HIPAA Lawsuits Can Pose Greater Risks than Fines Alone
HIPAA lawsuits have been making the news more and more over the past few years, as HIPAA regulation continues to impact the health care industry.
Among the states where patients may now seek civil suits against their providers are Connecticut, New York, Massachusetts, and Michigan.
Connecticut is the most recent of these states to be added to the list. In January of 2018, a patient filed a HIPAA lawsuit against her OBGYN provider for an unlawful dissemination of her protected health information (PHI). HIPAA defines PHI as any demographic information that can be used to identify a patient. Common examples of PHI include name, date of birth, address, telephone number, email, Social Security number, financial information, and full facial photos, to name a few.
The patient in this HIPAA lawsuit alleged that her PHI was made public, which constituted a breach of her privacy under HIPAA regulation. HIPAA sets a series of national privacy and security standards that all health care providers, such as behavioral health providers must adhere to. Additionally, when PHI is released, transmitted, or used it must be limited to the minimum necessary amount necessary to successfully complete the intended task.
Because of the improper disclosure of PHI and the breach of the HIPAA minimum necessary standard, this HIPAA lawsuit went all the way to the Connecticut Supreme Court. After a protracted legal battle, the Court ruled in favor of the defendant. This sets an important precedent for patients across all of Connecticut, and states like it where verdicts like this have been reached. Patients may now file HIPAA lawsuits on grounds of inappropriate uses or disclosures of their PHI–in addition to federal and state HIPAA fines that are slowly on the rise.
By ensuring your behavioral health practice is compliant with the full extent of HIPAA regulation, you can stave off the harmful effects of HIPAA lawsuits and fines.
If you need assistance with HIPAA compliance, consider working with our TBHI affiliate, the HIPAA Compliancy Group. (When you purchase services from them, TBHI will be paid a small commission.) They can help you support your HIPAA compliance with The Guard®. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance. The Guard is built to address the HIPAA regulations, including guided walkthroughs of HIPAA Risk Assessments. With The Guard, you can focus on running your practice while keeping your patients’ data protected and secure.Compliancy Group’s team of expert Compliance Coaches® can also field questions and guide you through the implementation process, taking the stress out of managing compliance. Find out more about how Compliancy Group and the HIPAA Seal of Compliance® can help simplify your HIPAA compliance today!
Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.