Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

HIPAA Lawsuits: What You Need to Know About the Vermont Supreme Court Ruling

This week, the Vermont Supreme Court issued a landmark ruling, regarding HIPAA lawsuits, that could potentially change the way individuals hold their healthcare providers accountable for breaches of PHI (Protected Health Information).

Maybe you heard about this case but don’t understand the ruling or its significance. In this post, we break down everything you need to know about this recent development in HIPAA lawsuits.

HIPAA Lawsuits: The Case

To best understand the ruling, we must take a closer look at the case. A Vermont woman visited the emergency room to receive treatment for a laceration on her arm. During treatment, the patient’s nurse noticed that she seemed intoxicated and decided to test her blood alcohol level. The nurse found that the patient had a BAC of 0.215 – more than twice the legal limit.

Knowing the patient drove herself to the emergency room and planned to drive home, the nurse contacted local authorities who arrested the woman in the ER waiting room after her procedure. The patient believed the nurse violated her privacy rights under HIPAA and filed a lawsuit against the hospital.

Was This a HIPAA Violation?

The court ultimately ruled that the patient had the right to sue the hospital for this disclosure of PHI. However, this situation does not constitute a breach. Healthcare professionals can disclose a patient’s PHI if they believe the patient poses a threat to themselves or the general public.

In this case, the nurse reported the woman because she believed she would drive home while severely intoxicated. Therefore, the nurse had the right to disclose the patient’s health information to law enforcement.

HIPAA Lawsuits: The Ruling

Unsurprisingly, the court upheld the nurse’s right to report the patient to law enforcement. As mentioned previously, this disclosure is permitted under HIPAA because the nurse believed the woman posed a threat to the general public.

The part of the case is straightforward, however, another factor complicates the proceedings. Under HIPAA, individuals have no right to private cause for action. This means that patients are not permitted to sue healthcare providers for privacy violations.

Instead, patients file a complaint with the Office of Civil Rights (OCR) or their state attorney general. The state/federal government investigates incidents and levies fines and penalties against any entities in violation of HIPAA.

What is so unique about this case is that the Vermont Supreme Court upheld the patient’s right to sue her healthcare provider for violating her privacy. And again, while the nurse’s disclosure did not technically violate HIPAA, it did break the understood right to confidentiality between patients and providers.

HIPAA Lawsuits: What Happens Next?

The possibility of HIPAA lawsuits brought forth by patients and breach victims could change HIPAA enforcement. The case was ultimately unsuccessful; the court ruled in favor of the nurse. However, the court also legitimized private cause for action in HIPAA lawsuits, which could set a precedent for HIPAA related legal action. Therefore, it could be possible for individuals to sue covered entities and cite this case.

Consider all the groups that qualify as covered entities: healthcare providers, employers who sponsor group health plans, health insurance agents and brokers, and all of these groups’ business associates. This case could spread to impact for more individuals and entities than this one patient and hospital.

Our HIPAA compliance services help ensure that your business follows the basic HIPAA rules and guidelines to protect sensitive patient information. Our team of experts is dedicated to providing affordable rates and personalized solutions to help you become HIPAA compliant. We understand that navigating the complex requirements of HIPAA can be challenging, which is why we offer a comprehensive range of services to meet your unique needs. From risk assessments to employee training, we have the tools and expertise necessary to help your business achieve and maintain HIPAA compliance. Contact us today to learn more about how we can help you protect your patients, your employees, and your business.

Sources & Additional Resources:

Becker Hospital Review: “Vermont Supreme Court Rules Patients Can Sue Hospitals for Privacy Violations

Jackson Lewis: “Vermont Court Finds Patient Can Sue Hospital and an Employee for Breach of Confidentiality


Sharing is caring!

Documents

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2023

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!

Document

Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Comparing HIPAA and NIST

Comparing HIPAA and NIST

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Save Cart & Generate Link
Send Cart in an Email Done! close
Empty cart. Please add products before saving :)

Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Send Cart Email
Your cart email sent successfully :)