Statee., Inc. v. Hammer ex rel. Situated
Decision Date | 19 November 2021 |
Docket Number | No. 21-0095,21-0095 |
Citation | 866 S.E.2d 187 |
Parties | STATE of West Virginia EX REL. WEST VIRGINIA UNIVERSITY HOSPITALS – EAST, INC., Doing Business as Berkeley Medical Center; City Hospital, Inc., Doing Business as Berkeley Medical Center; and the Charles Town General Hospital, Doing Business as Jefferson Medical Center, Defendants Below, Petitioners v. The Honorable David M. HAMMER, Judge of the Circuit Court of Jefferson County, and Deborah S. Welch and Eugene A. Roman, Individually, and on Behalf of All Others Similarly Situated, Plaintiffs Below, Respondents |
Court | West Virginia Supreme Court |
Marc E. Williams, Robert L. Massie, Thomas M. Hancock, Nelson Mullins Riley & Scarborough, LLP, Huntington, West Virginia, Attorneys for the Petitioners.
Troy N. Giatras, Matthew Stonestreet, The Giatras Law Firm, PLLC, Charleston, West Virginia, Attorneys for the Respondents.
In this original jurisdiction proceeding, petitioners, West Virginia University Hospitals – East, Inc., doing business as Berkeley Medical Center; City Hospital, Inc., doing business as Berkeley Medical Center; and the Charles Town General Hospital, doing business as Jefferson Medical Center (collectively "Hospitals"), seek a writ of prohibition to prohibit the Circuit Court of Jefferson County from enforcing its order granting class certification in the underlying civil action filed by the respondents, Deborah S. Welch ("Ms. Welch") and Eugene A. Roman ("Mr. Roman") (collectively "Welch and Roman"). The underlying suit arose after an employee of Hospitals misappropriated the private information of certain patients from Hospitals’ medical records during the course of performing her authorized job duties. Welch and Roman successfully certified a class of approximately 7,445 individuals, which represented every medical record accessed by the employee during the relevant period of her employment. Hospitals argue that the class representatives lack standing because they have suffered no injury-in-fact from the employee's legitimate access to their confidential records. We agree with respect to Ms. Welch, and, based upon our finding that she has suffered no injury-in-fact, we conclude that she lacks standing to bring the claims asserted in this matter. Hospitals additionally argue that certain prerequisites to class certification were not met in this case. We address this issue only as to Mr. Roman and the subclass of 109 individuals he represents and find that the circuit court failed to provide a thorough analysis of the typicality prerequisite in light of Mr. Roman's circumstances and claims. Accordingly, after considering the briefs and oral arguments of the parties, and the appendix record for this matter, we grant the requested writ and prohibit the circuit court from enforcing its order of December 23, 2020, granting class certification. We remand this case for additional proceedings consistent with this opinion.
These facts are gleaned primarily from the circuit court's findings of fact contained in its order granting class certification. Angela Roberts ("Ms. Roberts") was hired in February 2014 to work as a registration specialist at the Berkeley Medical Center and the Jefferson Medical Center. Ms. Roberts's duties as a registration specialist involved assisting patients in scheduling their appointments with medical providers at Hospitals, which required her to access the patients’ protected health information that was stored in Hospitals’ electronic record system. Accordingly, Hospitals created a profile for Ms. Roberts giving her limited, role-based access to the patient information necessary for her job duties.
In March of 2016, two years after commencing her employment, Ms. Roberts began a romantic relationship with Ajarhi "Wayne" Roberts ("Mr. Roberts").1 Mr. Roberts purportedly convinced Ms. Roberts to use her position as a registration specialist for Hospitals to steal personal information from patient files so that he could use the information in attempting to commit bank and credit card fraud. As related by the circuit court, to obtain this information without being detected by Hospitals, "Ms. Roberts’ modus operandi was to wait until a patient contacted her and then she would legitimately access the patient's records to perform her job duties." (Second emphasis added). While viewing the patient record for the legitimate purposes of her job duties, as she was authorized to do, "she simultaneously ‘cased’ those same records to ascertain whether that patient might also be a lucrative target of her identity theft conspiracy with Mr. Roberts." When she determined that a particular patient was a "lucrative target," she would write down the patient's private information on a slip of paper or print a copy of the patient's driver's license. Ms. Roberts would then provide the private information she stole to Mr. Roberts.
In December 2016, law enforcement officers conducted a search of Mr. Roberts's home; during the search, slips of paper transcribed by Ms. Roberts and printed copies of patients’ driver's licenses were found. Ultimately, private information relating to 113 individuals, including Mr. Roman, was found in Mr. Roberts's home.2 Ms. Welch's information was not found in Mr. Roberts's home.
(Emphasis added).
Thereafter, in February 2019, Ms. Welch, individually and on behalf of all others similarly situated, filed a complaint against Hospitals. In March 2020, an amended complaint was filed that added Mr. Roman as a named plaintiff, also individually and on behalf of all others similarly situated. The amended complaint alleged the following claims: Breach of the Duty of Confidentiality; Unjust Enrichment (by receiving payment from plaintiffs to perform services that included protecting plaintiffs’ sensitive information and failing to protect the same); Negligence (by failing to protect the confidentiality of personal and private information); Breach of Contract, Expressed and Implied (written services contract promised plaintiffs that defendant would only disclose health information when required to do so by law and promised to protect plaintiffs’ sensitive information); Negligent Supervision (by failing to ensure staff, employees, and others having access to customers’ sensitive information received adequate training, experience, and supervision in protecting sensitive information); Negligence (breach of duty of reasonable care in protecting the confidentiality of...
To continue reading
Request your trial