Do I have legal rights if my medical privacy rights have been violated?
Medical healthcare disclosures what are my privacy rights?
Recently on our forum a user asked, “What are my rights if a person called my healthcare provider and was given detailed information about my healthcare and medications without my protection? Do I have any legal recourse against them for this illegal disclosure?”
The Health Insurance Portability and Accountability Act (HIPAA) was passed by the United States Congress and signed into law in 1996. HIPAA not only created national standards for electronic healthcare transmissions, but it also established privacy rules to protect an individual’s disclosure of medical records and ensured additional protections for patients to retain their health insurance coverage if they changed jobs.
HIPAA Privacy Rule and Illegal Disclosures of medical information
As of April 14, 2003, covered entities such as health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically have been required to comply with rules established under the HIPAA Privacy Rule.
More recent updates to the legislation also require business associates, who are employed by covered entities to perform health care activities and functions, to also comply with certain provisions of the HIPAA Rules.
Under the HIPAA Privacy Rule, both covered entities and business associates not only have to provide the appropriate safeguards to protect the privacy of personal health information, but they also cannot disclose medical information about a patient without the patient’s authorization.
HIPAA Violations and medical privacy
Unfortunately, even with the passage of laws and regulations to protect patient’s data, it is not unusual for someone to become the victim of an improper disclosure. Disclosures can include data security breaches, the improper maintenance of records, the unauthorized accessing of a paper-based patient file, or simply an employee disclosing information over the phone to someone who is not authorized to receive the information.
What do you do if your medical record has been breached?
If your medical information has been breached and an unlawful disclosure has been made there are several steps you should take:
- Identify what information was disclosed.
HIPAA protects PHI or Protected Health Information. This can include information which is considered individually identifiable health information and is transferred or maintained in any form or medium by a covered entity or its business associates.
For instance, information which cannot legally be disclosed without your permission includes your medical history, family medical history, information about your lifestyle, past procedures, laboratory test results, prescribed medications, genetic testing results, and other health-related information.
- Contact the person or entity which made the disclosure.
- Contact Health and Human Services (HHS).
Contact the HHS to describe the alleged incident and request an investigation. The HHS may issue a warning, discipline the violator, or refer the matter to the Department of Justice. Complaints must be made within 180 of the alleged act. To file a complaint you can fill out the Health Information Privacy Complaint form and send it to the appropriate regional HHS office.
- Determine if you have a personal injury claim.
You may have a legal right to file a breach of privacy lawsuit against the entity that disclosed your information and receive compensation for your injuries. Whether you have a strong case or you are entitled to compensation, however, will depend on the details of your claim.
If your medical information was disclosed and you have suffered little harm or injury, you may be entitled to very little compensation. HHS may investigate, but it’s likely most of their efforts and energies are currently focused on organizations which have serious breaches of millions of patient’s records.
Next QuestionHow do I revoke a durable power of attorney?
Category: Family Law