Walgreens faces a $1.4 million penalty after one of its employees improperly accessed and shared confidential medical information about a client, according to an Indy Star report.
The pharmacist allegedly accessed the health information of a client that had previously dated her husband and shared the information with him, according to the report. The pharmacist allegedly accessed the victim's Social Security number and prescription files, which the pharmacist's husband was allegedly planning to use against the victim in a paternity lawsuit.
Though the employed pharmacist committed the action, the company is being handed the lawsuit. Walgreens plans to appeal the ruling, according to the report.
"The pharmacist in this case admitted she was aware of our strict privacy policy and knew she was violating it," said James Graham, senior manager and corporate media relations spokesperson for Walgreens, in a statement. "We believe it is a misapplication of the law to hold an employer liable for the actions of one employee who knowingly violates company policy."
The verdict was handed down after Walgreens asked the Indiana Court of Appeals to throw out the initial unanimous 2013 verdict awarding the victim the $1.44 million in damages, according to the report.
Walgreens has paid the penalty, but the money will be held by the court until the case is resolved, according to the report.
More articles on HIPAA:
Teaching the Internet to whisper: The evolution of HIPAA
3 new challenges with HIPAA and data security
HIPAA and Ebola: What information should be quarantined?