Shared Patient Videos Lead to Class Action against Sharp Grossmont Hospital

On May 24, 2016, a class-action complaint was filed against Sharp Healthcare in San Diego, California, alleging violations of the Health Insurance Portability and Accountability Act (HIPAA). Specifically, the complaint alleges that Sharp secretly recorded approximately 15,000 videos of patients in Sharp’s year-long attempt to build a case against an anesthesiologist allegedly stealing the drug Propofol. Sharp allowed security guards to review the recordings, and released 14 of the recordings to the anesthesiologist’s defense attorney. Many of the videos depicted unconscious patients, nudity, Cesarean sections, or other surgeries.

The named plaintiff, Melissa Escalera, was allegedly filmed during a Cesarean section. The class potentially includes more than 1,000 patients secretly recorded by Sharp between July 2012 and June 2013. The complaint seeks class certification and damages for breach of fiduciary duty, breach of confidentiality, unlawful recording of confidential information, negligent creation and maintenance of medical information, unlawful disclosure of medical information, invasion of privacy, and distribution of private sexually explicit materials.

We will continue to monitor this story as it develops.

Investigation Underway After Sharp Grossmont Hospital Shared Private Patient Videos With Third Party

On May 12, 2016, Sharp HealthCare issued a statement regarding its inadvertent dissemination of videos depicting fourteen female patients undergoing obstetric surgeries. Sharp provided the videos to a local attorney defending a physician who is accused of stealing sedative medication from Sharp Grossmont Hospital in San Diego, California.

The privacy breach may constitute a violation of California’s Confidentiality of Medical Information Act (CMIA) and the Health Insurance Portability and Accountability Act (HIPAA), both of which prohibit the disclosure or use of medical information without patient authorization. The hospital argues that a clause in its Admission Agreement authorized the surveillance:

You consent to all hospital services rendered under the general and special instructions of your physician(s), and to the taking of photographs and videos of you for medical treatment, scientific, education, quality improvement, safety, identification or research purposes, at the discretion of the hospital and your caregivers and as permitted by law.

However, the patients are sure to assert that even if the surveillance was authorized, the provision cannot reasonably be interpreted as authorization for disclosing the so-called surveillance to a third party.

Sharp has notified the California Department of Public Health and the Department of Health and Human Services Office for Civil Rights, who will investigate the breach. If the California Department of Public Health determines that the breach constituted a violation of CMIA, the hospital could be fined up to $250,000. (Civ. Code, § 53.36.)  HIPAA imposes similar – but more costly – fines for violations.

We will continue to monitor this story as it develops.