[ Thursday, August 31, 2006 ]


Private enforcement of HIPAA: We've noted again and again that there's no private cause of action for a HIPAA violation, but the combination of the HIPAA privacy and security standards (as a benchmark for what type of behavior is expected and what implied warranties might be imposed) and other common-law causes of action like "breach of a duty of confidentiality" or "intentional infliction of emotional distress" might effectively allow for private causes of action where HIPAA has been violated (and a plaintiff has actually suffered measurable damages). Here's an interesting case in Utah where a possible HIPAA violation is the basis for a claim of a breach of a fiduciary duty of confidentiality.

Hat tip: Kirk Nahra.

Jeff [10:04 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template