[ Wednesday, November 05, 2014 ]


HIPAA Private Cause of Action: Long-time HIPAAcrats know that there's no private cause of action for a HIPAA violation.  In other words, if your doctor violates HIPAA and discloses your PHI to the National Enquirer, you can't sue him for violating HIPAA.  Depending on where you live, you may be able to sue him for violating a similar state law, a state data breach law, a law requiring physicians to maintain confidentiality, or on common-law grounds such as invasion of privacy.  In such a suit, the doctor's failure to follow HIPAA would probably be pretty good evidence that he did not act reasonably, and would help your case.  But unless you had some statutory or common-law claim, you can't sue just for a violation of HIPAA.

A recent Connecticut case implies that you can sue for a HIPAA breach in that state.  Actually, a better description would be that "a violation of HIPAA regulations may constitute a violation of generally accepted standards of care."  In other words, you can sue for negligence based on a violation of HIPAA; you just can't sue based on the HIPAA violation alone.

Jeff [3:30 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template