Protecting a Patient’s Confidentiality Does Matter

You might think few reported cases deal with the important duty of protecting a patient's privacy and confidentiality. One LPN found out the hard way that such cases exist, and she became the only defendant in the case.(1) The LPN had worked for 12 years in hospital settings and in a nursing home before applying for a job at a local hospital's GI department. She revealed she had been convicted of a misdemeanor battery after poking a woman on her forehead after the woman made comments about her daughter on the Internet. After a background check was completed (which revealed the misdemeanor battery conviction and two other dismissed misdemeanor charges as well as a probation violation for the conviction), the LPN was hired. She read and signed a confidentiality agreement that clearly required her, among other things, to only access, use or disclose information for business reasons if authorized to do so; to not disclose, use or access confidential information to any person; and that her duties under the agreement applied not only during employment but also after any termination of her position. The LPN had an ongoing dispute with a woman and her daughter that occurred before her hiring. They had been patients at the hospital but never in the GI department. On her first day of work, the LPN accessed these two individuals' medical records "42 times between 2:05 p.m. and 4:28 p.m," according to the case. She later posted this information on her former boyfriend's online blog. When the hospital confronted the LPN with her conduct, she fully confessed that she did access the information and post it on the Internet. She said her only motive was "revenge." The LPN was convicted of a federal felony criminal charge, fined $1,000 and placed on probation. The aggrieved mother and daughter amended their initial complaint against the LPN and alleged that the hospital also should be held responsible for the LPN's conduct since she was an employee and it was therefore vicariously liable for her actions. In the alternative, the mother also pled that the hospital was negligent for hiring her. The trial court dismissed the amended complaint against the hospital, and the mother appealed that decision. The Appellate Court upheld the dismissal, opining that the LPN bore sole responsibility for her actions, which were outside the scope of her employment, that the hospital's confidentiality agreement was clear, and the hospital in no way authorized her conduct. The Appellate Court also held that there was no cause of action against the hospital for negligent hiring. The court ruled the LPN's conduct at the hospital was not a recurrence of her previous behavior which lead to a conviction; there was no way to predict that her breach of others' medical information would occur; the mother and daughter were not reasonably foreseeable victims; and it was not a reasonably foreseeable risk that the LPN would post this information on the Internet. This case clearly shows that employers take any breach of a patient's confidentiality seriously. Moreover, it also illustrates that if the facts support the employer's noninvolvement in a breach, a nurse stands as the only defendant in a courtroom. It is quite certain that this LPN's license will be subject to discipline by the state board of nursing as well. Although this LPN's motives were rare, healthcare professionals should take patient confidentiality seriously. Carefully read any confidentiality agreement that you sign and adhere to it unfailingly. Editor's note: Nancy Brent's posts are designed for educational purposes and are not to be taken as specific legal or other advice. Footnote: 1 Robbins v. Trustees, No. 49A04-1412-CT-583, Indiana Court of Appeals, Oct. 2, 2015.