Med Mal News

Though Not Hired, Lawyer Owed Duty to Potential Client

New Jersey's Disciplinary Review Board has recommended that attorney Peter Bonfiglio III be officially reprimanded for failing to pass a potential client's file on to a colleague after saying that he would do so. Bonfiglio and the medical malpractice claimant, who knew each other as fellow youth basketball coaches, never subsequently entered into an attorney/client relationship because the attorney did not handle medical malpractice claims. Still, Bonfiglio promised to have a colleague who did handle such cases look over the evidence he'd been given. He neglected to follow through, however, then apparently lost the medical files and other evidence the potential client had left with him. The man attempted, through e-mail, to contact the attorney on 11 occasions over the next 16 months, but Bonfiglio responded only to the last of these inquiries by telling the man he did not have a valid case. When asked for the return of the medical records and other evidence, Bonfiglio told the potential client that he was looking for them. When he did not hear back, the potential client brought an ethics complaint. The Board found that Bonfiglio falsely claimed to have given the file to a colleague for review, in violation of Rule of Professional Conduct (RPC) 8.4(c), which forbids “conduct involving dishonesty, fraud, deceit or misrepresentation.” According to the Board, despite the fact that no attorney/client relationship was ever formed, Bonfiglio also breached RPC 1.4(b), which requires a lawyer to “keep a client reasonably informed about the status of a matter and promptly comply with reasonable requests for information.” Stated the Board, “[T]he nature of the parties' relationship required that respondent, at the very least, reply to [the potential client's] inquiries about the review of his claim.”

Laptop Theft Leads to Hefty Fine

The U.S. Department of Health and Human Services (HHS) has settled with the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (MEEI) in the amount of $1.5 million for what it terms the entity's “potential violations” of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The settlement followed MEEI's self-reporting of the theft of one of its laptop computers, which contained unencrypted private patient electronic protected health information (ePHI), as required by the Health Information Technology for Economic and Clinical Health Act (HITECH) Breach Notification Rule. (See article on page 1 of this issue.) An HHS release explained the breach: “MEEI failed to take necessary steps to comply with certain requirements of the Security Rule, such as conducting a thorough analysis of the risk to the confidentiality of ePHI maintained on portable devices, implementing security measures sufficient to ensure the confidentiality of ePHI that MEEI created, maintained, and transmitted using portable devices, adopting and implementing policies and procedures to restrict access to ePHI to authorized users of portable devices, and adopting and implementing policies and procedures to address security incident identification, reporting, and response.” In addition to the fine, MEEI agreed as part of the settlement to implement corrective actions to prevent future similar mishaps and to accept the oversight of an independent monitor for a three-year period.

Though Not Hired, Lawyer Owed Duty to Potential Client

New Jersey's Disciplinary Review Board has recommended that attorney Peter Bonfiglio III be officially reprimanded for failing to pass a potential client's file on to a colleague after saying that he would do so. Bonfiglio and the medical malpractice claimant, who knew each other as fellow youth basketball coaches, never subsequently entered into an attorney/client relationship because the attorney did not handle medical malpractice claims. Still, Bonfiglio promised to have a colleague who did handle such cases look over the evidence he'd been given. He neglected to follow through, however, then apparently lost the medical files and other evidence the potential client had left with him. The man attempted, through e-mail, to contact the attorney on 11 occasions over the next 16 months, but Bonfiglio responded only to the last of these inquiries by telling the man he did not have a valid case. When asked for the return of the medical records and other evidence, Bonfiglio told the potential client that he was looking for them. When he did not hear back, the potential client brought an ethics complaint. The Board found that Bonfiglio falsely claimed to have given the file to a colleague for review, in violation of Rule of Professional Conduct (RPC) 8.4(c), which forbids “conduct involving dishonesty, fraud, deceit or misrepresentation.” According to the Board, despite the fact that no attorney/client relationship was ever formed, Bonfiglio also breached RPC 1.4(b), which requires a lawyer to “keep a client reasonably informed about the status of a matter and promptly comply with reasonable requests for information.” Stated the Board, “[T]he nature of the parties' relationship required that respondent, at the very least, reply to [the potential client's] inquiries about the review of his claim.”

Laptop Theft Leads to Hefty Fine

The U.S. Department of Health and Human Services (HHS) has settled with the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (MEEI) in the amount of $1.5 million for what it terms the entity's “potential violations” of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. The settlement followed MEEI's self-reporting of the theft of one of its laptop computers, which contained unencrypted private patient electronic protected health information (ePHI), as required by the Health Information Technology for Economic and Clinical Health Act (HITECH) Breach Notification Rule. (See article on page 1 of this issue.) An HHS release explained the breach: “MEEI failed to take necessary steps to comply with certain requirements of the Security Rule, such as conducting a thorough analysis of the risk to the confidentiality of ePHI maintained on portable devices, implementing security measures sufficient to ensure the confidentiality of ePHI that MEEI created, maintained, and transmitted using portable devices, adopting and implementing policies and procedures to restrict access to ePHI to authorized users of portable devices, and adopting and implementing policies and procedures to address security incident identification, reporting, and response.” In addition to the fine, MEEI agreed as part of the settlement to implement corrective actions to prevent future similar mishaps and to accept the oversight of an independent monitor for a three-year period.