Patient Privacy Breaches: Sexual, Creepy, and Illegal

Michael J. Sacopulos, JD


March 06, 2014

In This Article

Private Pharmacy Records Get Ex-boyfriend and Employee in Big Trouble

When Abigail Hinchy received a text message from her ex-boyfriend one night, she was anything but happy to read it. The ex-boyfriend and father of her child, Davion Peterson, informed Hinchy that he was looking at a printout of her pharmacy records. Peterson tried to use Hinchy's pharmaceutical records to blackmail her into not seeking child support for their child.[4]

Hinchy was shocked that Peterson somehow gained access to such personal information. She immediately called the local Walgreens pharmacy where she gets her prescriptions filled. Hinchy's lawyer, Neal F. Eggeson, stated that Hinchy contacted the pharmacy, saying, "I believe there has been a privacy breach here. Can somebody check to make sure my records are secure?"

Later, Hinchy discovered that Peterson was married to a pharmacist at that Walgreens store. She then contacted Walgreens a second time, informing them that she believed that their pharmacist, Audra Peterson, was involved in this breach of healthcare information.

After an investigation, Audra Peterson confessed to providing her husband with Hinchy's prescription profile, says Eggeson. Walgreens responded with a final written warning, which in essence is just a note in the personnel file. The company commented on their decided disciplinary action, saying, "We take seriously our responsibility to safeguard the privacy of medical records in our possession. The pharmacist in this case admitted she was aware of our strict policy and knew she was violating it. She was appropriately disciplined for her action."

Eggeson said an expert testified that Walgreens should have a mechanism in place for tracking recent profile access. Walgreens called such precautions impractical, stating that it simply does not have the ability to do something like that.

Although the Health Insurance Portability and Accountability Act (HIPAA) does not create a private cause of action, it can still play an important role in private causes of action in state court, as in Hinchy's trial. Eggeson's client filed suit against both the pharmacist and Walgreens, claiming that both had breached their common and statutory law duties of confidentiality and privacy. Walgreens was negligent in supervising and training Peterson, Eggeson believed. Walgreens stated, "We believe it is a misapplication of the law to hold an employer liable for the actions of one employee who knowingly violates company policy."

Eggeson said that on the basis of the facts of the case, his client suffered an invasion of privacy, emotional harm, and emotional anguish, for which he asked the jury to compensate Hinchy. And compensate they did: The jury clearly agreed that Walgreens hadn't done enough internally to prevent Peterson from going through patient files.

On July 26, 2013, the jury awarded damages of $1.8 million. This was reduced by a suggested 20%, because this amount of the damage was said to have actually been caused by the ex-boyfriend, who was not an employee of Walgreens. "It seems pretty clear that the jury concluded that the ex-boyfriend was the impetus behind all of this," Eggeson noted. "He probably convinced his wife to go into the prescription profile and print off the information for him. He really was the catalyst." A Marion County, Indiana, jury awarded Hinchy $1.44 million for her damages.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.