Massachusetts Judge Allows Suit Over Medical Records Breach To Proceed

A decision by Massachusetts Superior Court Judge Edward P. Leibensperger in a data breach case involving private medical records rejected a hospital’s argument that plaintiffs needed to show specific harm from the breach before bringing suit.

The plaintiffs — represented by John Roddy of Bailey & Glasser’s Boston office, James Kauffman of its Washington, D.C. office and Jeffrey Petrucelly of Petrucelly, Nadler & Norris — sued after Boston Medical Center sent them a letter disclosing that records from office visits with physicians were “inadvertently made accessible to the public” on an independent medical record transcription service’s online site.

The hospital could not state how long the data had been publicly available or whether it had been accessed by any unauthorized person, but it’s possible that more than 15,000 records were exposed for more than 10 years.

The judge wrote that it could be inferred from the letter “that plaintiffs’ medical records were available to the public on the internet for some period of time and that there is a serious risk of disclosure. It is reasonable to infer the next step — that plaintiffs’ records either were accessed or likely to be accessed by an unauthorized person. Plaintiffs are entitled to discovery to determine what access, if any, has occurred, among other things.”

Massachusetts Lawyers Weekly featured the case in a front page article, which noted the ruling could signal a national trend toward a more lenient pleading standard when medical records have been breached, as opposed to other types of personal information.

Roddy was quoted in the article, noting how sensitive and private medical records are. “Even if you have a minor medical issue, it’s not something you want accessible to people who are unknown,” Roddy said. “And it’s certainly not something you want accessible to the medical records black market.”


Contact Form »