The Journal of the American Medical Association recently reported data breaches have affected 29 million medical records. Of that number, approximately 60 percent of the breaches between 2010 and 2013 resulted directly from theft. These statistics reported by JAMA should leave many hospital administrators nervous about the possibility of future data breaches. A hospital’s failure to defend and prepare for such an attack could result in significant costs defending litigation as well as possible pre-trial settlements or judgments.
Fortunately, one recent decision indicates certain courts have been reluctant to allow these cases to move forward. This occurred in the New Jersey U.S. District Court. In that matter, Horizon Blue Cross Blue Shield of New Jersey gained dismissal from a class action suit when the judge determined “that an injury sufficient to confer standing was not proven.” The court felt there were “no examples of specific harm” from the data breach and relied on Polanco v. Omnicell, Inc., in that “merely asserting violations of certain statutes is not sufficient to demonstrate an injury-in-fact for purposes of establishing standing under Article III.”
Hospital systems must continue to take steps to secure their electronic medical records and instruct employees on how to safely access and properly use these systems. The failure to do so could result in costly litigation.