• Home
  • Blog
  • Contact

Call us toll free 0800 0000 900

support@hipaa.com
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact
Can I be sued for a HIPAA violation

Can I Be Sued for a HIPAA Violation?

May 6, 2015 HIPAA Law 67 Comments

I am asked that question almost weekly. While the answer has traditionally been “no,” the legal landscape is shifting and the risk of being sued continues to increase.

Let’s first start with some background. As some of you may know, HIPAA does not include a “private right of action.” This means that an individual may not file a claim against a covered entity or a business associate in order to enforce HIPAA or seek damages in response to a HIPAA violation. For example, a patient is not able to sue a dentist if the dentist fails to distribute a Notice of Privacy Practices or enter into a business associate agreement. The sole remedy of an aggrieved individual is to file a complaint with the United States Department of Health and Human Services Office for Civil Rights (“OCR”) or, more recently, with a state Attorney General. In addition, in some states, individuals have been able to file complaints regarding generalized privacy concerns with various state regulatory agencies, such as a state health or consumer protection department. With respect to OCR, notification of the right to file a complaint and the process for doing so is generally set forth in a covered entity’s Notice of Privacy Practices.

Since HIPAA was enacted, the lack of a private right of action has provided solace to covered entities and business associates, particularly since complaints tend to be few in number. Moreover, OCR investigations of complaints have often resulted in compliance agreements and consent orders, rather than court actions or civil damages, both of which would require the covered entity or business associate to expend considerable sums on attorney fees, court costs and payment of damages.

While there is no hint at this time that Congress is contemplating including a private right of action in HIPAA (i.e. allowing individuals to sue to enforce HIPAA), aggrieved patients and their counsel have been finding other ways to file claims for HIPAA violations and use HIPAA violations as the basis for seeking monetary damages. For example, in some states, patients have filed suit against health care providers on the grounds of negligence – claiming that the provider was negligent when violating HIPAA and thus must be held liable for damages. A recent example from Connecticut illustrates the way these lawsuits operate:

A physician received a subpoena for medical records. The physician supplied the medical records as requested by the subpoena; however, the subpoena did not comply with HIPAA. The subject of the medical records sued, alleging that HIPAA creates a “standard of care” for all health care providers and that the failure of the physician to adhere to that standard of care was “negligent.” The physician sought to block the suit but the Connecticut Supreme Court allowed it to continue. As of this date, the lawsuit is making its way through the Connecticut state courts. In addition, lawsuits are currently being prepared and filed in response to the recent Anthem breach and many will be claiming negligence or violation of various state privacy or insurance regulations.

These types of lawsuits would have been unheard of even just a few years ago. However, while still not widespread or common, the emergence of these suits poses significant risk management and liability concerns for any health care provider, health insurance company or vendor subject to HIPAA. The risk of a lawsuit is most pertinent to HIPAA violations which may cause financial, reputational or other harm to a party. Hypothetical examples, based upon real life incidents, include:

  • Inappropriate disclosure of medical records in response to a subpoena, which causes a former patient to lose custody of her children.
  • Inappropriate disclosure of a child’s medical record to an estranged parent after the health care provider failed to verify the estranged parent’s authority to access records, which leads to the estranged parent to discover where the child now resides.
  • Inappropriate use of medical records by hospital staff as part of a “hot or not” game which causes severe embarrassment and distress to certain patients. A negligent attorney and an angry patient could potentially make a claim based upon any of the above and may seek a significant financial settlement or payout.

In light of the potential for such lawsuits and the significant damages that may be awarded, covered entities and business associates should consider reviewing their HIPAA compliance programs to identify weaknesses and institute safeguards and protocols to reduce the likelihood of inappropriate disclosures that may lead to a patient filing suit. Such safeguards may include, based upon the above examples, a subpoena review checklist, verification procedures, a reliable reporting protocol or other procedures to allow the entity or its staff to verify that information is being used and disclosed appropriately.

[showhide type=”contact_form” more_text=”Click here to contact William privately” less_text=”Hide contact form”][gravityform id=”2″ title=”false” description=”false” ajax=”true”][/showhide]

 

Tags: HIPAA violationslawsuitviolation
67 Comments
Share
0

You also might be interested in

Today, February 17, Business Associates Must be in Compliance with HIPAA Security Rule

Feb 17, 2010

Today, Wednesday, February 17, 2010, Business Associates of Covered Entities[...]

Clock Running Down on Business Associate Compliance with HIPAA Security Rule Required by HITECH Act

Jan 19, 2010

Less than one month to go:  Business Associates must comply[...]

Information Access Management: Isolating Healthcare Clearinghouse Functions-What to Do and How to Do It

Feb 25, 2009

In our series on the HIPAA Administrative Simplification Security Rule,[...]

67 Comments

Leave your reply.
  • AC
    · Reply

    May 7, 2015 at 4:56 PM

    Is it a HIPAA violation if a lockbox provider of services to multiple entities posts a payment to the wrong client, which results in the check being posted to the wrong provider’s file? Then, the wrong provider sees name and address information. All three entities are bound by HIPAA, (the lockbox provider, the wrong provider and the right provider). No private person ever sees the wrong information.

    • William Roberts
      · Reply

      May 9, 2015 at 7:09 PM

      Thank you for the comment. It appears that the situation you described would be a violation of HIPAA; however, it may or may not be a “breach” requiring notification to the affected individual or the Office for Civil Rights.

      Not all violations of HIPAA amount to a breach, and even the inadvertent disclosure of patient information to the wrong party (such as in your question) may not be a breach if there is a low probability that the information has been “compromised.” When faced with a possible breach such as this, you should consider the circumstances (e.g. how sensitive was the disclosed information? how trustworthy was the wrong recipient? did the wrong recipient certify she/he shredded/deleted the information?). Here, while it is helpful that the wrong recipient was also governed by HIPAA and thus has an obligation to maintain patient privacy, you should also consider any other risks present, such as the number of people who may have seen the information, the length of time the wrong recipient had the information, or whether the wrong recipient re-disclosed it. After considering all of the facts, you can make a good faith determination regarding whether a breach occurred.

      Hope this helps. Feel free to reach out if you would like to discuss further.

      • William Nicoll
        · Reply

        July 21, 2016 at 2:20 PM

        Would it be a Hipaa violation if a staff member of my dentist office copied my personal information (and who knows what else out of my dental file) proceeded to call my cell phone number from her private phone one night?
        3 calls. Left a long message telling me that she wanted to tell me I’m good looking and wanted to go out with me. Problem was I was in a relationship. And that happened right in front of my girlfriend of 6 years. She automatically started asking questions like who is blowing up your phone? So we started to listen to the message and she called in again. So I answered and she basically told me the same thing. But my girlfriend didnt think I was telling the truth. She threw me out and it has ruin my relationship. We dated when we were 15 and got back together 25 years later.
        The office manager was made aware by me and she fired the person.
        Thanks for youreading help

  • Ian
    · Reply

    July 2, 2015 at 8:14 AM

    Can a safety manager keep copies of medical evaluations for PPE fit testing?

    • William Roberts
      · Reply

      July 6, 2015 at 10:05 AM

      Ian – It depends on whether the evaluations are subject to HIPAA. Many fitness testing documents are considered employment records – if that is the case at your organization, then you must look to state laws governing personnel/HR files for guidance.

  • Andy W
    · Reply

    July 25, 2015 at 12:18 PM

    I was a patient in a inpatient treatment program and a staff member left my entire file out in a public place. There was 50 plus patients that could have saw all of my personal info. While nothing that I know of yet has been breached, my ss number, my address, checking account, routing number, name of bank, and diagnosis was made public. Is there anything I can do to make sure they are held accountable for what they did?

    • William Roberts
      · Reply

      July 27, 2015 at 8:45 AM

      Patients concerned about the privacy and security of health information maintained by health care providers may contact the Office for Civil Rights (http://www.hhs.gov/ocr/privacy/hipaa/complaints/) or their state Attorney General’s office.

  • Nathan
    · Reply

    July 30, 2015 at 4:37 PM

    Long story short my doctor called my employer and gave medical information. Including referral info, diagnosis, and even the doctors personal opinion of what a specialist may or may not do or suggest be done. My employer took this info and found me no longer suitable for my position and fired me 3 days later. Did my doctor violate HIPPA by without my permission calling my employer and giving personal medical information…I’ll add my employer was telling me things about the doctors opinion from my appointment that he didn’t even share with me?!?!

    • William Roberts
      · Reply

      July 31, 2015 at 9:07 AM

      Thank you for your comment. Generally, a physician or other health care provider may not disclose a patient’s health care information to an employer unless the patient signed an authorization permitting such disclosure. Note that in unusual cases, a health care provider may be required to disclose information if required by law (such as part of an investigation) or in response to a subpoena. If you would like to discuss this further, please feel free to contact me directly.

    • David
      · Reply

      September 5, 2016 at 8:50 PM

      Simular to what happened to me. I requested a medical consideration from my cardiologist after vascular stint placement surgery. After two months on FL MA leave and after returning to my position I was terminated from GMC, Lawrenceville GA. I was told by HR that I was being terminated for Misconduct, violating company policy. Although GA is a At – Will state I was granted unemployment benefits because my ex employer decided not to participate in my Appeals hearing to provide burden of proof. DOL granted me Subpoenas for both my personnel and medical records which they did not comply with. I contacted every government agency I could think of, EEOC, Civil Rights, hired and attorney to represent me in grievance with ex employer, but all of them bowed to the at will GA laws. GA laws fails to protect it’s workers rights or protect their personnel and medical records. Why are GA tax payers forced to fund these agencies who are unable to enforce or advocate on the behalf the workers their sworn to protect. Politics

      • David
        · Reply

        September 5, 2016 at 9:43 PM

        Is this a HIPPA violation. Don’t I have a right to see my medical records. Can my cardiologist share my medical records with an employer we both work for. What about the subpoenas granted to me by the DOL. My health is at risk now because of this. I don’t trust contacting my cardiologist for treatment since this happened. I feel my cardiologist violated HIPPA laws and contributed to my losing my job by sharing my personal medical records with my ex employer. Losing my job and being wrongfully accused of misconduct has caused me a lot of distress and loss of income
        What options do I have. This happened one year and ten days ago to this date.
        My time for action is running out, but no one is hearing me. HIPPA can you hear me.

  • Leanna
    · Reply

    August 7, 2015 at 12:08 PM

    I have a patient who is asking a lot of questions regarding HIPPAA. It seems as if he had been to another doctors office and had 2 different family members in the room with him when the doctor came in. the doctor immediately began talking about the patient’s medical condition that the patient apparently did not want shared with the family members. he wants to know if this is breaking HIPPAA and if so, what should be done about it. thanks for your time!

    • William Roberts
      · Reply

      August 10, 2015 at 10:22 AM

      Leanna,

      Based upon the information you provided to me, it is very unlikely that the physician violated HIPAA. A physician may disclose information to family members if he or she reasonably believes that such family members are involved in the patient’s care or treatment. Such an inference was likely reasonable in this instances because the patient brought the family members into the room. Hope this helps. Bill

  • Tricia Love
    · Reply

    August 10, 2015 at 3:55 PM

    Subject: Filing a Health Information Privacy Complaint
    Below is a letter written to Tim Beauch, in the Grievance Department.
    Note: Received no reply/response back regarding this complaint. Please see attached letter from doctor regarding Hippa Violation.

    I was called into manager office to discuss my “call offs”; which both manager and supervisor stated that they were understanding of due to my health issues. During said meeting, I remember that no one had contacted me regarding my work release that was not given to me until after my surgery. I was forced to be back to work prior to release date from my doctor; although I did not have a work release and manager was informed by me and aware that I was unable to contact Dr. Curtis who had performed my surgery because he was on vacation.

    It was 3 week before receiving a call back from the nurse manager at the GYN for this information. The nurse verified that she did not see discharge instructions specific to required time off for my healing process. In the meantime, my body rejected the implant and experience severe pain upon having to return back to work so soon without the proper time for my body to heal.

    It was also prior to my surgery that my HIPPA was violated by manager. Manager was properly notified about my time and dates of my medical leave in which I forward to her via e-mail from my doctor’s office. Holly violated my HIPPA rights by calling my PCP several times in order to ask him for specifics as to why I was being taken off from work. My PCP notified me about the matter and was quite upset that he was contacted for my personal information for one and secondly because she was interrupting his work day by excessively calling his office.

    These are just some of the mis-treatments that I have suffered at the actions of Aultman Hospital Supervisor, Director, Peers, and Medical staff. I have been an outstanding employee, with Aultman Health foundation. I have fellow employed ER staff that have written highly esteemed recommendations of reference for me.
    In closing, no one should ever have to suffer as much emotional, mental and physical distress as I have via an employer and its company’s counterparts.

  • Bob
    · Reply

    September 21, 2015 at 10:42 AM

    E m t discussed to my employer why I took off work that I was admitted to a hospital and stated why. This e m t works at another hospital and was not a responder to me . Can I still file a claim for breach of privacy ? He and I work at a Apple orchard on weekends but he is a e m t and thought he would .tell the manager what problems I have in regards to health conditions

  • Ron Johnson
    · Reply

    September 28, 2015 at 3:28 PM

    If a client reveals information regarding their care on social media, is it a HIPAA violation if someone from the provider’s office comments on what they shared?

    • William Roberts
      · Reply

      September 28, 2015 at 3:42 PM

      Hi Ron,

      Thank you for the comment. As a best practice, provider office staff should not interact at all with patients via social media. A provider office should have a social media policy which clearly prohibits this practice.

      That said, if such interaction were to occur, whether a HIPAA violation occurred or not depends upon the content of the comment. I can’t advise on this particular fact pattern without knowing more details, but it appears that a HIPAA violation likely occurred. Feel free to contact me directly with any questions.

      Bill

  • Renee
    · Reply

    October 22, 2015 at 11:53 AM

    Hi William,

    I am a medical professional and was seen in the hospital I work for.. I have heard others say “we were just talking about you earlier” and ” I heard you have this condition” I’m even sure others viewed my records without being my caregivers… Is this a breach in confidentiality? Have they violated my privacy? Has a HIPPA violation occurred?

    • William Roberts
      · Reply

      October 23, 2015 at 3:16 PM

      Thanks for the comment. Only those with a work-related “need to know” should have access to your medical records. If an employee does not such a need to know, they should refrain from further disclosing such information when not necessary for work duties. If your information was accessed or disclosed outside of these parameters, it is possible a HIPAA violation occurred.

  • W. Kramer
    · Reply

    October 23, 2015 at 5:37 PM

    I had a medical facility email my medical billing and medical registration form to a co worker trying to collect on the bill that insurance only paid a portion of.
    Is this something that needs to be handled through the legal channels?

  • Tee
    · Reply

    October 30, 2015 at 9:40 AM

    I was in a in patient care unit, and someone that worked for the facility came up on the floor where I was and said that one of his co workers told him that I was there. Which led to a longer stay because of a setback. I talked to the unit manager and he apologized but the hospital care representative wouldn’t even come and talk to me. Is this a breach of the hippa law?

    • William Roberts
      · Reply

      October 30, 2015 at 10:19 AM

      Tee, It is possible that the individual knew you were at the facility because you were listed in the facility’s directory. Without more information, it is impossible to know whether a breach may have occurred.

  • Deborah
    · Reply

    November 17, 2015 at 11:48 AM

    A neighbor enteted my bedroom looked at my medications and spreading around neighborhood what can i do Embarrassing

  • Matt
    · Reply

    December 3, 2015 at 1:11 PM

    I work for a City Municipality and I was wondering if our HR person divulge information to a third party that is related to me is that a violation of HIPAA? Mind you I am NOT a minor and never authorized any information about myself to be given out to anyone else.

    • William Roberts
      · Reply

      December 4, 2015 at 9:50 AM

      The information the HR person disclosed was likely employment-related information that is exempt from protection under HIPAA. If that is the case, then HIPAA would not apply. However, your employment records may enjoy protection under applicable state law (such as what is commonly referred to as a personnel files act) or even a collective bargaining agreement. If you are concerned about the privacy of your records, you may want to consult with an attorney in your area.

  • Tran Page
    · Reply

    December 8, 2015 at 10:41 PM

    I’m an LPN at at long term nursing home. I like to know if I am in violation of the “Invasion of Privacy Act”? A resident was on the phone with his wife (I knew this only caused he has a routine of talking to her after dinner everyday) I was dispensing medications from my cart which I had stationed in the hall off to the side of his room he talks really loud so that everyone and anyone who was in the hall or passing by could hear everything he is saying, including the 2 other residents whom he shares the same room with. He said something that got my attention and was telling his wife something that was not correct I went to his side of the room, acknowledge him and proceeded to correct what he was saying was incorrect. So now I am on investigational leave and my employer is telling me I invaded the rights to residents privacy. If I did, which was unintentional what sort of reprimand could I get charged for?

    • William Roberts
      · Reply

      December 9, 2015 at 8:59 AM

      I recommend you contact an attorney in your local area to assist you. In many instances, states have requirements specific to nursing homes which a local attorney will be able to advise you on.

  • Kevin
    · Reply

    December 9, 2015 at 11:20 AM

    I was hurt at work. My boss told me my MRI REPORT before I even went to doctors for follow up. Is this a hipaa violation.

  • Lyn
    · Reply

    December 11, 2015 at 3:25 AM

    Unaware of the fact that my ex husbands current wife (at the time of this incident) was employed as a LPN at a local clinic, I went to said clinic seeking treatment for addiction. Well, a few months ago they went through a divorce and my ex husband revealed to me that his wife had accessed my personal information more than once and revealed to him that I had been suffering with addiction and all the details that I had revealed to my physician in confidence and she had also encouraged my ex to seek custody of the 8 year old son that he and I have together. My ex husband also told me of two other patients whose privacy had been breached by his wife during this time. She is still currently employed by the same hospital clinic and id like to know if there are any actions that can be taken on my part. I have since learned that this LPN has revealed my previously quiet struggle with addiction to several of her friends and family and now a very large part of our small town community is aware of it. I’m humiliated and hurt beyond imagine. I made up my mind to end my 3 year addiction once and for all before I ended up hurting and embarrassing my family and friends and this visit to this clinic was my first step. Thankfully I received successful treatment from a different provider over time and am now addiction free,
    But now the majority of my small town are all aware of the details and extent of my addiction and it has been very painful for me. Is there anything that can be done?

  • Kay
    · Reply

    December 15, 2015 at 9:50 PM

    Is it a hippa violation for a receptionist to view your medical records to determine if you can have a same day appt. and then recite to you on the phone while in a public area the medications you are on?

  • tom whittinghill
    · Reply

    December 21, 2015 at 11:16 AM

    my employer tried to fire me because they “heard” i was missing work looking for another job…. i denied it and showed them both a doctors note and a text from my doctor that my blood work came back from the previous day VERY bad….i called in to say my health was bad and needed to go in to doctor immediately…my boss said that if i didnt come in to bring all my things in as he was going to terminate me…i reluctantly went to work and had to fight for my job which included in fact i was under medical care for a chronic condition….i explained what it was and my manager turned around and not only told my colleagues that i “begged and cried” to keep my job and laughed about it….but also told them the extent of my conversation about health….do i have any recourse?

  • Renee
    · Reply

    December 23, 2015 at 8:04 PM

    Hello

    I have a new job and it happend to be in the same facility where I have treatment for mental illness and addiction problems. In my first day the receptionist seem me getting my badge activated and stated. “I just called you,you have and appointment tomorrow” in front of the security team and my new co worker…This was very embarrassing. I didn’t think it would be an issue taking a job where i have treatment.but i felt very embarrassed. Did the receptionist violate hippa?

  • Katie
    · Reply

    January 4, 2016 at 1:09 PM

    Hello and thank you for this forum,
    I have suffered from addiction to prescription medication (9 years) and subsequently heroin (1 year). By the grace of God an event occurred that led me to take steps to get “clean”. I started attending a methadone clinic. I receive methadone daily, weekly uribe drug screen, as well as once to twice weekly counseling. My mother was paying $100/week for me to receive these services. I had to sign a release in order for her to pay for my treatment. The release was only for her to make payment. On December 28th my mother asked and was given a copy if my previous 2 months worth of drug screens. Amphetamines showed up on 2 occassions because I had a cold in November and took sudafed which can cause a false positive for crystal methamphetamine. My mother shared these results with my husband. He told me he wanted a divorce on January 1, 2015 after an 18 year relationship and two children. My mother will not speak to me and is now refusing to pay for my much needed treatment. I spoke to the methadone clinic director as well as the nurse who illegally dispensed my medical records. They apologized profusely and admitted their negligence. This has caused me great heart ache. Without this medication I fear for my life. Is this breach actionable? I’m so confused, scared, and lost.
    Thank you very much

    • Katie
      · Reply

      January 4, 2016 at 1:12 PM

      I’m sorry my husband asked for a divorce 4 days ago January 1, 2016 not 2015. Thank you

  • Maydelene
    · Reply

    January 5, 2016 at 12:22 AM

    I received a medical claim from my insurance stating I had a baby. I called them to clarify that I never had a baby and they told me that the claim was from another insurance carrier. It appears that other party billed my insurance for my brother’s baby (my neice) just because we had similar information (last name and address). Is this a HIPPA violation?

  • Rebecca Warren
    · Reply

    January 8, 2016 at 1:39 AM

    William, I had a nurse yell and scream at me in front of her office (and everyone in the waiting room) which she even admitted to me that everyone in the office heard about the medications and personal med history that I was taking. She also did not follow her dr’s orders and changed a prescription my doctor who was going to be doing surgery on me the following day to 5 pills because I made a 5 pill comment. I had to plee to get something for after surgery even after the doctor had written out the prescription. I was treated like a drug addict and was treated very disrespectful. I have mental disabilities and had a pretty severe anxiety attack after speaking with Amber the nurse/manager. What are my options? Can I file a civil right and privacy broken complaint?

  • Nana
    · Reply

    January 8, 2016 at 8:29 AM

    My grandfather was on hospice for a few days before passing. We notified his estranged family after his passing, and learned that someone in his family was already told he was on hospice. The hospice Organization is from the same town as is the estranged family. We have no connection to this estranged family. I do know that the hospice Organization has patients at a facility that employs 1 or 2 estranged family members.
    How should I handle this matter, and should I contact a lawyer?

  • Shawn
    · Reply

    January 14, 2016 at 2:53 AM

    I was released from a healthcare provider due to an incident at the local ER. The ER doctor later apologized and removed the incident from my record accepting his mistake but the health care provider said the release is a done deal. That being said the health care provider was releasing patients in bulk at the time, at the start of the new year, and they sent my release statement explaining my incident at the ER to another party I have no relationship with with USPS registered mail. The exterior envelope was addressed to them but the letter contents on the inside of the envelope was addressed to me and contained embarrassing and possibly incriminating medical records pertaining to me. So they got my release letter with personal medical records of mine attached to it. I found this out because I received their record via USPS registered mail in the exact same scenario. Basically they put the wrong inside letter in the wrong evelopes and I received her letter with personal info including name and address and medical info pertaining to release and she got mine. They screwed up and got the letters switched around. This is very embarrassing to me due to the reasoning stated of my release (which was proved to be bad info and fixed in my favor a few days later but the person that got my letter knew nothing of this, and me not knowing the type of person or anything about the person other than they were released as well over something serious. They could easily use that info against me (say it’s a future employer, or a person that is out to hurt people and they have my medical info and name and address that I’ve lived at for 9 years. What can I do about this? The worst part is my reason for release that they received proved to be negligent and I was issued an apology by the ER doctor that attached it to my record and it was removed and is no longer on my record. But the person that got my letter knows nothing of the outcome only the false bad info on me.

  • Kristin Wills
    · Reply

    January 20, 2016 at 7:37 PM

    Hi,
    I need help ASAP. I met with a fertility specialist and told her I was a little depressed. She needed consent with my psychiatric nurse practitioner to move forward and after all was said and done my nurse practitioner made false and damaging statements about me and implied I couldn’t handle being pregnant, my future children would be taken away from me, there were serious concerns as to how I would treat children, now this facility is denying me fertility treatment or delaying me and I’m already 36 years old. I’m beyond furious this n.p. ruined my reputation. What do I do now????? I’ve never had any children and there is no evidence whatsoever to back up thing up.

  • Frances
    · Reply

    May 4, 2016 at 7:09 PM

    If an employee hides patient test results for 2 months in there personal drawer then moves them to the shred so no one else can find them who is accountable for this?

  • Destiny
    · Reply

    June 15, 2016 at 10:20 PM

    I don’t know how old this thread is but I’m looking for answers and thought I’d give this a try so long story short …

    My first sons fathers girlfriend was a medstar employee and when me and my sons father made a agreement for visitation I went with my child so he would not be scared going with somebody he never knew . my sons father made a comment about knowing medical stuff about me and laughed when I asked how did he know.I knew that his girlfriend worked in the medical field but just left it at that a couple months later I called somebody in management at medstar and told them I had reason to believe she accessed my medical records they told me they would do an investigation and contact me back a month later I received a letter saying that they did in fact find out that she accessed my medical records but not only mine my first son (her boyfriends child ) and also my youngest son that is not his they informed me she has been fired and no longer has accsses to the system . but I’m just wondering what can be done from here I don’t know where to start and I know that is a violation of the hippaa law and this has effected me in more ways then one I’m hoping to hear something back thank you so much

  • carl childers
    · Reply

    June 23, 2016 at 2:27 AM

    I went to er at a VA hospital by ambulance. I had been in a car accident and hit my head and had abnesha for about 10 days. The medical staff told the security officer the results of my drug screen. Is that a violation of my hippo rights?

  • Thomas Moody
    · Reply

    June 27, 2016 at 8:41 PM

    Last Saturday my 11 year old daughter told me she had a doctors appointment on Tuesday. Her appointment was at my wife’s place a work. I asked my wife to go ahead and pay the bill. I am the primary insurance holder for my kids. When my ex brought my duaghter in for her appointment, they told her it had already been paid for by my wife. At that time my ex caused a big scene saying that she was going to sue for violation of HIPPA. My wife only knew about the appointment because my daughter told us. Is she in violation of HIPPA for paying the doctor bill? I am required to pay half per court order.

  • Tim Ralston
    · Reply

    July 2, 2016 at 8:36 AM

    I am currently undergoing treatment and have been for a while now. I am also Active Duty Military getting ready to retire in the next couple months. people in my chain of command have asking my psych certain questions pertaining to what we talk about. My psych told me about this and said that she will not talk to them without me signing a waiver to do so. however they are flooding her phone inbox by leaving messages asking about my treatment. is this considered a HIPAA violation and if so what can i do on my part.

  • CC
    · Reply

    July 6, 2016 at 8:13 PM

    I had a doctor appointment today which I never told anyone about. Two weeks ago I had surgery and upon my visit today was refused medication. I’m in a custody battle for my child and have court ordered visitation. Upon attempting to pick up said child a mere 6 hours later, I was met by his mother who had called the police stating that she refused to let me have him because she knew for a fact that I had a doctors appointment earlier and was refused medication and facing prescription fraud charges. I’m unaware of any charges pending at this time and no one knew what had transpired at the doctors office but me. There’s no way she could have known what we even talked about at my visit without someone from the office telling her. I told no one. The police even asked her where she could have heard this so soon and she replied she had her sources.

  • lg
    · Reply

    July 21, 2016 at 2:03 AM

    Please reply back to me.

    I had a coworker who kept abandoning his computer system open. We worked at Caremore. He had been warned and reported several time but he keep doing it because he leaves the company premises and he didnt want any electronic proof that he left the company premises.

    So to give him a lesson, my co workers and I sent an email from his computer

    to our boss and the words are “I am missing for hours”.

    There are no company written rule that doing this is a ground for termination, it is only called inappropiate use.

    My understanding is HIPAA is a federal level rules and that it trumps State rules.

    I was fired for the action, but the person who violated HIPAA rule was not.

    I filed a wrongful termination case.

    The company is Caremore Health Plan now part of Anthem Blue Cross.

    Three months after I was fired, Anthem Blue Cross was hacked, and I received notice that my information is part of the hacked data.

    Can I sue Anthem Blue Cross using the event ( co worker violating HIPAA) for not following the rules, even terminating people who tried to discipline co worker?

  • Courtney
    · Reply

    July 21, 2016 at 5:45 PM

    My fiancee’s ex-wife has been posting derogatory and embarrassing comments about me on social media, making fun of me and my health condition. She is an employee of the hospital I was diagnosed and treated at. While she doesn’t name me directly online, it is obvious it’s directed at me. But she did discuss me and my medical condition with her daughter, my stepdaughter. While I can’t be certain if she looked up my records, I do not feel that my medical records and personal information are safe. I also don’t feel that her insulting & derogatory posts represent the values of the hospital. I have filed a complaint with the hospital’s HR department and she found out. She is now stating that if she is disciplined for my complaint, she will file a civil suit for defamation. A) Did she commit a HIPPA violation by discussing my condition with her daughter and/or posting about it online? B) Can she sue me for reporting her? Her social media accounts where I got the info from are public.

  • Whitney
    · Reply

    August 1, 2016 at 9:12 PM

    I contacted my daughters old Physchiatrist to inform her that we were no longer going to schedule appointments and that we were switching doctors. Since then I’ve received numerous phone calls, voicemails, and emails; in which one email was to confirm my daughters next appointment when I contacted the office and canceled and explained we were switching. I then received and email asking for feedback on why we were switching. I never emailed back and since have received phone calls and voicemails; recently my daughters new doctor called stating that the old Doctor called asking for information; claiming she was worried about the patient. My concern is that is it a violation for her to contact the new doctors office (when I never disclosed whom the new doctor was or where the office was located); also Isn’t it a violation for the old Doctor to even state to the new doctor that she is even associated with or the Doctor of my daughter?

  • Shanta
    · Reply

    August 3, 2016 at 1:20 AM

    Nurse went into my records told someone that I had “Trich”which I did years ago she didn’t physical say my name in the text message but she use other things such as my cell phone number and type car I drive plus tag number which all relates to me. I do have all the text message. Do you think I have a case?

  • Haqika
    · Reply

    August 4, 2016 at 4:57 AM

    I used to work for this assisted living facility for a couple of months. There has been a lot of things going on with this company that needed to be shared, but nothing seems to be getting done. We recently lost a resident who got out the building and unfortunately died. I wanted to talk to the news media and DHEC about certain things concerning this facility they needed to be aware of including the fact that some of them are racist and a comment was heard by another associate and brought it to the executive director of the facility and yet she is still employed there. Their first shift staff who are pro dominantly white neglects the residents, and the residents have been complaining about this as well including their POA’s Would I be in violation of HIPPA If I spoke to someone about this? Could I be pentalies?

  • Erica
    · Reply

    August 17, 2016 at 2:17 PM

    Would it be a hipaa violation if a person who worked at an abortion clinic looked up patients information and called that person’s parents to inform them, if the patient was over 18. In that case could a company be sued

  • Joe
    · Reply

    August 29, 2016 at 4:49 PM

    Break 1A month ago, the pharmacy I use called to say my prescription was ready….I was baffled thinking surely I had already picked up my prescription.

    I went in, she handed me a bag with my name and addresses on it, charged me, I paid n left the bld. I was very wary and opened the bag in the car….the bottle label had my name on it, but I didn’t know the doctor not recognize the medicine which was for anxiety…..I looked up the doctor too…..she works in mental health. I took it back and told the lady it was not kine nor did I know the doctor. She came back shortly and said thankyou. I asked how they got so tangled up and she said he had such a simular name caused it….I asked if the lived in a nearby town by reflex n she said yes….well i I knew of him as a relative…..break 2 I dropped off a monthly prescription for a narcotic for pain. Went to lunch never getting the call back it was ready. So I go in, clerk asked my name, I told her, in a few minutes a lady came around the counter and blurted out 6 feet from me that I had to wait the full 30 days to get it refilled..everyone in the waiting area and counter looked at me..I stated I had always gotten it filled 1 or 2 days before the last day….never had a problem at the doctors office or nothing…everyone heard her repeatedly reference the 30 period which refers to narcotics, all listening could easily connect those dots and more over, she said it like I was a criminal trying to some how get 4 more pills since it’s 4 a day. 3rd.. I came back with months of doctors appointment sheets to prove I was just following the doctors schedule…pharmacist got all bent outa shape and forced me to talk infront of anyone walking by….when I tried to talk about hippa he said he didn’t have to have my business either while talking infront of a visible computer screen. I was totally shocked as he continues to infer I was trying to get a day ahead, which was absolutely wrong, I just didn’t want multiple trips and asked him to work with my doctor…he smirked and said I had to come back on their half day, saturday….which he said was the day 30.

    Break 4 I was so upset that I came by the next day with unused meds in hand to prove I was not abusing my pain meds..i was forced to talk in an area where customers were coming and going and several heard our conversation..they basically pushed it off really upsetting me.

    My wife went to pick up my med on that half day and it had printed on it….must last 30 days and refilled on that date. I was steamed again.

    Today I go to my monthly doctor appt, the doc sees me instead of his pa….first time in forever. He n I talk and he begins the conversation about pain meds abuse and how some people get emotional even angry on them, especially if they have run out. I sat there astonished….he went on to ask if I had taken my meds today n I said yes, so he asked for the ‘pee’ test at my convience, I said right now then n I did. Was he checking to see what level it is im my bloodstream to see if the pharmacy was right about me….I am presuming they are conversing at this point. No problem I got nothing to hide.

    I was taking mental notes now as I went to the pharmacy again….placed my prescription on the counter, lady said they would call when ready. I noticed the computer screens turned away from sight this day …hmmm. The other day I could see one of them. I got the call to pick up, checked bottle n no 30 day notice or refil date or notation specifying be sure to make it last. Two points here, this was the same store different pharmacist. Also when I was asking the other pharmacist for his help and I tried to talk about hippa n he threatened to remove me as a customer, he also made this remark-i understand he said, I’ve just gone on depression/anxiety medicine too. Wow, bells went off cause it was the other person with my simular name that they gave me his antidepressant/anxiety meds by mistake. I am not on nor ever have been on any antidepressant or anxiety medicine… . What do you think here? A mess huh……

    One other breach I think, my son got a brown recluse bite and needed a prescription…..at the counter when recieving it, the girl asked name….then she asked is this your address out loud … .anyone in there now knew his name and street address……

    By the way, I’m a liscenced minister, ordained, served with distinction and always high work achievements, worked for 3 major hospital systems, while also concurrently ministering to 3 churches and hospice groups for years and I’ve heard all the paranoid talk around the table about drug abuse. I know the look when they are checking for abusers……always guilty before proven innoncent…….

  • T
    · Reply

    August 29, 2016 at 6:56 PM

    Hello, I am adult and I am prescribed some medications (controlled substances) for ADD and PTSD. I am embarrassed of the medications I take due to the fact that I wish I did not need them. Anyways my mother hates me taking the medications that I am prescribed (she doesn’t believe in it) so I told her I am not getting that one anymore. My mom also sees the same Nurse Practitioner as me and they are friends, if my Nurse Practitioner told my mom what medications I am prescribed during my mother’s next appointment (without my consent) would that be a violation of HIPAA?

  • Matt
    · Reply

    September 15, 2016 at 4:27 PM

    An ex-girlfriend of mine let me see patients files and sit at her desk to look at these files is this a violation of Hipaa

  • Brittany
    · Reply

    October 18, 2016 at 9:45 AM

    I was a patient, giving birth to my first child, in the hospital I was working for. My ex-boyfriend, who is a cardiologist, found out I was in the hospital, came to my room and harassed me hours after I gave birth to my daughter. The nurses asked him to leave and I demanded to see my EHR to see if he had accessed my information. He had, in fact, listed himself as a consulting physician in my chart in order to gain access. I was told by the vice president of the hospital at that time that I would not be bothered by the cardiologist again if I would drop the issue and that it would be difficult to continue working there if I reported the issue further. I was then moved to night shift and he continued to work on dayshift. Were my HIPAA rights violated?

  • Harley
    · Reply

    October 20, 2016 at 5:33 PM

    My uncle works at a hospital in new york and insisted on me giving birth to my child there. That was in 2013. Just last month when i went to visit retrive items of mines…i noticed he had two full folders one containing my medical records and doctors notes and the other od my child. Nothe requested by him…. Isnt this a violation of hippa…also might i add i am 27 years old…and have no need for a legal guardian of any kind.

  • Dana
    · Reply

    November 8, 2016 at 5:12 PM

    U just found out I have a rare cancer tumer and the nurse who took my stitches out of my leg who was the one who told me I had a rare form of cancer and began to tell me the form of treatment did she violate my HEPA by telling me these things and not the doctor ?

  • Michelle
    · Reply

    November 9, 2016 at 10:13 AM

    I asked someone to send me some patient information and they sent it unsecured through their private email. Am I in violation of the HIPPA law or are they?

  • Dee Ellis
    · Reply

    December 7, 2016 at 6:12 PM

    Hi, right now I’m fighting a medical debt lawsuit, it was for only $70.00 which it seems I paid off right about the same time he filed. Anyway needless to say I’m being forced to fight it out.
    The laywer was just recently ordered to send me all the documents he has, and in going through the packet, 13 pages are personal medical information, my heath record, family history, letters from my family doctor, and the doctor I was referred to, my prescription information, what drug store I use, and when I had them filled, Etc.
    And then the other pages are financial agreements…… which is all I would think he’d need.
    Even though my bill is paid, he still wants his attorneys fees which are $185 plus court cost. He plans to bring in the clinicsame office manager who printed out my complete file….. was it legal for her to do that, and then give all my personal private health information to the attorney?

  • Mari
    · Reply

    December 14, 2016 at 2:13 PM

    I posted looking for dentist recommendations on facebook status and noted I did not want Dentist A, due to them previously removing the wrong tooth. Well Dentist A comments on my post two days later posting not only an X-ray of my mouth to show the cavities but also talks about my treatment plan on my social media post. Is this a hippa violation I feel humiliated that everyone could see my damaged mouth…

  • Esp
    · Reply

    December 16, 2016 at 4:38 AM

    Is it against HIPAA regulation if mother in law who is a medical ass. Printed my pregnancy records through her job without me knowing? I found out by snooping through her room. My sons record were also there and she said his dad gave consent to those which I’m fine with. But I DID NOT want her having that information about me. What can I do about this? Can I call her manger or I have to file a complaint?

  • Cathy
    · Reply

    December 20, 2016 at 9:39 PM

    i went to see a dr and he was hurtfull and rud and was in the door way talking vary loud about my problem’s to were others and staff heard everything i was so a shamed and hurt humiliated. That i left there with a panick atack and chestpains i called my reg dr told them what had happend i wana no if iv got a complaint

  • Lydia
    · Reply

    December 26, 2016 at 9:55 AM

    I was involved in a mva at a work conference out of state. It’s being handled by workers comp (which is its own nightmare). I was sent to a radiology facility to have a myelogram. This facility sent a bill to our landlords office. It wasn’t addressed with my name or the name of my store, so they opened it. Figured out who it belonged to then called me to pick it up. Isn’t that a violation of my hipaa rights? Unintentional perhaps, but a violation nonetheless? This whole mess sucks.

  • bethany
    · Reply

    December 30, 2016 at 11:46 PM

    What about if I self paid at an urgent care and they sent my insurance info when I thought I was just self paying. Now I owe more money BC it was submitted to insurance! 125$ self pay and now insurance is telling me I have to pay them 170$ more!

  • Maria Smith
    · Reply

    January 6, 2017 at 12:12 AM

    Is it a Hipaa violation when in our office files are everywhere being exposed to patients incuiding SSN. The monitor is facing the patients and the sign in sheet is out for everybody to see with first and last name

  • Kevin
    · Reply

    January 8, 2017 at 3:43 AM

    I am the supervisor of a volunteer organization that has bylaws that prohibits any member from making disparaging comments about another member. A member who is facing disciplinary action recently wrote a letter to outside agencies that I allegedly received treatment in the past for alcohol issues. This was done in an attempt to retaliate. Is this a HIPAA violation by making allegations that I was treated for alcohol rehabilitation when he has no documentation or proof that I actually received such treatment?

  • Dr. V
    · Reply

    January 26, 2017 at 5:15 PM

    I am an OB/GYN physician. We frequently put a copy of the prenatal record into an infants chart so the pediatrician can know things like bloodtype/ Hep B screening/ immunizations/ family history/ etc. I am wondering if this is a HIPAA violation and if it is, what would be required to be able to make that information available.

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message

© 2023 · hipaa.com

Prev Next