A bankruptcy court judge has fined Raleigh, N.C.-based WakeMed Health and Hospitals for including patients' protected financial and health information in debt filings submitted electronically to bankruptcy court, reports Lexology.
Patients identified in the filings filed suit against the WakeMed in 2015. The complaints alleged the hospital filed 1,410 proofs of claim which contained debtors personal information, including full social security numbers, protected health information and bank account numbers.
Bankruptcy Rule 9037 requires organizations redact an individual's social security number, birth date and financial account number to the last four digits in all court filings.
Hospital staff testified their HIPAA training did not cover bankruptcy claims filing and that the hospital failed to implement a bankruptcy filing auditing system.
A bankruptcy court judge concluded WakeMed's systemic lack of supervision and training indicated it was "more than negligent" in its business practices. The court ordered WakeMed pay $70,000 in punitive damages and required the system file quarterly reports with the Bankruptcy Court Administrator for five years.
More articles on legal issues:
Class-action suit accuses Carolinas HealthCare of anti-competitive behavior
Judge allows class-action antitrust suit against NorthShore to proceed
Colorado hospital accused of widespread age discrimination against nurses