The state Supreme Court ruled that physicians can be sued for HIPAA negligence if it violates certain regulations.
- Patients can sue a medical office for HIPAA negligence if it violates regulations that dictate how healthcare organizations must maintain patient confidentiality, according to a recent Connecticut Supreme Court ruling.
In the case, Emily Byrne claimed that the Avery Center for Obstetrics and Gynecology in Westport violated her right to privacy, reported the Connecticut Post. In 2004, Byrne learned that she was pregnant and reportedly instructed the Avery Center not to release any of her medical information to the father of the child, with whom she was no longer in a relationship.
However, when given a subpoena the Avery Center released her medical file. The suit states that the organization failed to make any attempt to notify Byrne of the subpoena or to seek guidance from a court on the disclosure.
“Before this ruling, individuals could not file a lawsuit claiming violation of their privacy under the (Health Insurance Portability and Accountability Act of 1996) regulations,” Trumbull lawyer Bruce Elstein told the news source. “It was for that reason that we filed a negligence claim, claiming the medical office was negligent when it released confidential medical records contrary to the requirements set forth in the regulations.”
According to Elstein, the father of Byrne’s child used her personal information for “a campaign of harm, ridicule, embarrassment and extortion.” The Connecticut Supreme Court agreed that a violation of HIPAA regulations may constitute a violation of generally accepted standards of care, Elstein said. Therefore, the court remanded the case back to the lower court for trial.
This is the first instance that Connecticut’s Supreme Court has ruled regarding HIPAA negligence, and the state now joins Missouri, West Virginia and North Carolina in similar rulings.
In the West Virginia case, the state Supreme Court of appeals ruled that hospitals and other health care providers are subject to suit for damages where medical records are released in violation of HIPAA regulations. The West Virginia court rejected the argument that the HIPAA statute and its extensive regulations did not provide for suit for damages over release and therefore preempted any such actions under state law.
Various states have differing opinions on interpreting HIPAA compliance in relation to individual lawsuits.
Just last month, a Florida federal appeals court ruled that it is not a HIPAA violation for physician defendants to have equal access to plaintiffs’ health information. The decision upheld a tort reform law, which says that prospective plaintiffs must execute a written form authorizing defendants to gather documents and conduct ex parte interviews of the plaintiff’s medical providers.
According to the decision, HIPAA regulations generally prohibit covered entities from using or disclosing protected health information (PHI). However, the regulations permit covered entities to disclose protected health information when certain requirements are met, two of which apply to the case.
“We conclude that the written authorization form, required by Florida statute § 766.1065, is fully compliant with the HIPAA statute and its regulations and the state and federal law are not in conflict,” the decision read. “Accordingly, there is no federal preemption of § 766.1065, and the district court’s entry of judgment in favor of the plaintiff is reversed.”