Miami Medical Sexual Misconduct & Privacy Violation Lawyers

We understand that reaching out about a privacy violation or sexual misconduct by a medical provider is difficult. Our intake process is designed to be safe, private, and conducted at your pace. You will speak directly with an attorney, not a call center. Nothing you share leaves our office.

You are not required to describe details you are not ready to discuss. The conversation is protected by the attorney-client privilege from the moment it begins, whether or not you decide to proceed.

Staff snooping. An employee at a Miami hospital opens your medical record out of curiosity, gossip, or personal interest. They have no treatment relationship with you. No clinical reason to access your chart. The EMR system logs every access: who opened the record, when, from which workstation, and which sections they viewed. Hospitals are required to maintain these audit logs. When we obtain them, the unauthorized access pattern is documented with a precision the employee cannot dispute.

Unauthorized disclosure. A staff member shares your diagnosis, your mental health records, your reproductive health information, or your HIV status with a family member, employer, or acquaintance without your written authorization. A nurse texts a photo of your chart to a colleague who is not involved in your care. A front desk employee confirms your appointment to someone who called claiming to be your spouse. Each of these disclosures is documented in the communication records, the internal incident reports, and the breach notification process that the hospital is required to follow.

Social media exposure. Patient images, chart screenshots, or identifiable medical information posted on personal social media accounts by hospital employees. This is not hypothetical. It happens in Miami hospitals and clinics, and it produces claims for invasion of privacy, negligence per se (where statutory duties are violated), and emotional distress. The posts are often deleted, but the metadata, the internal investigation, and the disciplinary records survive.

Sexual misconduct by a medical provider is not a malpractice claim in the traditional sense. It is an intentional tort: assault, battery, and in many cases a criminal act prosecuted separately from the civil case. The provider who performs a genital or breast examination without clinical justification, who touches a patient in a sexual manner during a procedure, who makes sexually explicit comments during an exam, or who photographs a patient for non-medical purposes has committed an act that falls outside the scope of medical treatment entirely.

The question for the civil case is not just what the provider did. It is what the institution knew and when it knew it. If the Miami hospital or clinic had a chaperone policy for sensitive examinations and it was not followed, the policy violation is evidence of institutional failure.

If prior patients filed complaints about the same provider and the facility did not investigate, did not restrict the provider’s access to patients, or did not report the conduct to the Florida Department of Health, the facility’s inaction enabled the harm. The provider committed the act. The institution created the conditions that allowed it to happen.

The pattern is consistent across the institutional misconduct cases we handle in Miami. A patient or a staff member reports a boundary violation. The complaint goes to a supervisor, a compliance officer, or a human resources department. And then nothing happens. The provider continues to see patients. The staff member continues to access records. No investigation is opened. No restrictions are imposed. The complaint is filed, sometimes literally, in a folder that is never reopened until a lawyer requests it.

Negligent supervision, negligent retention, and negligent failure to protect are the legal theories that hold the institution accountable for the harm that follows the first ignored complaint. If the hospital retained a provider after receiving a credible allegation of sexual misconduct, and that provider subsequently harmed another patient, the hospital’s decision to retain is the proximate cause of the second patient’s injury. The complaint files, the HR investigation records (or the absence of them), the credentialing documents, and the internal emails between administrators reconstruct what the institution knew and what it chose not to do.

Retaliation is the second institutional failure that transforms a misconduct case into a systemic liability claim. When a patient who reported abuse was discharged from the practice, denied follow-up appointments, or subjected to retaliatory notations in their chart, the retaliation is documented in the scheduling records, the chart entries, and the correspondence between the patient and the facility. When a staff member who reported a colleague’s behavior was terminated, reassigned, or subjected to a hostile work environment, the employment records capture the timeline. Retaliation does not just compound the harm. It demonstrates consciousness of guilt.

EMR access logs and audit trails. Every electronic medical record system used in Miami hospitals generates an audit log showing who accessed which patient record, when, and which sections they opened. If a staff member viewed your chart 14 times in a week without a treatment reason, that pattern is captured. If a provider accessed your imaging studies from a personal device or outside scheduled hours, that access is logged. We demand these logs in their raw format, not the sanitized summary the hospital’s compliance department may prefer to produce.

Prior complaint and HR files. If the provider who harmed you had prior complaints from other patients or staff, those files are the foundation of the negligent retention claim. Hospitals maintain personnel files, disciplinary records, credentialing files, and internal investigation reports.

In Florida, we use targeted discovery requests to obtain these records. When the hospital claims privilege, we litigate the privilege assertion document by document. Prior complaints that the hospital knew about and failed to act on are not privileged. They are evidence of notice.

Training records and policy compliance. Did the Miami hospital require annual HIPAA training for all staff? Did it enforce a chaperone policy for sensitive examinations? Did it conduct background checks and reference verification during credentialing? The answers to these questions are in the training sign-off sheets, the policy manuals, and the credentialing files. When the institution’s own policies were not followed, those policies become evidence against the institution.

The emotional and psychological harm from a privacy violation or sexual misconduct by a trusted medical provider is often more debilitating than a physical injury. Post-traumatic stress disorder, anxiety, depression, avoidance of medical care, and disruption of the therapeutic relationship are documented by mental health professionals and presented through expert testimony. The cost of therapy, medication management, and the lost ability to engage in normal activities and relationships is calculated across the duration the patient’s treating psychologist or psychiatrist projects the effects will persist.

For privacy violations specifically, damages may include reputational harm from disclosures to employers, family, or community members, financial consequences where medical information was used to discriminate or terminate employment, and the cost of identity protection and credit monitoring where records were compromised. For sexual misconduct, damages include the physical injury itself, the emotional devastation of the betrayal by a trusted caregiver, and the disruption of ongoing medical care when the patient can no longer return to the facility. In cases where the institution’s conduct was egregious, deliberate, or motivated by a desire to protect its reputation rather than its patients, Florida law may permit punitive damages to punish the wrongdoing and deter future misconduct.

How the Hospital Frames These Cases as Isolated Incidents and Why That Framing Is Designed to Fail

The first thing a Miami hospital’s legal team does when a privacy or misconduct claim is filed is separate the institution from the individual. They terminate the employee, issue a statement expressing “deep concern,” and argue in litigation that the act was the unauthorized conduct of a rogue individual acting outside the scope of employment. Attorney Jorge L. Flores knows this playbook because he helped construct it during the years he spent at a Miami insurance defense firm representing hospitals.

The “rogue employee” defense collapses when the discovery process reveals what the institution knew before the incident. Prior complaints in the personnel file. A credentialing application that omitted disciplinary history from a previous employer and was never verified. An internal audit showing the employee accessed patient records without authorization months before the incident and the compliance department took no action.

HIPAA training records showing the employee never completed the required modules. Each of these documents transforms the case from “one bad actor” into “an institution that failed to protect its patients despite having the information and the tools to do so.” Jorge Flores knows where those documents are stored because he spent years advising hospitals on how to manage them.

The Provider Committed the Act. The Institution Created the Conditions That Allowed It.

The EMR access logs, the complaint history, the credentialing files, and the training records reconstruct what the hospital knew and what it chose not to do. That institutional record is where the case is built.

(305) 598-2221