A divided Indiana Court of Appeals has reinstated a patient’s claim that a hospital is vicariously liable for the actions of a medical assistant who accessed her medical records and then shared details with her husband after she noticed that the patient had “liked” a photo of her husband on Facebook.
Haley SoderVick sued Fort Wayne-based Parkview Health System Inc. after Parkview notified her in May 2018 of the disclosure of her protected health information. SoderVick had gone to an appointment with OB/GYN Dr. Catherine Reese at Parkview’s campus in Wabash the prior October, and while there, medical assistant Alexis Christian accessed her medical records for one minute, according to the record.
“Christian then immediately texted information about SoderVick to Christian’s then-husband, Caleb Thomas. In these texts, Christian disclosed SoderVick’s name, the fact that she was a patient, a potential diagnosis, and that she worked as a dispatcher. Christian also texted Thomas that SoderVick was HIV-positive and had had more than fifty sexual partners, although this information was not included in her chart and was ultimately false,” Judge John Baker wrote for the majority, joined by Judge James Kirsch.
“Christian testified that she had been checking Facebook on her phone during her lunch break earlier that day and had seen that SoderVick had liked a photo of Thomas. Later that afternoon, when Christian was ‘inputting chart information and came across all of that information’ about SoderVick, she claims she felt ‘concerned’ and therefore texted her husband asking if and how he knew SoderVick, curious as to whether they might have had a sexual history together.”
Thomas’ sister saw the texts on his phone and notified Parkview, which investigated the potential violation of the Health Insurance Portability and Accountability Act. Parkview ultimately fired Christian and notified SoderVick, prompting this lawsuit.
The Allen Superior Court ultimately granted Parkview summary judgment on SoderVick’s claims for respondeat superior, direct negligence for Parkview’s negligent training, supervision and retention, and direct negligence for Parkview’s violation of its statutory and common-law duties of protection of privacy under HIPAA.
SoderVick appealed summary judgment on the respondeat superior claim, and the COA majority reversed and remanded, finding Christian’s conduct met the test of whether it was incidental to employment.
“Parkview argued in its motion for summary judgment that there was no genuine issue of material fact as to whether Christian was acting in the scope of her employment. But we find that that there is a genuine issue of fact on the scope of employment issue; specifically, there is an issue of fact as to whether Christian’s conduct was incidental to authorized employment activities. We therefore find that the trial court erred in granting summary judgment in favor of Parkview on the respondeat superior claim, reverse that portion of the order, and remand for further proceedings,” Baker concluded for the majority.
Judge Elizabeth Tavitas dissented and would affirm the trial court. She said SoderVick’s case more closely resembled Hayden v. Fransiscan All., Inc., 131 N.E.3d 685, 691 (Ind. Ct. App. 2019), trans. denied, in which judgment for a health care provider was affirmed in a privacy breach.
That ruling, Tavitas said, was “more persuasive” than Walgreen Co. v. Hinchy, 21 N.E.3d 99, 112 (Ind. Ct. App. 2014), to which the majority cited. In that case, the COA affirmed a $1.4 million damages judgment to a customer whose protected medical information was disclosed by a pharmacist.
“As in Hayden, Christian accessed the medical records for a non-employment related reason in direct violation of the Parkview Confidentiality Agreement and Acknowledgement that Christian signed. I conclude, based on Hayden, that the trial court properly granted summary judgment to Parkview. Accordingly, I dissent,” Tavitas wrote.
The case is Haley SoderVick v. Parkview Health System, Inc., 19A-CT-2671.