About six months after a Walgreens pharmacist was sentenced to 25 months in prison for patient identity theft, the large pharmacy chain is having more patient privacy issues. The Indianapolis Star reports that Walgreens pharmacist Audra Peterson allegedly inappropriately accessed Abigail Hinchy’s prescription data and exposed it to her husband, Davion Peterson. As a result of this breach, a six-person Marion County, Ind. jury awarded a woman $1.44 million on Friday to conclude a four-day trial.
As a pharmacist, Peterson was responsible for maintaining all prescribers’ data privacy and security, including Hinchy’s. According to the Star, Hinchy is Peterson’s husband’s ex-girlfriend and there had been a complicated relationship between the three parties. Hinchy argued in the law suit that Walgreens hadn’t done enough to properly train and supervise Peterson on protecting patient data and that she hadn’t done her job to secure Hinchy’s data. Davion Peterson has a child with Hinchy and the jury decided that both the pharmacist and Walgreens violated privacy rules when Peterson accessed Hinchy’s records.
«As a provider of pharmaceutical service, defendant Walgreens Co. owes a non-delegable duty to its customers to protect their privacy and confidentiality of its customers’ pharmaceutical information and prescription histories», Hinchy claimed in the lawsuit, according to the Star.
In response to the ruling, Walgreens said that it takes its responsibility to safeguard the privacy of medical records in its possession seriously. However, it argued that Audra Peterson admitted she was aware of its privacy policies and she had violated them. Walgreens maintained that she has been appropriately disciplined for the breach. “We believe it is a misapplication of the law to hold an employer liable for the actions of one employee who knowingly violates company policy. We intend to appeal the ruling.”
What’s interesting about this case is that there was no mention of the Department of Health and Human Services (HHS) in terms of monetary punishment, but there is certainly precedent in this area. In the past, HHS and the Office for Civil Rights fined Rite Aid $1 million for not having strong patient privacy policies in place. And the Walgreens pharmacist who was involved in the patient identity fraud ring was obviously dealt a heavy prison sentence for their actions, so how HHS reacts to this ruling will be worth paying attention to for other large pharmacy chains.
