Legal Action: Court Told Hospital Worker Shared Patient Information

A legal action has been submitted against Atchison Hospital in Kansas by a rape victim who claims an x-ray technician at the hospital got in touch with her attacker and disclosed sensitive data about the treatment she received at the hospital.

According to a report in the Kansas City Star, after being raped, the woman sought treatment at the hospital. She was given a rape kit examination, and allegedly made it clear to the hospital that she did not want her health information to be shared to third parties.

Despite being against the patient’s wishes and a breach of the HIPAA Privacy Rule, information about the examination was shared to her attacker by a female X-ray technician at the hospital. The x-ray technician also advised the man that he had been accused of sexually assaulting the woman in question.

Following the disclosure, the man repeatedly contacted and threatened the patient by phone and text message in subsequent weeks. Along with receiving a barrage of abuse from her attacker, the legal action claims the woman was also harassed by hospital staff.

A complaint was submitted with the hospital over the privacy violation and an internal investigation was initiated. The medical records system was reviewed to determine whether there had been any unauthorized accessing of her medical records and interviews were carried with staff members.

No proof was uncovered to suggest the woman’s electronic medical records had been accessed inappropriately, but the hospital ruled that the X-ray technician had viewed the woman’s medical information in the hospital’s health information department.  The hospital advised the woman that the X-ray technician was not part of her care team and was not authorized to see her records.

The hospital apologized for the privacy breach and reviewed an updated its policies and procedures to minimize the risk of more incidents such as this occurring.

The X-ray technician was sacked from their role at the hospital over the privacy violation and was then hired by Saint Luke’s Cushing Hospital. According to the patient’s attorneys, details of the former employee’s conduct were not shared to Cushing Hospital and a positive review was given. The patient’s attorneys claim the hospital did not do enough to advise of the reason for termination to the woman’s potential new employer.

Hospital CEO, John Jacobson released a statement to the Atchison Globe, stating: “Patient confidentiality at Atchison Hospital and our ability to protect personal information is a top priority of ours… we are deeply disturbed by the actions of this former employee. In fact, when we were made aware of this situation, we took immediate steps to investigate and within two days, we terminated this individual’s employment.”


Author: Elizabeth Hernandez

Elizabeth Hernandez works as a reporter for Her journalism is centered on IT compliance and security. With a background in information technology and a strong interest in cybersecurity, she reports on IT regulations and digital security issues. Elizabeth frequently covers topics about data breaches and highlights the importance of compliance regulations in maintaining digital security and privacy. Follow on X: