Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

New Ruling on HIPAA Results in Doctor Being Sued, What’s Next?

An interesting ruling from the Connecticut Supreme Court came down this past week. The justices ruled that a woman can sue her doctor for negligence if the physician violates regulations that dictate how practices must maintain patient confidentiality as outlined under HIPAA.

The Lawsuit

According to her lawsuit against the practice, the plaintiff learned that she was pregnant, but since her relationship with the father had gone south, she gave instructions to her OBGYN to not release any information to the father of the child, which is well within her rights.

Her medical information was subpoenaed in a lawsuit, and the center did not notify the woman that the pregnancy information was requested, or seek legal guidance on how to proceed. In short, the center violated its own privacy policies, and illegally released this information to the court — thus the suit.

Connecticut is the 4th state (along with North Carolina, Missouri, and West Virginia) to rule patients can sue their doctors directly using HIPAA as a standard of care. This means the patients aren’t actually suing for a HIPAA violation, but suing providers saying HIPAA Privacy and Security are reasonable expectations from your health care provider.

These rulings are quite significant, and they may open the way for more lawsuits in other states. The question is, will other state courts rule in the same way as these four, and will this apply to all Covered Entities, Business Associates, and Business Associate Subcontractors?

Standard of Care

The Omnibus ruling treats Covered Entities (hospitals, doctors, insurance carriers, and employers), Business Associates (those who support Covered Entities, ex. insurance agents, IT providers, remote storage), and Business Associate Subcontractors (companies that support Business Associates) as equals when it comes to protecting PHI. This means they are all subject to the same fines and penalties. Does this suit open the door?

With these rulings, theoretically, you could reasonably expect anyone you give your Protected Health Information (PHI) to protect that information using the HIPAA Standards. And, if there is a release that harms the person, like the claim in the Connecticut Case, you could potentially be open to fines from HHS, the state Attorneys General, and possibly a lawsuit from your clients.

If the threat of audits and fines from HHS weren’t enough for everyone out there, this should be a wake up call! I’ve spoken to many folks who are ignoring this law, saying, what are the odds HHS is going to come audit me? Perhaps HHS won’t come knocking, but a client, employee or patient might.

So, what do you do?

  1. Make sure you have proper Privacy and Security Policies and Procedures in place. These are you guidelines on how you will protect your clients’ and patients’ information. You are required to have these documents; HHS, and your State Attorneys General will look for these first if there is an issue. These documents will also be required if there is a lawsuit against your practice or company. We have templates that will assist you in creating these documents. If you don’t have these, it’s like going to an IRS audit without tax returns…Who does that??
  2. Train your employees on HIPAA Standards. They are your first line of defense, and where most HIPAA violations happen. Make sure they know what HIPAA is to protect your patients, clients, employees and business/practice.

If you don’t have these items, or know where to start, we can help you with our industry specific, online, comprehensive Training and Compliance Documents.

Sharing is caring!


Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2023

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!


Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Comparing HIPAA and NIST

Comparing HIPAA and NIST

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)