnt eat or sleep for the first month that this happened and you people on here think this is a joke? What are the damages? EMOTIONAL DISTRESS, FEAR THAT SOMEONE MIGHT HAVE PICKED UP THE RECORDS AND ARE SAVING THEM TO EXPLOIT OR BLACKMAIL THEM. Would anyone of you idiotic bloggers want your medical condition left on a train, bus, commuter rail, coffee shop or worst yet fallen out of her brief case? NO!

MGH thinks they are the big guys on the block and they can cry and complain that they are always being picked on. They made a huge mistake with the recent closing of the Cardiac Center for Pediatric Care, making a deal with Blue Cross to gouge people's premiums. Oh POOR MGH!

Everyone who goes to a doctor, hospital or pharmacy has a RIGHT to privacy. They have a right to how their information is going to be handled. MGH did wrong. I think
half of you dumb bloggers are the people who work in the clinic or even the person who lost the billing information. Poor MGH. Poor MGH. Please. They are not the only game in town.

My friend is not even gay and has HIV. This is not a gay disease, it is an every day disease. I think that everyone who has had this happen to them should sue the hospital and the billing manager for breach of trust, violation of hospital policies and whatever monetary damages has coming to them.

With the increasing doctor patient loads and paperwork that can't be accomplished during the working day, it has become necessary for most doctors to accomplish this work after hours. This sometimes involves taking patient records home to review, return phone calls, take care of office notes, complete endless forms, etc... Of course, no patients records should ever be lost and patient confidentiality must be respected. However, it is important to understand the context in which this occurred.

Being a Harvard-educated man, and currently a high-level executive for a harvard-affiliated company who protects our doctors from such lawsuits, this lawsuit is frivolous and will go nowhere.

Taking patient information out of the hospital is not just a mistake. It is a violation of patient privacy. A billing manager in a hospital should know better, or should be trained better. Either way the hospital, being her employer, is also a resposible party in this.

There is some usefullness in this lawsuit. Sometimes striking at the most painful place (ie. the purse) is an effective way to bring about changes and improvements to prevent things like this to happen again.

Every other facet of our lives is in virtual public view. Our credit history and financial status, what we paid for our house, our criminal records, our ancestors, our phone numbers, our email addresses, our work history, and on and on. Frankly, I'd rather have somebody else knowing about my gall bladder than most of the above. I'm more concerned about the continuing credit breaches that are treated with no concern but have more far reaching implications than a peek at a medical record.

Anyone who is claiming there is no valid case here clearly is having trouble placing themselves in the victims' shoes. (yes--VICTIMS! Hospitals have a sacred responsibility to protect the information they hold and this is a GROSS breach of this responsibility. If that person couldn't uphold this responsiblity they deserve--and likely expected--to lose their job.) Get a clue, folks, if this were you or someone you love, you would be singing a very different tune. Just by virtue of the fact that so many of you are using the HIV diagnosis as a weapon on this board--how can you dispute the severity of this situation and the repercussions of this person's incompetence? And those that are propogating stereotypes and falsehoods about HIV--you're disgusting and should be ashamed of yourselves.

I am shocked at the mean-spiritedness coming through the comments in the blog. If this was four heterosexual males being treated for gonorrhe after being with a prostitute, the comments would be a lot more sympathetic. At most hospitals, taking privileged information outside the building is grounds for immediate dismissal! Man's Greatest Hospital should take some of the tens of millions made on partnerships with pharmaceutical companies and strong-arming insurers and plan a little inservice education. Looks like the emperor has no clothes on!

Okay people need to get a grip, one no one knows if she was fired , and it would be against the Law for MGH to publicly disclose if she was or not, as for the Lawyer claiming the suit is to make sure MGH doesn't do it again, sorry but how wool is he tryin gto pull over peoples eyes the suit is about money nothing more, Gladd and a number of other groups are taking the right approach, they have asked for a meeting with MGH to see what they are doing to make sure it doesn't happen again. Afriendofavictim What does MGH closing a unit have to do with htis, sounds like you have a gripe with MGH and pouncing on the chance to bash them then adding anything meaningful to the discussion.

At $10,000 per HIPAA violation, this will be a very expensive error for MGH.

This was not a mistake. It was a violation of HIPAA Privacy Rules and of Hospital Policy. I don't know about a lawsuit- unless harm is proven, but the employee who committed this act should be severely disciplined, possibly terminated. There is absolutely no excuse for this breech.

I sincerely hope that no one suffers financial damages or has someone use their medical information to receive treatment. The damages from the resultant changes the victim's medical records can prove fatal. Then wait and see the lawsuit brought by the surviving family.
Here, the most important lessons to be learned are that company policies must be tightened and enforced, and that employees must be properly trained and supervised (and regularly retrained).