HIPAA Lawsuits Can Pose Greater Risks than Fines Alone
HIPAA lawsuits have been making the news more and more over the past few years, as HIPAA regulation continues to impact the health care industry.
Among the states where patients may now seek civil suits against their providers are Connecticut, New York, Massachusetts, and Michigan.
Connecticut is the most recent of these states to be added to the list. In January of 2018, a patient filed a HIPAA lawsuit against her OBGYN provider for an unlawful dissemination of her protected health information (PHI). HIPAA defines PHI as any demographic information that can be used to identify a patient. Common examples of PHI include name, date of birth, address, telephone number, email, Social Security number, financial information, and full facial photos, to name a few.
The patient in this HIPAA lawsuit alleged that her PHI was made public, which constituted a breach of her privacy under HIPAA regulation. HIPAA sets a series of national privacy and security standards that all health care providers, such as behavioral health providers must adhere to. Additionally, when PHI is released, transmitted, or used it must be limited to the minimum necessary amount necessary to successfully complete the intended task.
Because of the improper disclosure of PHI and the breach of the HIPAA minimum necessary standard, this HIPAA lawsuit went all the way to the Connecticut Supreme Court. After a protracted legal battle, the Court ruled in favor of the defendant. This sets an important precedent for patients across all of Connecticut, and states like it where verdicts like this have been reached. Patients may now file HIPAA lawsuits on grounds of inappropriate uses or disclosures of their PHI–in addition to federal and state HIPAA fines that are slowly on the rise.
By ensuring your behavioral health practice is compliant with the full extent of HIPAA regulation, you can stave off the harmful effects of HIPAA lawsuits and fines.