Lurie Children’s Hospital of Chicago Faces Legal Action Over Two Recent Data Breaches

Lurie Children’s Hospital of Chicago is dealing with lawsuits regarding two privacy breaches which involved employees accessing the healthcare records of patients with no permission.

The legal action was filed on behalf of a mom and her child who is 4 years old. On December 24, 2019, Lurie Children’s Hospital informed the mother that a hospital’s nursing assistant accessed her daughter’s health records even when there was no legit work reason for doing so. The employee was discovered to be viewing patient files without consent between September 10, 2018 and September 22, 2019.

On May 4, 2020, a second letter sent to the mother explained that her daughter’s medical records were accessed without authorization by a different employee. In this case, the employee was discovered to have viewed patient data with no valid work reason between November 1, 2018 and February 29, 2020.

In early 2019, the mother took her then 3-year-old child to the hospital for a consultation as she thinks that her daughter might have been a victim of sexual abuse.

The mother sought-after legal counsel on May 8, 2020 to know how she can make sure that her daughter’s medical data could be better secured in the future and to discover more data concerning how two breaches of this sort could have happened. The law firm Edelson P.C filed a lawsuit in Cook County Circuit Court on May 8, 2020.

The lawsuit alleges breach of confidentiality, a breach of contract, and negligence for failing to supervise staff and make sure her child’s medical information remained private and confidential. The accessing of the plaintiff’s medical data was part of two larger breaches that spanned several months before the identification of the unauthorized access. The lawsuit seeks class-action status as well as trial by jury.

The hospital investigated both legal cases, however, no evidence was discovered that suggests the employees acquired or misused any patient information. After the detection and investigation of the unauthorized access, both employees were disciplined in accordance with the hospital’s policies and they stopped working in the hospital.

The lawsuit seeks to get damages for all patients affected by the breach, the giving of continuing credit monitoring services for breach victims, and demands the implementation of measures to avoid further privacy breaches later on.

About Christine Garcia 1310 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at