By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    physical health
    5 Ways Playing Games Can Improve Neural and Physical Health
    September 9, 2022
    Reasons For Hair Loss and Its Treatment
    Reasons For Hair Loss and Its Treatment
    February 16, 2022
    healthcare organization
    5 Actionable Strategies For Healthcare Organizations
    August 15, 2022
    Latest News
    Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
    May 16, 2025
    Learn how to Renew your Medical Card in West Virginia
    May 16, 2025
    Choosing the Right Supplement Manufacturer for Your Brand
    May 1, 2025
    Engineering Temporary Hospitals for Extreme Weather
    April 24, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    email marketing in healthcare
    Harnessing the Power of Email Marketing in Healthcare
    October 26, 2023
    healthcare claims
    The Role of Communication in Resolving Complex Workers’ Compensation Claims in Healthcare Settings
    September 22, 2024
    Wounds and Wisdom: What Motorcycle Accidents Teach Us About Health and Healing
    Wounds and Wisdom: What Motorcycle Accidents Teach Us About Health and Healing
    February 12, 2025
    Latest News
    Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
    May 18, 2025
    The Critical Role of Healthcare in Personal Injury Recovery: A Comprehensive Guide for Victims
    May 14, 2025
    The Backbone of Successful Trials: Clinical Data Management
    April 28, 2025
    Advancing Your Healthcare Career through Education and Specialization
    April 16, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: HIPAA: Liability to Private Parties for Violations
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Business > Hospital Administration > HIPAA: Liability to Private Parties for Violations
BusinessHospital AdministrationMedical RecordsPolicy & Law

HIPAA: Liability to Private Parties for Violations

David Harlow
Last updated: November 18, 2014 9:00 am
David Harlow
Share
0 Min Read
SHARE

HipaaLast week, Connecticut joined at least nine other states (DE, KY, ME, MN, MO, NC, TN, UT, WV — see cases cited in the opinion, linked to below) in recognizing that, while HIPAA does not create a private right of action for violation of privacy, it does constitute a standard against which the actions of a defendant in such a case will be judged. In other words, if a covered entity or business associate or downstream contractor releases PHI other than in accordance with HIPAA (i.e., for treatment, payment or health care operations purposes, or to or at the direction of the data subject or his or her legal representative), the breach of the HIPAA rule may be the basis for a finding of a breach of a duty of care in a state court negligence action.

As the Connecticut Supreme Court observed in its opinion in Byrne v. Avery Ctr. for OB GYN, which was released earlier this week:

[A]ssuming, without deciding, that Connecticut’s common law recognizes a negligence cause of action arising from health care providers’ breaches of patient privacy in the context of complying with subpoenas, we agree with the plaintiff and conclude that such an action is not preempted by HIPAA and, further, that the HIPAA regulations may well inform the applicable standard of care in certain circumstances . . . .

[T]o the extent it has become the common practice for Connecticut health care providers to follow the procedures required under HIPAA in rendering services to their patients, HIPAA and its implementing regulations may be utilized to inform the standard of care applicable to such claims arising from allegations of negligence in the disclosure of patients’ medical records . . . .

The court also found that an action under state law was not pre-empted by HIPAA. In other words, the HIPAA standard of care may be used to judge the actions of the covered entity but that does not mean that HIPAA bars an individual from seeking redress for a breach under state law.

What does this mean for covered entities, business associates and downstream contractors? It is yet another reminder that exposure for violations of standards of care and conduct embodied in HIPAA regulations is not limited to indemnification clauses in business associate agreements or audits or enforcement actions brought by the OCR or a state attorney general. A data subject may bring suit if a covered entity, business associate or downstream contractor experiences a breach.

More Read

car accidents and traumatic brain injuries
Traumatic Brain Injury Treatment Options After a Car Accident
Conference Season Approaching – Prepare for Landing
A Guide to Securing Your Long-Term Health After a Car Accident
In Search of the Ideal Doctor-Client: A Marketing-Savvy CEO
Everything You Need To Know About Raynaud’s Disease

The Connecticut case involved responding to a subpoena. There are specific HIPAA rules about responding to subpoenas, and the provider in this case likely should have provided notice to the data subject and an opportunity to quash. The breach was not the result of an outside hack — it was apparently the result of inadequate policies and procedures, and/or staff training, at a covered entity.

Other cases could involve breaches in other contexts. For example, a social media posting including PHI could be the basis of a state law claim, not just a complaint filed with OCR. And in fact, it is likely that the plaintiff bar will begin filing OCR complaints as part of their case preparation in breach of privacy matters; an OCR finding of a HIPAA violation could obviate the need for a trial on liability in a state court breach of privacy case — the case would go straight to a trial or settlement discussions on the amount of the damages.

At one end of the spectrum, the liability under a state law claim may run into the hundreds of millions of dollars. (Consider the Johns Hopkins settlement; while not a HIPAA case, it provides a sense of the monetary damages that may be incurred through lax attitudes towards privacy.)

I urge covered entities, business associates and downstream contractors to take these lessons to heart and redouble their compliance efforts accordingly.

photo: Flickr cc caliorg

TAGGED:HIPAA
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

Clinical Expertise
Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
Health care
May 18, 2025
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Health
May 15, 2025
Learn how to Renew your Medical Card in West Virginia
Learn how to Renew your Medical Card in West Virginia
Health
May 15, 2025
Dr. Klaus Rentrop Shares Acute Myocardial Infarction heart treatment
Dr. Klaus Rentrop Shares Acute Myocardial Infarction
Cardiology
May 13, 2025

You Might also Like

water sports
Health careMental HealthUncategorized

Positive Effects of Water Sports On Your Body And Mind

May 1, 2021

Collaborative Care for Living Well with Chronic Disease

February 5, 2012
Public HealthSpecialtiesWellness

The Health Benefits of Cannabis: What Are You Missing Out On?

December 19, 2017
neck and back pain
eHealthHealth care

Non-Invasive Pain Relief: Wearable Technologies And Other Techniques

November 9, 2020
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?