[BreachExchange] Alabama hospital to pay $300K for failing to respond to records breach by staff physician

[Destry Winant]

https://www.beckershospitalreview.com/legal-regulatory-issues/alabama-hospital-to-pay-300k-for-failing-to-respond-to-records-breach-by-staff-physician.html

A jury ruled June 11 that a hospital must pay a woman $300,000 after a
physician on its staff improperly viewed her medical records,
according to the Dothan Eagle.

Enterprise, Ala.-based Medical Center Enterprise failed to take action
against former physician Lyn Diefenderfer, MD, after officials there
learned he had illegally accessed and disclosed Amy Pertuit's medical
records, the jury concluded.

Dr. Diefenderfer was indicted in January 2015 for exposing Ms.
Pertuit's information in a custody dispute involving Peruit's husband.
Dr. Diefenderfer had gained access to Ms. Pertuit's information on the
Alabama Prescription Drug Monitoring Program despite not being her
physician.

Upon further investigation, Dr. Diefenderfer was accused of 22 other
HIPAA violations and hospital privacy breaches by hospital
investigators.

The physician and Ms. Peruit have already settled the dispute outside of court.

Dr. Diefenderfer now works as the chief of hospital medicine at Troy
(Ala.) Regional Medical Center, the Dothan Eagle reports.