[Cite as Drake v. UC Health, L.L.C., 2026-Ohio-1483.]
IN THE COURT OF APPEALS FIRST APPELLATE DISTRICT OF OHIO HAMILTON COUNTY, OHIO
DANIELLE DRAKE, : APPEAL NO. C-250581 TRIAL NO. A-2403093 Plaintiff-Appellant, :
vs. :
UC HEALTH, LLC, : JUDGMENT ENTRY
Defendant-Appellee. :
This cause was heard upon the appeal, the record, and the briefs. For the reasons set forth in the Opinion filed this date, the judgment of the trial court is affirmed. Further, the court holds that there were reasonable grounds for this appeal, allows no penalty, and orders that costs be taxed under App.R. 24. The court further orders that (1) a copy of this Judgment with a copy of the Opinion attached constitutes the mandate, and (2) the mandate be sent to the trial court for execution under App.R. 27.
To the clerk: Enter upon the journal of the court on 4/24/2026 per order of the court.
By:_______________________ Administrative Judge [Cite as Drake v. UC Health, L.L.C., 2026-Ohio-1483.]
IN THE COURT OF APPEALS FIRST APPELLATE DISTRICT OF OHIO HAMILTON COUNTY, OHIO
DANIELLE DRAKE, : APPEAL NO. C-250581 TRIAL NO. A-2403093 Plaintiff-Appellant, :
UC HEALTH, LLC, : OPINION
Civil Appeal From: Hamilton County Court of Common Pleas
Judgment Appealed From Is: Affirmed
Date of Judgment Entry on Appeal: April 24, 2026
Tobias & Torchia and David Torchia, for Plaintiff-Appellant,
Jackson Lewis, P.C., Patricia Anderson Pryor and Patricia K. Gavigan for Defendant- Appellee. OHIO FIRST DISTRICT COURT OF APPEALS
KINSLEY, Presiding Judge.
{¶1} Plaintiff-appellant Danielle Drake was terminated from her job as a
social worker at a facility operated by defendant-appellee UC Health, LLC (“UC”). She
sued UC, alleging that she was dismissed in violation of public policy because she
accessed a patient’s private health information (“PHI”) for the purpose of reporting a
coworker’s violation of federal law. But UC contends it terminated Drake, an at-will
employee, based on its clear workplace policy that PHI is off-limits for all but patient
care, billing, and department management, none of which justified Drake’s access.
{¶2} The trial court awarded summary judgment to UC. Because we agree
that, on this record, there is no genuine dispute of material fact as to the overriding
business justification for Drake’s termination, we affirm the judgment of trial court.
Background
{¶3} Drake began working as a social worker in UC’s emergency department
in 2014. As part of her employment, she regularly accessed patients’ PHI. Two rules
limited the circumstances under which she could do so. First, as with all health care
workers, Drake’s access to PHI was governed by a federal statute: the Health Insurance
Portability and Accountability Act of 1996 (“HIPAA”). Drake was also required to
follow UC’s policies related to patient PHI. As a standard workplace rule, UC restricted
its employees’ access to PHI to “legitimate business reason[s].” A “legitimate business
reason” occurred when an employee had direct involvement in the treatment of the
patient, the billing or collecting of payment for services, or the management of a
department.
{¶4} UC became aware that Drake accessed patient PHI without a legitimate
business reason in the course of investigating a complaint Drake initiated against a
coworker. Drake does not dispute that she accessed the patient’s PHI, but she argues
3 OHIO FIRST DISTRICT COURT OF APPEALS
that her complaint justified the violation.
{¶5} Drake’s complaint stemmed from a phone call she overhead between
the coworker and the patient’s family member on December 8, 2023. Drake believed
the coworker provided the patient’s PHI to the family member in violation of HIPAA.
UC directed its employees to report suspected HIPAA violations through a phone
hotline, an email address, by completing a Medical Information Data Analysis System
(“MIDAS”) form, or directly reporting the violation to a manager. Drake alleged she
could not complete a MIDAS form because she did not know the patient’s name. So,
on December 11, 2023, Drake reported the alleged violation to her social work
supervisor.
{¶6} When Drake did not hear back about the complaint, she followed up
with a different supervisor on January 12, 2024. In the days that followed, UC
conducted an investigation of Drake’s coworker. The investigation included speaking
to a member of the patient’s direct care team, who did not recall much. But the
conversation with the provider revealed that Drake knew much more about the patient
than the care team. This led Drake’s supervisor to be concerned that Drake herself
had accessed the patient’s PHI in an unauthorized way.
{¶7} Drake’s supervisor then contacted UC’s compliance department to
determine whether Drake had in fact accessed the patient’s PHI. The compliance
department confirmed that Drake accessed the patient’s identity report on December
8, 2023, the day of the coworker’s alleged HIPAA violation. Compliance records
reflected that Drake viewed a patient floor list for a floor of the hospital she was not
working on in order to connect to the patient’s record. Drake’s view of the document
was brief—a mere 18 seconds.
{¶8} After learning this information, Drake’s supervisor emailed her to
4 OHIO FIRST DISTRICT COURT OF APPEALS
inquire whether she had a “work-related” reason for accessing the patient’s PHI.
Drake did not recall accessing the record.
{¶9} The compliance department, Drake’s supervisor, and UC’s Human
Resources Department (“HR”) then conferred about Drake’s conduct. Drake’s
supervisor concluded that, according to UC policy, her access to patient PHI was
unauthorized because she was not a part of the patient’s care team. The team then
discussed the appropriate response for Drake’s misconduct, as UC’s written policy
permitted discipline up to and including termination for violations of the PHI rule.
HR advised that UC’s strict practice is to terminate employees who access patient PHI
in an unauthorized manner.
{¶10} After learning termination was required, Drake’s supervisor asked
about lesser sanctions, given that Drake acted in good faith and only briefly viewed the
record. He also expressed concern about “the implications a termination could have
on future good faith reporting.” In response, HR repeated that termination was the
standard remedy for Drake’s conduct.
{¶11} On February 7, 2024, Drake attended a meeting with HR and her
supervisors. Although she still did not recall accessing the patient’s PHI, she admitted
at the meeting that she must have done so. She indicated that her purpose in reviewing
the patient’s record was to learn the patient’s name so she could complete a MIDAS
form to report the coworker’s alleged HIPAA violation. Drake was then terminated for
“[u]nauthorized or otherwise inappropriate access, use, handling, or disclosure of
confidential patient health information (PHI), or inappropriate discussion of PHI in
public areas.”
{¶12} On July 10, 2024, Drake filed a complaint against UC in the Hamilton
County Court of Common Pleas, alleging that UC wrongfully terminated her in
5 OHIO FIRST DISTRICT COURT OF APPEALS
violation of public policy. At the close of discovery, UC moved for summary judgment,
which the trial court granted. In its written order, the trial court focused on two
Free access — add to your briefcase to read the full text and ask questions with AI
[Cite as Drake v. UC Health, L.L.C., 2026-Ohio-1483.]
IN THE COURT OF APPEALS FIRST APPELLATE DISTRICT OF OHIO HAMILTON COUNTY, OHIO
DANIELLE DRAKE, : APPEAL NO. C-250581 TRIAL NO. A-2403093 Plaintiff-Appellant, :
vs. :
UC HEALTH, LLC, : JUDGMENT ENTRY
Defendant-Appellee. :
This cause was heard upon the appeal, the record, and the briefs. For the reasons set forth in the Opinion filed this date, the judgment of the trial court is affirmed. Further, the court holds that there were reasonable grounds for this appeal, allows no penalty, and orders that costs be taxed under App.R. 24. The court further orders that (1) a copy of this Judgment with a copy of the Opinion attached constitutes the mandate, and (2) the mandate be sent to the trial court for execution under App.R. 27.
To the clerk: Enter upon the journal of the court on 4/24/2026 per order of the court.
By:_______________________ Administrative Judge [Cite as Drake v. UC Health, L.L.C., 2026-Ohio-1483.]
IN THE COURT OF APPEALS FIRST APPELLATE DISTRICT OF OHIO HAMILTON COUNTY, OHIO
DANIELLE DRAKE, : APPEAL NO. C-250581 TRIAL NO. A-2403093 Plaintiff-Appellant, :
UC HEALTH, LLC, : OPINION
Civil Appeal From: Hamilton County Court of Common Pleas
Judgment Appealed From Is: Affirmed
Date of Judgment Entry on Appeal: April 24, 2026
Tobias & Torchia and David Torchia, for Plaintiff-Appellant,
Jackson Lewis, P.C., Patricia Anderson Pryor and Patricia K. Gavigan for Defendant- Appellee. OHIO FIRST DISTRICT COURT OF APPEALS
KINSLEY, Presiding Judge.
{¶1} Plaintiff-appellant Danielle Drake was terminated from her job as a
social worker at a facility operated by defendant-appellee UC Health, LLC (“UC”). She
sued UC, alleging that she was dismissed in violation of public policy because she
accessed a patient’s private health information (“PHI”) for the purpose of reporting a
coworker’s violation of federal law. But UC contends it terminated Drake, an at-will
employee, based on its clear workplace policy that PHI is off-limits for all but patient
care, billing, and department management, none of which justified Drake’s access.
{¶2} The trial court awarded summary judgment to UC. Because we agree
that, on this record, there is no genuine dispute of material fact as to the overriding
business justification for Drake’s termination, we affirm the judgment of trial court.
Background
{¶3} Drake began working as a social worker in UC’s emergency department
in 2014. As part of her employment, she regularly accessed patients’ PHI. Two rules
limited the circumstances under which she could do so. First, as with all health care
workers, Drake’s access to PHI was governed by a federal statute: the Health Insurance
Portability and Accountability Act of 1996 (“HIPAA”). Drake was also required to
follow UC’s policies related to patient PHI. As a standard workplace rule, UC restricted
its employees’ access to PHI to “legitimate business reason[s].” A “legitimate business
reason” occurred when an employee had direct involvement in the treatment of the
patient, the billing or collecting of payment for services, or the management of a
department.
{¶4} UC became aware that Drake accessed patient PHI without a legitimate
business reason in the course of investigating a complaint Drake initiated against a
coworker. Drake does not dispute that she accessed the patient’s PHI, but she argues
3 OHIO FIRST DISTRICT COURT OF APPEALS
that her complaint justified the violation.
{¶5} Drake’s complaint stemmed from a phone call she overhead between
the coworker and the patient’s family member on December 8, 2023. Drake believed
the coworker provided the patient’s PHI to the family member in violation of HIPAA.
UC directed its employees to report suspected HIPAA violations through a phone
hotline, an email address, by completing a Medical Information Data Analysis System
(“MIDAS”) form, or directly reporting the violation to a manager. Drake alleged she
could not complete a MIDAS form because she did not know the patient’s name. So,
on December 11, 2023, Drake reported the alleged violation to her social work
supervisor.
{¶6} When Drake did not hear back about the complaint, she followed up
with a different supervisor on January 12, 2024. In the days that followed, UC
conducted an investigation of Drake’s coworker. The investigation included speaking
to a member of the patient’s direct care team, who did not recall much. But the
conversation with the provider revealed that Drake knew much more about the patient
than the care team. This led Drake’s supervisor to be concerned that Drake herself
had accessed the patient’s PHI in an unauthorized way.
{¶7} Drake’s supervisor then contacted UC’s compliance department to
determine whether Drake had in fact accessed the patient’s PHI. The compliance
department confirmed that Drake accessed the patient’s identity report on December
8, 2023, the day of the coworker’s alleged HIPAA violation. Compliance records
reflected that Drake viewed a patient floor list for a floor of the hospital she was not
working on in order to connect to the patient’s record. Drake’s view of the document
was brief—a mere 18 seconds.
{¶8} After learning this information, Drake’s supervisor emailed her to
4 OHIO FIRST DISTRICT COURT OF APPEALS
inquire whether she had a “work-related” reason for accessing the patient’s PHI.
Drake did not recall accessing the record.
{¶9} The compliance department, Drake’s supervisor, and UC’s Human
Resources Department (“HR”) then conferred about Drake’s conduct. Drake’s
supervisor concluded that, according to UC policy, her access to patient PHI was
unauthorized because she was not a part of the patient’s care team. The team then
discussed the appropriate response for Drake’s misconduct, as UC’s written policy
permitted discipline up to and including termination for violations of the PHI rule.
HR advised that UC’s strict practice is to terminate employees who access patient PHI
in an unauthorized manner.
{¶10} After learning termination was required, Drake’s supervisor asked
about lesser sanctions, given that Drake acted in good faith and only briefly viewed the
record. He also expressed concern about “the implications a termination could have
on future good faith reporting.” In response, HR repeated that termination was the
standard remedy for Drake’s conduct.
{¶11} On February 7, 2024, Drake attended a meeting with HR and her
supervisors. Although she still did not recall accessing the patient’s PHI, she admitted
at the meeting that she must have done so. She indicated that her purpose in reviewing
the patient’s record was to learn the patient’s name so she could complete a MIDAS
form to report the coworker’s alleged HIPAA violation. Drake was then terminated for
“[u]nauthorized or otherwise inappropriate access, use, handling, or disclosure of
confidential patient health information (PHI), or inappropriate discussion of PHI in
public areas.”
{¶12} On July 10, 2024, Drake filed a complaint against UC in the Hamilton
County Court of Common Pleas, alleging that UC wrongfully terminated her in
5 OHIO FIRST DISTRICT COURT OF APPEALS
violation of public policy. At the close of discovery, UC moved for summary judgment,
which the trial court granted. In its written order, the trial court focused on two
questions: (1) whether Drake accessed a patient’s PHI without appropriate
authorization, and (2) if Drake did, whether her termination was wrongful. In
answering the first question, the trial court highlighted the undisputed facts that
indicated that Drake had in fact accessed the patient’s PHI without authorization.
Drake herself admitted that she accessed a system list involving the patient, and UC’s
compliance officer also testified that Drake viewed the patient’s PHI. As to the second
question, the trial court found no authority for the proposition that terminating an
employee for unauthorized access of a patient’s PHI was against public policy. It
accordingly concluded that UC was entitled to judgment as a matter of law.
{¶13} This appeal followed.
Analysis
{¶14} Drake raises one assignment of error on appeal. She argues that the
trial court erred in granting UC’s motion for summary judgment because there are
disputed issues of material fact regarding the elements of her claim for wrongful
discharge in violation of Ohio’s public policy. We disagree.
A. Standard of Review
{¶15} “The granting of summary judgment is reviewed de novo.” Rogers v.
Sears, Roebuck and Co., 2002-Ohio-3304, ¶ 9 (1st Dist.).
Summary judgment is appropriate when (1) there is no genuine issue of
material fact, (2) the moving party is entitled to judgment as a matter of
law, and (3) the evidence, when viewed in favor of the nonmoving party,
permits only one reasonable conclusion and that conclusion is adverse
to the nonmoving party.
6 OHIO FIRST DISTRICT COURT OF APPEALS
Heiert v. Crossroads Community Church, Inc., 2021-Ohio-1649, ¶ 37 (1st Dist.), citing
Evans v. Thrasher, 2013-Ohio-4776, ¶ 25 (1st Dist.).
{¶16} In resolving a summary judgment motion, a court may consider “the
pleadings, depositions, answers to interrogatories, written admissions, affidavits,
transcripts of evidence, and written stipulations of fact.” Civ.R. 56(C). “When a
motion for summary judgment is properly made and supported,” the burden shifts to
the nonmoving party to “set forth specific facts showing that there is a genuine issue
for trial.” Todd Dev. Co. v. Morgan, 2008-Ohio-87, ¶ 11 (1st Dist.), citing Civ.R. 56(E).
When the nonmoving party is the plaintiff, if the plaintiff fails to set forth evidence
showing that a genuine issue of material fact exists as to each element of its claim, then
“the defendant is entitled to summary judgment as a matter of law.” Heiert at ¶ 40,
citing Williams v. 312 Walnut Ltd. Partnership, 1996 Ohio App. LEXIS 5887 *2 (1st
Dist. May 12, 2021).
B. Wrongful Termination in Violation of Public Policy
{¶17} Employment relationships in Ohio are governed by “the common-law
doctrine of employment at will.” Dohme v. Eurand Am. Inc., 2011-Ohio-4609, ¶ 11.
However, Ohio recognizes a public policy exception to this doctrine “when an
employee is discharged or disciplined for a reason which is prohibited by statute.”
Greeley v. Miami Valley Maintenance Contrs., 49 Ohio St.3d 228, 234 (1990). The
elements of a claim for wrongful discharge in violation of public policy are
(1) That clear public policy existed and was manifested in a state or
federal constitution, statute or administrative regulation, or in the
common law (the clarity element).
(2) That dismissing employees under circumstances like those involved
in the plaintiff’s dismissal would jeopardize the public policy (the
7 OHIO FIRST DISTRICT COURT OF APPEALS
jeopardy element).
(3) The plaintiff's dismissal was motivated by conduct related to the
public policy (the causation element).
(4) The employer lacked overriding legitimate business justification for
the dismissal (the overriding justification element).
Dohme at ¶ 12-16, citing Painter v. Graley, 70 Ohio St.3d 377, 384, fn. 8 (1994). The
clarity and jeopardy elements present questions of law, while the causation and
overriding justification elements present questions of fact. Collins v. Rizkana, 73 Ohio
St.3d 65, 70 (1995). A plaintiff must prove each element to satisfy the public policy
exception. See Wissler v. Ohio Dept. of Job & Family Servs., 2010-Ohio-3432, ¶ 18
(10th Dist.).
C. Overriding Justification
{¶18} We begin with the final element of the public policy test—the overriding
justification element—because it is dispositive of Drake’s appeal.
{¶19} Courts have established a burden-shifting framework in analyzing the
overriding justification element of a wrongful termination claim that relies on the
public policy exception. Nance v. Auto Mall, Inc., 2020-Ohio-3419, ¶ 48 (3d Dist.).
Under this framework, if the plaintiff presents some evidence that the termination was
motivated by conduct related to the public policy, the burden shifts to the employer to
show that an overriding business justification supported the termination. Id. at ¶ 49.
If the employer meets that burden, then the plaintiff may demonstrate a genuine issue
of material fact exists as to this element by identifying evidence that the purported
justification was pretextual. Id. at ¶ 51.
{¶20} As a general rule, absent a genuine dispute of material fact, courts do
not second-guess the business judgment of employers in determining personnel
8 OHIO FIRST DISTRICT COURT OF APPEALS
decisions. Wissler, 2010-Ohio-3432, at ¶ 37 (10th Dist.). Courts therefore routinely
grant motions for summary judgment in public policy exception cases where the
plaintiff fails to establish a genuine issue of material fact as to the employer’s
overriding business justification. Nance at ¶ 52, citing Sells v. Holiday Mgmt., Ltd.,
2011-Ohio-5974, ¶ 39 (10th Dist.).
{¶21} Here, UC presented an overriding business justification for its decision
to terminate Drake: that she violated its workplace policy prohibiting the unauthorized
access of patient PHI. The fact that Drake accessed the patient’s private health record
was undisputed; in fact, Drake herself admitted as much. This accordingly shifted the
burden to Drake to demonstrate a genuine dispute of material fact that her
termination was pretextual. See Nance, 2020-Ohio-3419, at ¶ 48 (3d Dist.).
{¶22} To establish pretext, Drake first argues that her conduct fell within the
scope of UC’s “legitimate business purpose” policy, as her access to the patient’s record
was brief, unintentional, and focused solely on obtaining the information necessary to
report the coworker’s alleged HIPAA violation. But Drake’s argument goes against the
plain terms of UC’s PHI policy. Under that policy, employees were only permitted to
access PHI in the treatment of a patient, for billing purposes, or to manage a
department. Drake’s access did not fall within any of these categories.
{¶23} Drake next points to UC’s progressive discipline policy in an effort to
establish pretext. It is true that UC’s written policy does not mandate automatic
termination for improper PHI access. But Drake offers no proof that it requires
corrective discipline before termination. To the contrary, UC’s chief compliance
officer testified that its strict practice is to automatically terminate employees who
inappropriately access PHI, and UC’s senior HR partner and Drake’s supervisor both
attested that they were unaware of any circumstance in which an employee was not
9 OHIO FIRST DISTRICT COURT OF APPEALS
terminated after UC discovered improper access of PHI. Absent any evidence that
UC’s policies require progressive discipline or that UC deviated from its standard
practices, we see no evidence of pretext in its decision to terminate Drake as a first
response.
{¶24} Drake next points to text messages she entered into the record between
herself and another UC employee, R.W., as potential evidence of pretext. Drake claims
that R.W. confirmed in texts that she had not been fired after her supervisor
determined that she improperly accessed PHI. But this alleged fact is not competently
demonstrated by the record. R.W. never testified or provided evidence, and R.W.’s
alleged statements to Drake in text messages about how she was treated at work are
hearsay. See, e.g., State v. Roseberry, 2011-Ohio-5921, ¶ 74 (holding that text
messages admitted for the truth of the matter asserted are inadmissible hearsay).
“Absent an exception, hearsay may not be considered in a motion for summary
judgment.” Pearl v. City of Wyoming, 2013-Ohio-2723, ¶ 13 (1st Dist.), citing Johnson
v. Southview Hosp., 2012-Ohio-4974, ¶ 20 (2d Dist.). As Drake has not identified any
applicable hearsay exception, we must therefore discount any statements attributed to
R.W. And absent R.W.’s texts, nothing in the record supports Drake’s argument that
other employees have engaged in the unauthorized access of PHI without being fired.
{¶25} We resolve two other points about pretext. Drake contends that her
supervisor and the senior HR partner provided conflicting testimony as to who made
the determination that Drake’s PHI access was inappropriate. We disagree with
Drake’s interpretation of the record, as both witnesses seemed clear that the
supervisor labeled Drake’s conduct in violation. But even if Drake is correct, and the
supervisor and the HR partner disagreed as to who made the decision, the evidence
still does not conflict on the ultimate question of material fact under the overriding
10 OHIO FIRST DISTRICT COURT OF APPEALS
justification element—why Drake was terminated. All UC witnesses agreed that Drake
was fired because she violated UC’s policy against the unauthorized access of patient
PHI. Drake therefore fails to point to a genuine issue of material fact between the
supervisor’s and the HR partner’s testimony.
{¶26} Lastly, Drake argues that HIPAA itself insulates her conduct. In doing
so, she relies in part on 45 C.F.R. 164.501, a federal regulation which defines the term
“health care operations” to include “management activities.” But UC’s overriding
justification for terminating Drake was not that she violated HIPAA; it was that she
violated UC’s policy against the unauthorized access of patient PHI. Thus, we do not
determine whether federal law permitted Drake to access the patient’s hospital
records, as that point is immaterial. It is clear that UC’s policy did not and that UC
fired Drake for this reason.
{¶27} Drake therefore failed to meet her burden of establishing a genuine
issue of material fact as to the overriding justification for her termination. As a result,
and based on the record before the court, reasonable fact finders could come to only
one conclusion on this element of the public policy test—that it was against UC policy
for any employee to access patient PHI without a legitimate business reason, that
Drake lacked such a reason, and that UC followed its strict practice of termination for
these violations. Drake’s claim therefore fails the fourth prong of the public policy
exception to at-will employment.
Conclusion
{¶28} Because Drake has not set forth evidence showing that a genuine issue
of material fact exists as to the overriding justification element of her claim, the trial
court did not err in granting summary judgment in UC’s favor. We accordingly
overrule Drake’s sole assignment of error and affirm the trial court’s judgment.
11 OHIO FIRST DISTRICT COURT OF APPEALS
Judgment affirmed.
ZAYAS and MOORE, JJ., concur.