Quest Diagnostics faces class action for alleged idleness during patient privacy breach

Dave Pearson | | Health Exec | Cybersecurity

A Manhattan law firm has filed a class-action lawsuit against Quest Diagnostics for allegedly doing nothing while a protracted breach of patient privacy unfolded under the clinical-lab corporation’s nose.

Newman Ferrara LLP announced in a Nov. 20 news release that it had launched the action several days prior in U.S. District Court.

The suit charges that medical records containing personal and HIPAA-protected information on hundreds of New Yorkers were faxed from the offices of numerous physicians to a marketing firm in Brooklyn—and that New Jersey-based Quest, the intended recipient, failed both to alert affected patients and correct the error even after receiving repeated notifications from a good Samaritan.

On Nov. 17 an I-team reporter from New York’s Channel 4 spoke with an employee of the marketing firm, APS Marketing Group, who said she alerted Quest to the error early and often out of a desire to be helpful.

The employee, Gabby Klotzman, attributed the mixup to an incorrect fax number and said she went to HHS after Quest said it would fix the problem but failed to follow through.

Month after month, even after HHS was alerted, the faxes kept coming, Klotzman told reporter Pei-Sze Cheng.

“I know that if my information were shared like that, I definitely would want someone to let me know,” she added.

In its press release, Newman Ferrara placed responsibility for the evident case of human error squarely on Quest.

“That Quest was on notice of this massive data breach for perhaps a year or more, and yet failed to take any responsible or required action, amounts to an egregious dereliction of duty,” Jeffrey Norton, a partner of the firm, said in prepared remarks. “Through this lawsuit, we intend to make sure something like this does not occur again.”

Quest, which operates throughout the U.S. and in Brazil, Mexico, the U.K. and India, told Channel 4 it is now looking into the matter and has created a new fax number.

To view the Channel 4 report, click here

Dave Pearson
Dave Pearson

Dave P. has worked in journalism, marketing and public relations for more than 30 years, frequently concentrating on hospitals, healthcare technology and Catholic communications. He has also specialized in fundraising communications, ghostwriting for CEOs of local, national and global charities, nonprofits and foundations.

Related Content

Lone Michigan Medicine employee responsible for breach that impacted 58K patients
Lehigh Valley Health Network to pay $65M after nudes of patients leaked online
Another 947K patient records found to be leaked in MOVEit breach
Report: Ransomware landscape changing, attacks down 16% since 2023
Healthcare Cybersecurity Act brought to House by bipartisan cosponsors
Lawyer: Court decision over website trackers has ‘zero impact on patient privacy’

Around the web

Cardiovascular Business
Cardiology groups cheer new bill that would improve access to Medicare claims data

If passed, this bill would help clinician-led clinical registries explore Medicare data for research purposes. The Society of Thoracic Surgeons and American College of Cardiology both shared public support for the bipartisan legislation. 

Cardiovascular Business
Watchdog group, fearful of fraud, wants more oversight for remote patient monitoring

Cardiologists and other physicians may soon need to provide much more information when ordering remote patient monitoring for Medicare patients.

Cardiovascular Business
Most recalled cardiovascular devices gained FDA approval with little to no clinical evidence

Why are so many cardiovascular devices involved in Class I recalls? One possible reason could be the large number of devices hitting the market without undergoing much premarket clinical testing. 

Design by Adaptive Theme
Trimed Popup
Trimed Popup