August 29, 2018
After the unintentional drowning of their adopted son, Denise and Wayne Russell were communicated by the child’s birth mother who made threats against their family.
The phone call from the birth mother came immediately after their son was admitted to McAlester Regional Health Complex after a catastrophic swimming pool calamity. Their 2-year old kid had dropped into the pool after the gate to the pool area had been unintentionally left open. The parents ordered CPR at the sight until the paramedics reached and the kid was dashed to the hospital where he was later verified to have expired.
Soon after their son expired, the Russells got the phone call from the birth mother. When questioned how she knew about the mishap and expiry of the kid, she confirmed that she had been notified by the hospital. The birth mother shouted at the Russells and made several threats, as per Denise Russell, including a warning to kill their other son. The condition became so bad that a defensive order was filed against their son’s birth mother.
The Russells had taken care of their adopted son Keon since he was 2 weeks old and concluded the adoption in July 2015. Under the conditions of the adoption, the birth mother ended all of her parental privileges. Even so, a worker at the hospital got in touch with the birth mother to notify her to the demise of her son.
In the claim, the Russells claim that as a consequence of the impermissible revelation of their son’s health information they have suffered “great emotional pain” from having to cope with the birth mother. The couple is requesting $150,000 in harms.
The call to the birth mother was made by a worker of the hospital, even though as per the claim that was not the only secrecy violation and HIPAA violation that happened. The claim alleges several hospital employees retrieved Keon’s medical records without permission including employees in the hospital canteen.
One worker in the food service division had been legally given access to the hospital’s EHR system. Access was needed to check the food requirements of patients and room members. It is suspected that that employee had been ordered to write down her login identifications on a sticky note and post them on a computer to let others be able to access the EHR system. Those identifications were supposedly used by other food service employees to access the child’s records, including labor and delivery department records.
A scrutiny of the access logs indicated that Keon’s medical records were retrieved several times on the day of admission to the hospital using the food service employee’s identifications, even though the employee was not on duty that day.
If the accusations are correct, there have been several HIPAA breaches, which have definitely caused emotional pain for the parents; nevertheless, there is no secret cause of action in HIPAA. It’s not possible for a person to indict a hospital for a HIPAA breach. Only state attorneys general and the Division of Health and Human Services’ Office for Civil Rights are allowed to bring legal action against healthcare companies for HIPAA breaches under the central law.
Instead, the claim asserts the hospital was careless for failing to safeguard Keon Russell’s medical records and meet HIPAA requirements and its own internal plans. It has also been suspected that Oklahoma’s medical records statutes were also been broken. A jury trial is projected to start in January 2019.