What Are Your Legal Remedies if Your Medical Records Are Wrongfully Disclosed?
Privacy of personal medical records is protected by federal and state law. Every person and organization involved in providing healthcare is obligated to keep patient medical records confidential. When providers fail in this duty and information ends up in the wrong hands, the law provides certain remedies for the individuals whose privacy has been compromised.
The federal Health Insurance Portability and Accountability Act (HIPAA) establishes rules for medical records privacy. HIPAA bars healthcare providers from disclosing patient information to unauthorized third parties. The statute also mandates that individuals and organizations in possession of such information — including employers — take reasonable steps to keep it secure. Any information that would allow someone to identify the patient (such as name, Social Security number, telephone number or email address) must remain confidential.
Release of private medical information in violation of HIPAA can occur by way of wrongful disclosure or data theft. A healthcare provider might intentionally or inadvertently disclose confidential information to a third party. For example, a doctor discusses a patient’s condition with a close relative of the patient without the patient having given prior consent to such disclosure of information. Occasionally, confidential information is stolen. Electronic data systems can be breached or paper records taken due to inadequate security. Failing to adequately protect patient information is a HIPAA violation.
Wrongful release or publication of records can have damaging consequences for patients and their families. Criminals use medical records to commit identity theft, which often causes significant financial losses, such as fraudulent debts made in the victim’s name, theft of funds from personal bank accounts and stolen government payments. Unlawful data release may also result in the victim having to pay increased health insurance premiums or being dropped from a health plan. In addition, wrongful disclosure of records might damage the victim’s personal or professional reputation and hurt his or her prospects for employment.
The government can punish violations of HIPAA by imposing substantial monetary penalties, which compel the violator to improve data privacy and security efforts. Although HIPAA does not specifically provide a private remedy for a victim to obtain damages, the victim can file appropriate claims for compensation under state law. West Virginia recognizes a private cause of action for negligent or otherwise wrongful disclosure of medical information. A victim also may have a valid claim against a healthcare provider for breach of its implied contract to comply with HIPAA rules.
The Giatras Law Firm, PLLC in Charleston, West Virginia has deep experience in consumer protection and data privacy law. If you or a family member’s medical records have been wrongfully disclosed, please contact us online or call 888-819-1281 for an initial consultation.