09202017Headline:

Lansing, Michigan

HomeMichiganLansing

Email David Mittleman David Mittleman on LinkedIn David Mittleman on Facebook David Mittleman on Avvo
David Mittleman
David Mittleman
Attorney • (888) 227-4770

HIPAA Violations – Who’s Watching?

Comments Off

The passing of the Health Insurance Portability and Accountability Act (HIPAA) of 1996, has since sparked great interest among Americans as to who may be looking at their private medical records. Over the last decade identity theft has spiked, stoking fear and paranoia about the Information Age. The Privacy Rights Clearing House reports that over “244 million data records of U.S. have been exposed due to security breaches since January of 2005.”

One of the most egregious and shocking examples of security breaches occurred in May of 2006. U.S. veterans’ records were stolen by and employee at the Department of Veterans Affairs. The employee had taken home a laptop which contained the names, social security numbers, birth dates and diagnostic codes for 6.5 million veterans. Fortunately, in this instance, the laptop was recovered before any of the data had been removed and sold on the black market.

Another highly-publicized incident involved Michigan‘s Governor, Jennifer Granholm. Several employees were disciplined for attempting to access her medical file following an abdominal surgery performed at a Lansing-area hospital.

Between 2003 and 2007, more than 25,536 HIPAA complaints have been filed with the Department of Health and Human Services. While enforcement of these violations have generally been educational and remedial in nature, that trend is likely to change. Public outcry has call for a more aggressive approach in regulating HIPAA violations.

However, people are now starting to take matters into their own hand through civil causes of action. HIPAA is now being invoked as a basis for privacy standards, because HIPAA provides a floor level of protection.

In Sorensen, et al v. Barbuto, et al, 143 P. 3rd, 295 (Utah ct. App. 2006) and Acosta v. Byrum, 638 S.E.2d 246 (N.C. Ct. App. 2006), the plaintiffs were successful in using HIPAA’s floor level of protection to prove that there is a duty not to disclose confidential personal information. This will likely lead to a boom in using HIPAA in private tort litigation as the standard of care in maintaining health care privacy.