If your private contact, financial, or medical data gets into the wrong hands, you may face threats ranging from the public exposure of embarrassing information to identity theft and the draining of money from your bank account. Unfortunately, breaches of privacy can and do happen despite privacy laws and medical institutions’ efforts to comply with them.
Depending on the nature, severity, and consequences of a medical privacy violation, you may decide to file a federal complaint or possibly even a lawsuit in state court. Here are some essential considerations to guide you to the right course of action for your particular situation.
How HIPAA Defines Privacy Violation
Medical institutions must comply with the Health Insurance Portability and Accountability Act (HIPAA). This law holds them to strict standards of behavior regarding how they collect, store, and share your personal information, from your address and phone number to your medical files. The most severe violations of these rules can result in fines of $50,000 per violation.
A HIPAA violation may occur either accidentally or deliberately. Accidental violations may involve issues such as inadequate computer security, the theft of a data device containing your personal data, or the sharing of more data than strictly necessary. A deliberate violation might involve intentionally withholding a breach of privacy notification or maliciously misusing your information.
How HIPAA and New York Privacy Laws Overlap
New York exercises its own laws regarding the use of patients’ medical information. While most of these laws overlap with the policies set down by HIPAA, they offer some specific variations and exceptions as well.
For example, New York State law specifies that medical institutions cannot release any records pertaining to a minor’s abortion or venereal disease treatment to anyone, including the parents, without the patient’s express consent. It also specifies which public officials may gain access to medical records (such as prison directors and mental facility inspectors) and under what conditions.
How to Sue for a Medical Privacy Violation
The Office of Civil Rights (OCR) accepts complaints from individuals who have experienced breaches of medical privacy. Unfortunately, this complaint process, and the investigation that may follow, offers the only federal-level recourse for correcting the problem. You cannot file a lawsuit for a HIPAA violation.
Violation of state medical privacy law, however, presents other possibilities. Depending on the circumstances, you may indeed have the right to file a lawsuit if your doctor or medical institution violated New York’s laws on the subject.
To successfully pursue a medical privacy violation lawsuit at the state level, you must show that a violation took place and that it actually led to personal damages. You must also submit a HIPAA violation claim with the OCR before you proceed with your lawsuit.
Once you have filed your OCR claim and engaged legal counsel, you must collect every piece of evidence you can find regarding who specifically breached your information, what information was shared or lost, and why the incident occurred. Your attorney may also decide to list the person or entity responsible for employing the allegedly guilty party as co-defendant.
After your attorney arranges to serve the defendant with the lawsuit, you will receive a reply from the defendant, which quite possibly includes a denial of wrongdoing along with a motion to dismiss the case altogether. Unless the defendant admits to the charges, you will have to go either to mediation or to trial to receive any compensation.
Whatever kind of legal strategy you choose to pursue against a medical privacy violator, Shaevitz & Shaevitz Law Offices can provide valuable advice and direction. Contact our experienced Queens personal injury attorneys to schedule an initial consultation.