Jury awards $1.4 million verdict to a Walgreen Co. customer for privacy violation

August 02, 2013

Privacy Alert

On July 26, 2013, an Indiana jury awarded $1.4 million to a Walgreen Co. (“Walgreens”) customer for privacy violations of one of its pharmacists, Audra Peterson, (“Peterson”). The verdict stems from Peterson’s unauthorized access and disclosure of the protected health information of a customer, Abigail Hinchy (“Hinchy”). Specifically, Peterson knew that Hinchy and Peterson’s husband, Davion Peterson, had been involved in a previous relationship, and Peterson suspected that Hinchy had transmitted a sexually transmitted disease to her husband during that time. Peterson read and reviewed Hinchy’s protected health information and shared the information with her husband.

Hinchy initiated the suit against Walgreens in August 2011 when she discovered that Peterson had shared Hinchy’s protected health information with her husband. Hinchy discovered the unauthorized access after she allegedly received a text message from Peterson’s husband inquiring about the contraction of a sexually transmitted disease. Hinchy immediately contacted Walgreens and voiced her complaint about Peterson’s actions. However, Peterson allegedly accessed Hinchy’s information a second time without authorization, even after Hinchy’s complaint. Hinchy accused Walgreens of negligence in supervising Peterson’s actions as an employee and of its failure to appropriately safeguard her protected health information.

Marion County Circuit Judge David J. Dreyer asked the jury to determine if Peterson’s actions were “sufficiently associated” with Walgreens authorized activities. The jury determined that Walgreens was 80% at fault for damages to Hinchy because Peterson was acting as a Walgreens employee when she violated Hinchy’s privacy. During regular working hours, Peterson accessed Hinchy’s pharmaceutical information in the Walgreens’ computer system. Hinchy’s attorney stated, “As we believe this is to be the first verdict of its kind against a major national pharmacy, we are hopeful that other health care providers will take notice.” Judge Dreyer stated that the nature of Peterson’s conduct was founded on Walgreens’ training and assigned duties and responsibilities that she acquired from her employment at Walgreens.

Walgreens issued a statement saying, “The pharmacist in this case admitted she was aware of our strict privacy policy and knew she was violating it. We believe it is a misapplication of the law to hold an employer liable for the actions of one employee who knowingly violates company policy.”

This case illustrates the importance of adhering to a strong compliance program and, in particular, training all employees about the proper access, use, and disclosure of personal and health information and closely supervising their actions.

The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

Back to top