fbpx

Psych Care Consultants and QRS Failed to Protect PII and PHI Class Action

Businesses that offer healthcare or healthcare-related services are prime targets for cybercriminals because of the extensive personally identifiable information (PII) and protected health information (PHI) they collected on their systems. This class action sues Psych Care Consultants, LLC (PCC) and its patient portal vendor, QRS, Inc., alleging that they “failed in their basic, legally-bound, and expressly-promised obligation to secure and safeguard PCC’s patients’ protected health information…”

Two classes have been defined for this action:

  • The PCC Class is all patients of PCC whose Protected Information was compromised in the data breach that was announced on or around November 26, 2021.
  • The Illinois QRS Class is all persons living in Illinois whose Protected Information was compromised in the data breach that was announced on or around November 26, 2021.

The information was accessed when cybercriminals breached QRS’s systems. The complaint alleges, “This unauthorized access and disclosure occurred over at least three days and is believed to have been discovered on August 26, 2021… Yet [the plaintiff in this case] was not notified of this event for three months when a letter was finally sent to her on or about November 26, 2021.”

The information exposed, the complaint says, included names, Social Security numbers, dates of birth, treatments, and diagnostic information, among other things.

The complaint alleges violations and failures on the part of the companies under various authorities. Under the Health Insurance Portability and Accountability Act (HIPAA), for example, health care entities are required to comply with standards relating to the privacy of individual information and security standards to protect it.

Also, the complaint says, the Federal Trade Commission (FTC) “has concluded that a company’s failure to maintain reasonable and appropriate data security for consumers’ sensitive personal information is an ‘unfair practice’” that violates the Federal Trade Commission Act (FTCA).

In addition to that, the complaint claims the companies had a duty to their patients and customers “to provide reasonable security, including consistency with industry standards and requirements, and to ensure that their computer systems, networks, and protocols adequately protected” patients’ PHI.

The complaint alleges, “PCC and QRS could have prevented this theft had [they] limited the patient information [they] shared and employed reasonable measures to ensure their business associates implemented and maintained adequate data security measures and protocols in order to secure and protect PCC’s patients’ data.”

“Upon information and belief,” the complaint alleges, “the mechanisms of the unauthorized disclosures of [the patents’] Protected information were known risks to PCC and QRS, and, thus, PCC and QRS were on notice that failing to take steps necessary to secure their medical record systems from those risks left that property in a dangerous condition.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Psych Care Consultants and QRS Failed to Protect PII and PHI Complaint

February 16, 2022

Businesses that offer healthcare or healthcare-related services are prime targets for cybercriminals because of the extensive personally identifiable information (PII) and protected health information (PHI) they collected on their systems. This class action sues Psych Care Consultants, LLC (PCC) and its patient portal vendor, QRS, Inc., alleging that they “failed in their basic, legally-bound, and expressly-promised obligation to secure and safeguard PCC’s patients’ protected health information…”

Psych Care Consultants and QRS Failed to Protect PII and PHI Complaint

Case Event History

Psych Care Consultants and QRS Failed to Protect PII and PHI Complaint

February 16, 2022

Businesses that offer healthcare or healthcare-related services are prime targets for cybercriminals because of the extensive personally identifiable information (PII) and protected health information (PHI) they collected on their systems. This class action sues Psych Care Consultants, LLC (PCC) and its patient portal vendor, QRS, Inc., alleging that they “failed in their basic, legally-bound, and expressly-promised obligation to secure and safeguard PCC’s patients’ protected health information…”

Psych Care Consultants and QRS Failed to Protect PII and PHI Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy