In most medical malpractice cases, a patient is injured or killed due to some medical mistake committed by a doctor or other healthcare professional. However, not all medical negligence results in physical harm. In some cases, doctors who don’t follow the rules may be causing emotional harm or violating a patient’s privacy rights. When do privacy violations amount to medical malpractice?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established national standards for health care transactions and identification. HIPAA also established privacy rules regulating the disclosure of protected health information. The privacy rule is designed to give a patient rights over their health information, and limit who can look at and receive health information. However, despite widespread violations of the law, few healthcare providers are ever penalized.
In a report by ProPublica, CVS, the Department of Veterans Affairs, Walgreens and others have been reported for hundreds of HIPAA violations. However, the office responsible for enforcing the privacy rules has not taken any punitive action against these or other privacy violators.
The U.S. Department of Health and Human Service, Office for Civil Rights is charged with investigating and enforcing HIPAA violations. The office can impose penalties up to $50,000 per violation, totaling up to $1.5 million per year. In some cases, the OCR can seek criminal charges. However, the agency has rarely handed down any sanctions, even where privacy breaches have caused serious harm to patients.
The VA had the most reported violations, including VA employees looking up the private health information of other patients or employees. One VA employee looked at the health records of her ex-husband more than 250 times. Another employee accessed the records of a patient over 60 times, posting private health information about the patient on Facebook. The VA has not been sanctioned, despite more than 200 complaints over the past 5 years.
Instead, relief for patients has come through filing civil lawsuits against healthcare providers. Some attorneys are even alleging that these privacy violations amount to medical malpractice.
In one case in Indiana, a patient care technician improperly accessed a former friend’s medical records. In a Facebook post, the technician posted that the patient was positive for HPV, including her date of birth, and wrote, “PLZ HELP EXPOSE THIS HOE!” Initially, a complaint to the hospital only resulted in a letter of apology. Only after the patient contacted an attorney was the hospital forced to pay out a confidential settlement.
In another case, a medical group that had been treating an HIV patient filed a claim seeking just over $300 in unpaid bills. In the court filing, the group disclosed the patient’s name, social security number, address, date of birth, and a billing statement indicating the man was HIV positive. A jury found the privacy violation serious enough to award the man $1.25 million in damages.
If you or a loved one has been injured as the result of a medical error or privacy violation, the Gilman & Bedigian team of experienced attorneys is fully equipped to handle the complex process of bringing a malpractice claim. Our staff, including a physician and attorneys with decades of malpractice litigation experience, will focus on getting you compensation, so you can focus on getting better and moving forward with your life.
About the Author