Aspen Valley Hospital accused of patient-privacy breach
The Aspen Times
A former Aspen Valley Hospital employee who says a human resources manager outed him as HIV-positive is alleging the hospital repeatedly violated patient-confidentiality laws.
The plaintiff in the lawsuit, filed Friday in the U.S. District Court of Denver, is using the name John Doe. His actual identity is concealed from the lawsuit because he wants his privacy protected, said attorney Mari Newman of the Denver law firm Killmer, Lane & Newman LLP, which filed the complaint.
Doe’s 42-page lawsuit claims he was fired in January 2015 after he complained about the hospital to the Office for Civil Rights and the Department of Labor. Since then, he has been unable to land a job in the Roaring Fork Valley, partly because of the hospital’s “continuing retaliation,” the suit says.
Hospital authorities declined to comment, according to hospital spokeswoman Ginny Dyche. She noted that interim CEO Terry Collins said “the hospital will vigorously defend its actions at the appropriate time.”
The hospital had not been served with the suit as of Tuesday.
Suit alleges “sham investigation”
Doe joined the hospital in 2003 as its conference center coordinator. In August 2013, he was promoted to a technician in the hospital’s information technology department.
The hospital regularly gave him “outstanding” job reviews, the suit says, but his employment status began to unravel after it was revealed he was HIV-positive.
Unbeknown to Doe at the time, Alicia Miller, who is the hospital’s human resources director and privacy officer for the staff’s health plan, told another employee about his condition over drinks and dinner. That conversation transpired Sept. 23, 2012, after an industry convention in Denver, the suit alleges. Miller’s knowledge of Doe’s HIV status was a result of her analysis of the health-insurance records of staff employees as a way to reduce costs for the self-insured hospital, the suit says. Doe’s insurance records “stood out because his HIV anti-viral medications were expensive and therefore exceeded many of the other employees’ health-insurance costs,” the suit says.
Doe didn’t learn that his colleagues knew of his condition until 2014, the suit says. That’s when the employee who was informed of his health, after leaving the hospital, told him about her conversation with Miller, the suit says.
Doe was “extremely shocked, scared and felt violated, especially because he is a very private person who had never even told family members of the fact he was HIV positive, let alone friends or co-workers, outside of a purely confidential doctor-patient relationship,” the suit says.
Meanwhile, the employee who told Doe about the conversation made a formal complaint in June 2014 with the hospital’s attorney, Elaine Gerson, who also was the organization’s chief clinical officer at the time. The complaint prompted Gerson to call a meeting with Doe on June 20, 2014, the suit says.
At that meeting, Doe expressed his embarrassment about having HIV, while Gerson said HIV “was not a ‘big deal’ any longer and suggested that he ‘get over it,’” the suit says. Even so, Gerson referred the matter to the hospital’s chief compliance officer, Stephen Knowles, who “conducted a sham investigation and made every effort to sweep … Miller’s egregious violation under the rug,” the suit says.
Miller and Knowles were good friends, the suit alleged, also noting that Miller told Knowles she didn’t know how she learned that Doe was HIV positive. She also denied discussing Doe’s condition with the woman who complained to the hospital, according to the suit.
The woman told The Aspen Times on Tuesday she remembered the conversation vividly and that Miller told her about Doe’s health issues. Miller had expressed concerns about Doe’s declining health, the woman said.
“She said it’s probably related to his HIV status or that he’s HIV positive,” she said. “I was really taken aback and shocked.”
The woman said she eventually resigned from the hospital because she was so upset about the disclosure. Fearful of retaliation, she didn’t complain to the hospital until she left it. Doe’s complaint is a “strong case,” she said.
“The entire point of this lawsuit is that this is medical information of the most private kind,” said Doe’s attorney, Newman. “There is certainly a persistent stigma that goes along with the diagnosis of HIV-positive, so the fact that the hospital’s senior HR person and privacy officer felt this was appropriate cocktail fodder is beyond outrageous.”
Complaints prefaced termination
After the hospital refused to take action against Miller or investigate further, Doe filed a complaint with the Office for Civil Rights, a federal agency that reviews reports of violations of the Health Insurance Portability and Accountability Act. Widely referred to as HIPAA, the law grants medical privacy to patients.
Among Doe’s concerns that were reported: “I am also fearful of losing my job over blowing the whistle on this matter, hence another reason I am now reporting this willful violation of my privacy,” the suit says.
The hospital learned of the complaint on Oct. 7, 2014. Ten days later, on Oct. 17, the hospital reprimanded Doe for a communications lapse in the IT department. The transgression was a “minor error” that other employees had committed but hadn’t been disciplined for, the suit alleges.
Again, Doe went to the Office for Civil Rights, filing a complaint accusing the hospital of illegal retaliation.
In the subsequent days, Doe’s supervisor, IT Director Michelle Gelroth, began to “accuse and harass” him over minor work issues, the suit says. Gelroth was ordered to ride Doe over his job performance by Miller and Dawn Gilkerson, the hospital’s HR specialist, the suit says.
His health failing, Doe took a Family Medical Leave Act break from Oct. 1 through Dec. 1, the suit says.
When he returned, he learned he had been demoted to the position of help-desk coordinator, while his pay had been docked by $1,800 a month, the suit says.
Again, Doe filed a complaint alleging retaliation by the hospital with the Office for Civil Rights as well as the Department of Labor on Jan. 3, 2015, and Jan. 10, 2015, respectively. The hospital fired him on Jan. 22.
Not an isolated case
Doe’s case was an extension of other HIPAA violations by the hospital, the suit says.
Doe, who filed an open-records request to obtain all HIPAA-related missteps by the hospital in the past five years, learned about the following transgressions:
• In September 2013, a member of the Aspen Valley Hospital Foundation, the hospital’s fundraising arm, asked the IT department to create a database to notify foundation members when one of their wealthy donors was in the emergency room or the progressive care unit.
“The purpose of this database was to alert Hospital Foundation members, tasked with fundraising for the hospital, so they could visit the ill wealthy individual, taking advantage of the wealthy VIP’s vulnerable health and presence at the hospital as a patient to solicit donations for the hospital,” the suit says.
• Other patients complained of HIPAA breaches in May 2013, January 2014, and April or May 2014, the suit says.
And at the hospital’s board of directors meeting in May, Collins, the hospital’s interim CEO, asked Gelroth, “Without naming names, would you tell about the recent incident of an employee who violated the HIPAA reg?”
Gelroth responded, “Well, which one?”
Along with Aspen Valley Hospital, other defendants are Gelroth, Gerson, Gilkerson, Knowles and Miller.