Can I be sued under HIPAA?
The HIPAA legislation itself does not include the option for any CE or BA to be sued by their patients that may violate their privacy protections included in the law. The HITECH Act did add the ability for the States Attorney General offices to file a cased on behalf of their constituents but not individuals.
If you access patient records with what can be found to be malicious intent there are criminal options included in HIPAA that allows for prison sentences up to 10 years and fines levied against the individual. [1:58]
The biggest change, however, is the recent rulings by several State Supreme Courts that allows a complaint to use HIPAA as a legal standard of care [4:53]. That opens the door for all kinds of options where lawsuits are concerned.
HIPAA may be used as a standard of care when you are sued
HIPAA has been used as a standard of care in lawsuits in the past year where state supreme courts have ruled it is reasonable to argue that in a suit. We discuss a couple of examples in this episode. [5:58]
Connecticut Supreme Court case
EMILY BYRNE v. AVERY CENTER FOR OBSTETRICS AND GYNECOLOGY, P.C.
Answering a summons for medical records without giving patient time to respond to the summons was considered a failure of the standard of care defined under HIPAA. Explicit statement in patient records says they should not be seen by the person in the summons.
Indiana Supreme Court case[10:56] Walgreen Co. v. Abigail E. Hinchy
Sanction policy lacking any real teeth when a pharmacist used her access to medical records to obtain information for personal case. Walgreens wasn’t even aware of the improper access for years after it happened. Once they did determine this had happened the only thing they did was write it up and make the pharmacist take some training.
Keep mind your RA and HIPAA documentation could end up as documents used in a court case. So, you should worry about more than just OCR audits when completing your documentation.