Skip to content Skip to navigation

Children’s Mercy Hospital Breach of Patient Records Class Action

Front of Children's Mercy Hospital

The release of personal information can lead to identity theft, but the law has also recognized that there are risks to consumers in the release of their medical information. The complaint for this class action claims that Children’s Mercy Hospital in Kansas City, Missouri did not take adequate steps to prevent access to the medical information of patients.

The class for this action is patients of Children’s Mercy Hospital whose personal information was accessed and downloaded by an authorized user between December 2017 and January 2018.

The case is brought in the name of “JH” by his mother “AH.” It concerns several alleged breaches of confidentiality. The complaint says that on December 2, 2017, two e-mail accounts were accessed by an unauthorized person, and that two additional accounts were accessed on December 15 and 16 and again on January 3, 2018. Later, the complaint says, the hospital found that four of the five accessed e-mails had been downloaded by the unauthorized person.

JH’s parents received notice of the breach at the end of April 2018. Among the information exposed was JH’s name, medical record number, diagnosis, diagnostic and procedure codes, clinical information, conditions, and other identifying or treatment information.

Hospitals have a duty of confidentiality with patient information. Medical records are sensitive information, and their release can have serious consequences for the patient. The complaint quotes the hospital’s own privacy practices, posted online, the first of which is, “Keep your child’s health information private.” Another says, “The hospital will not use or disclose your child’s health information without your or your child’s permission, except as described in this notice or allowed by law.”

Not only is the hospital required to keep information private; it must also train and supervise personnel in the laws, rules, and procedures for safeguarding of patient information.

Yet according to the complaint, in June 2015, the hospital had a similar breach involving the exposure of patient records. A lawsuit brought on that occasion claimed that the hospital had failed to take what the complaint calls “affirmative steps” to avoid such disclosures. And at the moment, two other cases are on file against the hospital for the wrongful disclosure of patient records.  

The complaint for this case alleges violations of Missouri’s Merchandising Practices Act, breach of fiduciary duty, breach of contract, negligence, and negligent training and supervision. 

Article Type: 

Free Case Evaluation

Fill out the information for a FREE and prompt case evaluation.

About you

Additional Information

Latest Tweets

Join Us on Facebook