Meanwhile, Hospital Alleges Workers Violated Patient Privacy Policies
A lawsuit filed against a small Georgia hospital by four of its nurses who allege the facility “schemed to manufacture false negative COVID-19 test results” for several patients who previously tested positive is shining a light on delicate issues involving whistleblowers and the privacy of patient records.
In the lawsuit filed June 22, the four nurses allege that 42-bed Landmark Hospital of Athens is “concealing and mishandling a COVID-19 outbreak in their facility,” creating a public health risk to patients, their families and patients at other facilities where Landmark has transferred patients who have tested positive for COVID-19.
“Landmark’s medical staff … have reported their concerns to Landmark’s administration, physicians and government health agencies, but their reports of wrongdoing have been ignored,” the lawsuit claims.
The lawsuit alleges that after learning that certain patients had tested positive for COVID-19, “Landmark staff undertook a scheme to manufacture false negative COVID-19 test results on these same patients.”
Patients that have tested positive have not been isolated from other patients and staff have not been given personal protective equipment or the resources to give safe treatment for these patients, the lawsuit alleges.
“Additionally, Landmark does not have functioning negative pressure rooms to isolate COVID-19 patients,” the complaint alleges. “Even if these patients could have been properly isolated, Landmark’s central air conditioning has not worked for any of the relevant time period. Air conditioning is currently provided by mobile units which blow air from the patient rooms into the halls of Landmark.”
The spread of COVID-19 to patients at Landmark, the lawsuit states, “is most likely the result of the air conditioning system that is not working properly and the lack of equipment that has not been made available to the staff as well as the failure of Landmark to isolate COVID-19 patients.
“Rather than acknowledge the COVID-19 diagnosis, Landmark has subjected multiple patients to unnecessary painful testing and treatment to treat or diagnose other conditions unrelated to COVID-19 which has caused harm,” the lawsuit states.
Landmark Hospital of Athens is one of eight for-profit hospitals operated by Naples, Fla.-based Landmark Hospital Corp.
Meanwhile, Landmark Hospital of Athens on June 19 suspended three employees that the facility has accused of theft of records and violating the hospital’s policy against possessing, using, copying, reading or disclosing information on hospital records, the hospital says in a statement provided to Information Security Media Group.
“We will conduct a full investigation to ensure every patient gets the protection they are guaranteed by federal law,” Marie Saylor, CEO of Landmark Hospital, said in the statement. “HIPAA requires the careful custody of patient medical records, and we have zero tolerance of anything that violates that confidentiality.”
In a separate statement provided to ISMG on Wednesday, Saylor says Landmark “will vigorously defend against the claims made in the lawsuit. In addition to hiring legal counsel, we have cooperated and will continue to fully cooperate with any governmental investigation into the allegations.”
She adds that the hospital’s response to the COVID-19 pandemic “has been consistent with or exceeded CDC [Centers for Disease Control and Prevention] guidelines.” That includes prohibiting visitors, including family members, from entering the facility and “aggressively” testing patients exhibiting symptoms similar to those of COVID-19 that may develop after admission, according to the statement. “The hospital does not, however, discharge patients because of a positive COVID-19 test,” the statement adds.
The hospital operates an air purifier system, which uses dry hydrogen peroxide to reduce contaminants in the air, the statement notes. “We believe we are the only facility in Georgia using this technology.”
The hospital did not address ISMG’s inquiry about whether the suspended nurses are plaintiffs in the case against the hospital.
Comments on Suspensions
Because the plaintiffs’ lawsuit does not identify the four nurses involved, attorney Natalie Woodward of the Atlanta-based law firm Shamp Jordan Woodward, who is representing the nurses, declined to confirm to ISMG whether any of her clients are the employees that Landmark suspended.
She alleges that the hospital’s move to suspend three employees was an attempt to discourage other hospital staff members from reporting any other potential wrongdoing involving COVID-19 patient testing and care.
Woodward says the Landmark employees sanctioned for alleged violations of the hospital’s patient record policies were “suspended with pay,” suggesting that Landmark is “walking a fine line” in attempting to punish the nurses and keeping them away from potentially accessing other records – without outright terminating them.
“HIPAA protects whistleblowers because employees have access to inside information and are uniquely able to report illegal conduct.”
—Paul Hales, Independent HIPAA attorney
She contends workers who share healthcare records with authorities, investigators and legal counsel in cases alleging medical neglect, abuse or other wrongdoing by their employers are not in violation of HIPAA.
A court hearing on the lawsuit filed on behalf of the nurses is tentatively slated for July 16, she says.
Some legal experts not involved in the case say the situation presents several difficult issues, especially if the suspended employees are some of the same individuals who filed the lawsuit alleging wrongdoing by the facility.
“This is a tough one. The complaint doesn’t say whether redacted or unredacted version of the records were furnished to public health departments or other authorities,” says technology attorney Steven Teppler of the law firm Mandelbaum Salsburg P.C.
“Even so, the hospital may have a claim [for the job suspension], but under what statute or common law doctrine? Computer Fraud and Abuse Act or potential Georgia version of the CFAA?”
Teppler also notes: “The Supreme Court is currently weighing in on whether the 11th Circuit’s decision in U.S. v Rodriguez – in which the appeals court found that a law enforcement officer could be found to have exceeded authority under the CFAA even though he had lawful authority to access license plate information – and this may have an impact on what the hospital may, or may not allege as theft of information.”
The key question, he says, is whether any type of whistleblower statute or regulation might shield the nurses. “There might also be an equitable defense – in that the hospital had ‘dirty hands’ to begin with and should not benefit from its wrongdoing,” he adds.
Independent privacy and security attorney Paul Hales says that the HIPAA whistleblower exception empowers employees to disclose protected health information to report wrongdoing to the proper authorities or seek legal advice.
“HIPAA expressly protects a workforce member who discloses PHI to a health oversight agency or public health authority to report a covered entity that the employee believes in ‘good faith’ engaged in ‘conduct that is unlawful or otherwise violates professional or clinical standards’ or that the covered entity’s ‘care, services, or conditions . . . potentially endangers one or more patients, workers or the public. An employee may also disclose PHI to an attorney to seek legal advice,” he says.
HIPAA specifically prohibits a covered entity from disciplining employees who disclose PHI under the whistleblower exception based on a claim that the disclosure violated an internal policy, Hales says.
“This HIPAA whistleblower exception makes it clear that HIPAA privacy protections are not meant to muzzle employees who become aware of wrongdoing,” he says. “HIPAA protects whistleblowers because employees have access to inside information and are uniquely able to report illegal conduct,” he says.