On Monday a case was filed in the Middle District of Florida by Bonnie Gilbert against BioPlus Specialty Pharmacy Services. The case is regarding disclosure of data protected by the Health Insurance Portability and Accountability Act (HIPAA) after a breach.
The plaintiff was a customer of the defendants; the complaint explained that as a result she provided Personally Identifiable Information (PII) and Personal Health Information (PHI) to the defendant pharmacy. This information included her name, address, and other information.
The complaint said that the defendant was obligated under HIPAA to protect this information which it utilized to process and fulfill pharmacy needs. However, the defendant reported that its network was subject to a data breach and the information was retrieved by an outside party.
The plaintiff accuses the defendant of maintaining insufficient network security and failing to timely notify the potential class of victims of the data breach.