The Health Insurance Portability and Accountability Act (“HIPAA”) imposed an enormous amount of requirements on healthcare providers and other “covered entities” when managing and handling a patient’s healthcare information. Strict compliance is required with HIPAA’s privacy rule, compliance with which generally requires a HIPAA waiver or authorization from the patient.
The consequences for violating HIPAA usually comes in the form of civil fines imposed by the government. Oddly, there is no private right for a patient to sue a covered entity for violating his or her HIPAA rights. Bradford v Semar, 2005 WL 1806344 (E.D. Mo. July 28, 2005) (“[e]very court that has considered the issue, including this Court, has held that HIPAA does not create a private right of action for violations of the Act”). When a violation occurs, a patient must therefore usually make administrative complaints. In certain circumstances, it may be possible to file traditional state law claims (e.g., invasion of privacy) to seek recourse for the improper access or dissemnation of private healthcare information.
Contact for questions.