Mayo Clinic has resolved one more lawsuit that resulted from a data breach that involve a previous employee, who was found to have viewed the data of patients with no permission, which includes nude pictures.
In October 2020, Mayo Clinic informed 1,614 patients about an ex-employee who viewed some of their protected health information (PHI). That data contained demographic data, dates of birth, clinical notes, and medical record numbers. The employee was likewise found to have looked at pictures of patients that were taken for medical reasons, including nude pictures.
The 28-year-old employee from Saginaw, MI, Ahmad Maher Abdel-Munim Alsughayer, was a physician at Mayo Clinic and ended his work in August 2022 about the time when Mayo Clinic discovered the privacy violations. The Olmsted County Attorney’s Office performed a criminal investigation of Alsughayer’s privacy violations after receiving a complaint from a patient who got a copy of her data and found they contained three nude pictures in her medical documents when the claimed privacy violations happened. She requested the information after being informed about the data breach.
Alsughayer is being charged with a gross misdemeanor for unauthorized computer access. His lawyer tried to have the case dismissed based on the argument that there was no probable cause to think the defendant had done the hypothetical privacy violations; nevertheless, those attempts were not successful. Alsughayer did not admit to any wrongdoing in August 2021. There is no date yet for the trial.
There were three lawsuits filed against Mayo Clinic in relation to the privacy violations. One of the lawsuits had been resolved with the complainant out of court last year. Another case filed in May 2021 is slated to go to trial this September 2023. In November 2020, the third lawsuit was filed in November 2020 on behalf of Olga Ryabchuk, a Mayo Clinic patient. A class action status is sought for the 1,614 patients who had their privacy violated. An Olmsted County Judge dismissed that lawsuit in December when all parties consented to a settlement. The details of the settlement were not disclosed to the public.