Patient Sues Clinician for Privacy Violation After Practice Responds to Subpoena
Patient privacy is an extremely important, yet poorly understood, issue. When the Health Information Portability and Accountability Act of 1996 (HIPAA) went into effect, it created privacy rules governing the protection of identifiable health information by health plans and health care providers. Patients who believe their health information was improperly revealed or wasn't properly protected may file a complaint with the Health and Human Services Department (HHS), which will investigate and penalize the offender if warranted. But do patients have a right to sue healthcare providers for privacy violations? HIPAA does not create the right for an individual to sue, only to file a complaint with the government. However, some states have begun to look at whether a common law cause of action may exist when a healthcare provider reveals private health information. This month's case deals with this very scenario and was decided earlier this year in the state of Connecticut.
Some time after Ms. B left the state, Mr. M filed a paternity action against Ms. B, and as part of the case, Dr. A's practice received a subpoena instructing the “custodian of its records” to appear before the issuing attorney in court and to produce “all medical records” pertaining to Ms. B. Rather than contact Ms. B, or send an employee to court to respond to the subpoena, or even contact its own attorney, Dr. A's practice simply put Ms. B's entire medical file in an envelope and mailed it to court.