Attorney: WakeMed violated patients' privacy, released sensitive information
Posted December 4, 2015 6:00 p.m. EST
Updated December 4, 2015 9:15 p.m. EST
Raleigh, N.C. — A Cary law firm has filed a motion against WakeMed, accusing the hospital of releasing patients’ private information, including Social Security numbers, making them susceptible to identity theft.
Cort Walker, a bankruptcy and civil business litigation attorney at Sasser Law Firm, said he noticed a problem while reviewing records WakeMed had filed to collect debts from former patients who had declared bankruptcy.
“I began to look at another claim, and another claim, and another claim, and then another claim, and I realized that there were issues with so many of my clients’ cases,” Walker said.
Walker said he was getting ready to challenge a proof of claim for medical services from WakeMed when he noticed his clients’ personal information was included in the records the hospital had submitted.
The law firm says it found 158 cases involving its clients dating back to 2013 where WakeMed violated federal bankruptcy code by including Social Security numbers, full dates of birth and medical records.
“They’re definitely violating a bankruptcy law that requires them to redact that information. There’s no question about that,” Walker said. “We received a large number of phone calls from people upset or distraught or wondering exactly what is going on.”
Bankruptcy code states only the last four digits of a Social Security number and only the year of birth are allowed in claims filings.
WRAL Investigates examined other bankruptcy claims involving WakeMed and found one involving a husband and wife that included their child's name, which is a violation of the bankruptcy code, as well as admission and discharge dates and a second medical record labeled "Confidential Patient Information."
“It couldn’t be just an oversight,” Walker said. “We don’t think there’s really a good explanation.”
The law firm filed a motion for contempt, sanctions and damages against WakeMed, calling the violations "flagrant." The firm also pointed out that, if the claims were filed electronically, a WakeMed representative was required to check a box that the documents were properly redacted.
Walker says his firm has not received a legal response from the hospital. WakeMed released a statement to WRAL Investigates Friday afternoon from hospital president and CEO Donald Gintzig:
"The privacy and security of our patients’ information has always been and continues to be a top priority.
Tuesday afternoon, we received notice of a potential issue that relates to how proof of claims in bankruptcy cases are filed through the court’s electronic filing system called Public Access to Court Electronic Records (PACER). WakeMed is in the process of investigating and determining whether any supporting documentation included with the filings might have contained personally identifiable information.
While we investigate the issue and in an overabundance of caution, we moved quickly to block all access to any WakeMed proof of claim forms filed through the PACER system. We have no reason to believe that the information has been improperly accessed, acquired or otherwise misused in any way. WakeMed is identifying all affected claims filed in the Bankruptcy Courts in North Carolina; and, if necessary, we will take additional swift corrective action as needed to protect the privacy of our patients."
The motion against WakeMed raises questions about whether other state and federal laws were violated, including HIPAA, which covers health privacy rights. WRAL Investigates found that Duke Health System admitted to similar violations three years ago.