[ Thursday, August 31, 2006 ]
Private enforcement of HIPAA:
We've noted again and again that there's no private cause of action for a HIPAA violation, but the combination of the HIPAA privacy and security standards (as a benchmark for what type of behavior is expected and what implied warranties might be imposed) and other common-law causes of action like "breach of a duty of confidentiality" or "intentional infliction of emotional distress" might effectively allow for private causes of action where HIPAA has been violated (and a plaintiff has actually suffered measurable damages). Here's an interesting case
in Utah where a possible HIPAA violation is the basis for a claim of a breach of a fiduciary duty of confidentiality.
Hat tip: Kirk Nahra.
Jeff [10:04 AM]
Blogger: HIPAA Blog - Edit your Template