A class action lawsuit accusing an Alabama hospital, Flowers Hospital, of negligence in an employee’s theft of sensitive patient information survived a motion to dismiss and was allowed to proceed on Friday.
Flowers Hospital — located in Dohan, Alabama — discovered in February that an employee, Kamarian D. Millender, had stolen patient data, including names, addresses, Social Security numbers and health insurance information. The employee was arrested and charged with trafficking in stolen identities. Flowers Hospital agreed to provide affected patients with free credit monitoring to help mitigate the effects of the theft.
Lead plaintiffs, five former patients, filed the data breach class action lawsuit against Flowers Hospital in May alleging that the hospital “flagrantly disregarded” patient privacy rights by inadequately safeguarding their personal information and subjecting patients to increased risks of identity theft and fraud. The plaintiffs claimed that the hospital employee stole sensitive patient information subjected them to identity theft and allowed third parties to file false tax returns with their information. The plaintiffs argued in their initial filing that Flowers violated the Fair Credit Reporting Act. The plaintiffs also contended that Flowers violated the Health Insurance Portability and Accountability Act (HIPAA).
Flowers Hospital filed a motion to dismiss the class action lawsuit in July arguing that the plaintiffs had failed to establish a link between the employee theft to financial damages. The hospital further argued that the plaintiffs hadn’t shown that they had been denied tax refunds or that they had incurred fees or paid expenses from the alleged fraud. The hospital also contended that a possibility that they may be subjected to identity theft in the future was not enough for the plaintiffs to establish standing in court. Flowers denied that it had violated HIPAA and argued that even if it had violated HIPAA, that violation would not amount to negligence on the hospital’s part because Alabama is one of the few states that doesn’t have a data breach notification law.
U.S. District Judge W. Keith Watkins denied the hospital’s motion on Friday. Further, Judge Watkins allowed the plaintiffs in the data breach class action lawsuit against the Alabama hospital to amend their complaint, particularly their claims that a third party used their stolen Social Security numbers to file tax returns in their names. Judge Watkins didn’t expand on his reasoning for allowing the plaintiffs to amend their complaint, but noted that Flowers Hospital’s motion to dismiss would not carry over to the amended complaint stating “[a]ny motion to dismiss filed in response to plaintiffs’ amended complaint, and any response in opposition thereto, shall fully set forth any arguments in support of or in opposition to such motion, and shall not simply renew or incorporate arguments made in previous motions and responses thereto.”
The plaintiffs are represented by M. Adam Jones and Jordan S. Davis of M. Adam Jones & Associates LLC and James M. Terrell of McCallum Methvin & Terrell PC.
The Flowers Hospital Data Breach Class Action Lawsuit is Smith, et al. v. Triad of Alabama LLC d/b/a Flowers Hospital, Case No. 1:14-cv-00324, in the U.S. District Court for the Middle District of Alabama.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2025 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
