Search Results : “Flowers Hospital”

Mar 202017

Lance Griffin has an update to another long-running data breach lawsuit:

A federal judge has granted class action status to a civil lawsuit involving the theft of personal information at Flowers Hospital, believed to have occurred in 2013.

The decision, if ultimately approved, means people who believe they have been adversely affected as a result of the theft of their personal information may pursue their claims against the hospital’s parent company as a group instead of individually.

The lawsuit stems from a 2014 criminal case in which a man hired as a phlebotomist, Kamarian Millender, obtained non-hospital patient records stored at the hospital and used the information to file as many as 124 fraudulent federal tax returns for the 2012 and 2013 tax years. Millender was arrested in February of 2014 and was found in possession of 54 patient records.

Read more on Dothan Eagle. You can find a number of posts about this case on this site by following these links.

Aug 312016

Ken Curtis reports the latest developments in a lawsuit stemming from an insider breach for tax refund fraud. The former Flowers Hospital employee is currently serving a prison sentence,  but now others want to join the potential class action lawsuit against the hospital. Curtis reports, in part:

Legal documents show that Millender was in possession of 54 files stolen from the hospital. It’s not known the total he took while employed for nearly a year. Evidence shows he would return files after stealing vital data.


The lawsuit also claims files were routinely and negligently kept in an unsecured hallway of the hospital. “These daily file folders would each generally contain approximately 100 to 150 patient records.”

Read more on WTVY.

I’ve covered this breach previously on this site (follow links to past coverage), but I just went back to see what action, if any, OCR had taken when they investigated. The breach had been reported to them as affecting 629 patients. Here is their closing statement:

The covered entity (CE), Flowers Hospital was informed by law enforcement on February 27, 2014, that while one of its employees was being arrested, the CE’s paper facesheets were found in his possession. An internal investigation revealed that the employee may have accessed or allowed another individual access to the clinical and demographic information of 1,208 individuals. The CE provided breach notification to HHS, to affected individuals, and to the media. In response to the breach, the CE implemented procedures to further restrict access to paper records and improved its maintenance and storage procedures. OCR obtained assurances that the CE implemented the corrective actions listed above.

So that was it as far as OCR’s role, it seems. Will those affected get any satisfaction from the court? It remains to be seen.

Dec 032015

Lance Griffin reports the latest in the case of a Flowers Hospital employee who was convicted of stealing patient information for a tax refund fraud scheme. The breach, which was first disclosed last year, has resulted in a lawsuit against the hospital and its parent company, as well as  an interesting prosecution in which the employee attempted, unsuccessfully, to withdraw a guilty plea.  Previous coverage of the breach and prosecution are linked from here

A federal appeals court this week upheld a lower court ruling that prohibited a man who pleaded guilty to stealing identities from Flowers Hospital from changing his guilty plea,

The opinion, published this week by the 11th Circuit Court of Appeals, concluded Kamarian Deshawn Millender was not misled or given incomplete information last year when he entered a plea agreement with the federal government to plead guilty to one count of aggravated identity theft.

Millender was sentenced to two years in prison (the mandatory term) for that offense. The plea agreement also indicated Millender agreed to pay restitution.

Read more on Dothan Eagle.

Sep 292015

There’s a noteworthy update to a lawsuit against Triad of Alabama, the former parent company for Flowers Hospital, whose employee was convicted on both federal and state charges for stealing and trafficking in patient information for tax refund fraud. The breach and earlier developments in the lawsuit were covered on

Today, Lance Griffin reports that the amended class complaint survived a motion to dismiss. What’s particularly noteworthy is that the complaint alleged violations of the Fair Credit Reporting Act (FCRA) as well as negligence and violations of state laws.  Griffin reports:

On Tuesday, U.S. District Judge William Keith Watkins adopted the recommendation of a magistrate judge and carried the vast majority of the claims in the case to the suit’s discovery stage.

The suit lists five named defendants whose private patient information appears to have been stolen by a hospital employee some time between June 2013 and February 2014.

Read more on Dothan Eagle.

Mar 112015

There’s a follow-up to a case involving theft of Flowers Hospital patient data by an employee for tax refund fraud. The data theft was first disclosed in April 2014, and reportedly occurred between June, 2013 and February, 2014. Within weeks, a potential class action lawsuit was filed.  Over the summer, the hospital moved to dismiss for lack of standing, but the court permitted the plaintiffs to amend their complaint.

The defendant, Karmarian Millender, who had agreed to plead guilty to federal charges, was indicted in September on state charges.  Right before sentencing on the federal charges,, he attempted to withdraw his guilty plea. The court was having none of that, however, and in December, Millender was sentenced to two years in prison and $18,915 in restitution.

Now WTVY reports that Millender entered a blind plea Wednesday on the state charges for trafficking in stolen identities.

It’s not something I’ve seen frequently – both federal and state criminal charges for an insider theft for tax refund fraud. So stay tuned…