Attention, Provider: You Can Be Sued for HIPAA Violations in Some States

Connecticut is the latest state to decide that healthcare providers can be sued for breaches of patient confidentiality under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Connecticut Supreme Court set the precedent when it decided that one patient’s breach of confidentiality and negligence claims against a provider could move forward. In essence, the decision paves the way for patients to use HIPAA as a standard of care and to sue providers for unauthorized disclosure of medical records. Previously (and still, in many states), there has been no assumed private right of action under HIPAA, so patients had no cause to sue providers for violations. Now, however, Connecticut and other states, including neighboring New York, consider those violations to be negligence or breach of duty of confidentiality. JUCM has published two articles that shed more light on the intricacies of HIPAA as they apply to the urgent care setting in recent months; you can read What HIPAA Is and What It’s Not and Implications of HIPAA and Employee Confidentiality Rules on Positive Drug Test Results in our archive.