HIPAA Violations: State Law May Provide Relief for Parties Injured by Unauthorized Disclosures

By: Stephen Siegel

A recent decision by the United States Court of Appeals, Eleventh Circuit (which includes Florida), underscores the importance of both covered entities and business associates adopting electronic security measures that are consistent with the guidance provided by HIPAA_HITECH.

HIPAA provides protection from the unauthorized disclosure or use of an individual patient’s protected health information. The federal government and the state attorney generals have the power to prosecute violations of HIPAA. However, Congress did not provide a similar right (a “private right of action”) to individuals who may be harmed by an unauthorized disclosure of their PHI. The Eleventh Circuit’s decision suggests that injured individuals may be able to obtain relief from HIPAA-HITECH related injuries under state law.

In December 2009, two laptop computers were stolen from AvMed, Inc., a Florida health maintenance organization. These laptops contained the unencrypted Social Security numbers, names, addresses, phone numbers and other PHI of approximately 1.2 million current and former AvMed enrollees. Unfortunately, individuals involved in an identity theft scheme obtained this information. Allegedly, some of the AvMed enrollees had their identities stolen. According to one Plaintiff, information obtained from the stolen AvMed computers was used to open a bank account, activate credit cards that were then used to make unauthorized purchases and change their personal address with the U.S. Postal Service. Another Plaintiff alleged their information was used to open an account with an on-line brokerage firm, which was subsequently overdrawn.

Please click here for the full article in South Florida Hospital News.

This entry was posted in Reform, Regulatory, Stephen Siegel and tagged , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s