The trusted source for
healthcare information and
Liability mitigated when incident hard to predict
It appears no one was harmed by the bogus emergency department (ED) staffer at St. Joseph's Hospital in Tampa, FL, which means there may be no resulting lawsuit. But even if there were a plaintiff to sue the hospital, the potential liability might be reduced because the situation was so unusual, says James M. Jacobson, partner and co-chair of the health law and life sciences team at the law firm of Holland & Knight in Boston.
'Impostor … a rare bird'
Jacobson notes that while risk managers must prepare for even the extreme cases, the question of liability often comes down to whether the hospital could have foreseen the situation. "The impostor in this case is a very rare bird, and unless the hospital was aware that she wanted to crash the ED, it is very unlikely that her posing as a staffer was reasonably foreseeable," he says. "Mere errors in judgment or patient care, and even failures to follow corporate policy, are not necessarily legally actionable in a tort case when they are not reasonably foreseeable to the hospital."
Assuming the woman did not express an intention to breach security and was not known to have a disorder that would increase the risk of impersonation, Jacobson says he does not believe any jury would find that the hospital could have foreseen the woman's intrusion or that she would breach a duty to a patient. "Obviously, the impostor could have caused direct patient harm, whether by action or inaction," he says. "Fortunately, the staff recognized her limitations and forced her to shadow someone else. Even if she had caused patient harm, however, it is far from certain that a negligence lawsuit against the hospital would be appropriate or would succeed without foreseeability."
Finally, if the woman had access to protected health information, there could have been a violation of the Health Insurance Portability and Accountability Act, but Jacobson says it is very unlikely that the government would take action unless the data were further disclosed or the woman's use of the data caused harm to a patient. "Just as in medicine, the law expects people to look for horses, not zebras," Jacobson says. "This case is a zebra, something out of Grey's Anatomy or ER. Until this zebra becomes much more common, such that it is reasonably foreseeable, hospitals are unlikely to face liability for such mistakes."
Impostor incident could have led to ID theft
Any unauthorized person given access to patients and their records can steal confidential information and even assume someone's identity within the health care system, warns Guillaume Deybach, CEO of Worldwide Assistance Services, a provider of identity theft resolution services in Washington, DC.
The intruder at St. Joseph's Hospital in Tampa, FL, had ample access to information that could have led to medical identity theft, he says. Similar to identity theft in which a person's information is stolen for financial fraud, medical identity theft occurs when someone uses a person's name and sometimes other parts of their identity — such as insurance information — without the person's knowledge or consent to obtain medical services or goods, or uses the person's identity information to make false claims for medical services or goods.
"Medical identity theft frequently results in erroneous entries being put into existing medical records and can involve the creation of fictitious medical records in the victim's name," Deybach says. "Medical identity theft can cause great harm to its victims. The extreme cases are where victims could be given the wrong treatment/surgery due to their medical records being compromised."
The more common consequences are that this type of theft leaves a trail of falsified information in medical records that can plague victims' medical and financial lives for years, he says. Deybach advises risk managers to consider the risk of medical identity theft when constructing security policies and identification procedures.
For more information on medical identity theft, contact: