McAlester Hospital in Trouble for Impermissible Disclosure of Medical Information

Dennis and Wayne Russell’s adopted two-year old boy named Keon passed away as a result of accidentally drowning. Soon after the boy was brought to McAlester Regional Health Center, they got a telephone call from the birth mom throwing threats at them.

The boy had entered into the swimming pool area as the gate was left wide open and he accidentally fell into the swimming pool. The Russells did what they needed to do to resuscitate the boy until eventually the paramedics arrived and took the boy to the center. They boy did not survive.

The birth mom contacted the Russells following the Keon’s death. The Russells learned from the birth mom that the hospital notified her regarding the boy’s incident and demise. The birth mom was so annoying and threatened to endanger the Russells’ other child. Subsequently, the couple needed to get a protective order versus the birth mom.

The Russells looked after Keon since he was just two weeks old and finalized his adoption on July 2015. The conditions of the adoption assert that the birth mom give up all parental rights over the child. Yet, the hospital staff still informed the birth mom regarding demise of the boy.

The Russells took legal action for the impermissible disclosure of their son’s medical data which led to the encounter of “extreme emotional distress” which include the miserable dealings with the birth mom. The husband and wife would like $150,000 worth in damages.

The lawsuit is not just concerning the privacy breach and the telephone call that the hospital personnel made to the birth mom. The lawsuit additionally claims that there were some other HIPAA violations as several hospital employees had viewed Keon’s healthcare records with no permission which include staff in the medical center cafeteria.

The hospital provided one food service department employee a legit access to the EHR system to look at dietary specifications of patients and room numbers. Apparently, the worker had written down her sign in details on a sticky note and placed them on a PC so other people could access the EHR system. Thus, other food service employees did access the Keon’s information, which include labor and delivery unit data.

Based on the access logs, the food service employee’s credentials was utilized to view Keon’s healthcare information several times on his admission day, although the employee was not working that day. In case these allegations are actually true, consequently McAlester Regional Health Center made several HIPAA violations. Yet, the Russells are unable to take legal action against the hospital since there is no private cause of action with the HIPAA. Lawsuit against healthcare establishments is simply possible via the state attorneys general and the Department of Health and Human Services’ OCR.

The hospital was unable to secure Keon Russell’s health information and broke the HIPAA rules and hospital policies. Oklahoma’s medical records statutes were likewise broken. A jury trial is supposed to begin in January 2019.

About Christine Garcia 1310 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at