[ Friday, January 12, 2018 ]
Jeff [10:45 AM]
The CT Supreme Court has established, for the first time in the state, a physician's common law obligation to protect the confidentiality of patient records
. Most states have either a common law right to confidentiality or a statutory one, but a lower court noted that neither had been established in Connecticut until now.
The case involves a HIPAA violation, and a patient's lawsuit against an Ob/Gyn practice for disclosing the patient's records to a probate court pursuant to a subpoena. HIPAA does allow disclosures of PHI under subpoena in certain circumstances, and it's not entirely clear here whether all of the HIPAA requirements were met; however, the plaintiff's claims for a HIPAA violation were immediately tossed out because there is no private cause of action for a HIPAA breach. In other words, even if a medical practice blatantly breaches HIPAA and discloses the patient's data, the patient cannot sue the medical practice for the HIPAA breach.
The patient can potentially sue the medical practice under some other grounds, specifically for failure to comply with state statutory or common law privacy obligations. In this case, the lower court correctly noted that there is no established privacy obligation in Connecticut; the supreme court, however, reset the table.
No, this isn't exactly right
. Connecticut citizens cannot sue for HIPAA breaches. They can sue for breach of confidentiality of medical records. There is overlap between those two things, but they are not contiguous or equal.
Blogger: HIPAA Blog - Edit your Template