Codapedia is now a division of Find-A-Code

Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist

August 4th, 2017 - NAMAS
Categories:   Audits/Auditing   HIPAA|PHI  
0 Votes - Sign in to vote or comment.

Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist

Simply stated, the Health Information Portability and Accountability Act (HIPAA) does not provide a private cause of action[1]. And, prior to the 2009 passage of the Health Information Technology for Economic and Clinical Health Act (HITECH Act)[2] and the more robust chain of liability (e.g. covered entities, business associates and subcontractors) under the Breach Notification Rule, several courts had held this notion to be true.[3]

Over the past decade, a shift has occurred where state and federal courts are holding that healthcare providers who breach HIPAA and other cybersecurity provisions may be pursued for a variety of common law claims including: negligence, emotional distress, breach of confidentiality, invasion of privacy, contract violations, and punitive damages.[4] The premise for bringing a cause of action for privacy violations stems from the fundamental source of American jurisprudence - the United States Constitution.
In re Columbia Valley Regional Medical Center, 41 S.W.3d 797, 802 (2001) established that, "there is a constitutional right of privacy in this case. Apart from any statutory or evidentiary privileges that apply, the medical records of an individual have been held to be within the zone of privacy protected by the United States Constitution."
See In re Xeller, 6 S.W.3d 618, 625 (Tex. App. - Houston [14th.] 1999, orig. proceeding) (citing Alpha Life Ins. Co. v. Gayle, 796 S.W.2d 834, 836 (Tex. App. - Houston [14th Dist.] 1990 no writ).

Recent cases that uphold this motion include:

These cases underscore the importance of compliance with HIPAA and the HITECH Act. Actions brought by the Federal Trade Commission, class action law suits and Securities and Exchange Commission requirements were not discussed. The take-away is that HIPAA, the HITECH Act, and other cybersecurity violations can and do form the basis of a wide variety of causes of action. Therefore, underscoring the need to be proactive instead of reactive.

This Week's Audit Tip Written By:

Rachel V. Rose, JD, MBA
Rachel V. Rose, Attorney at Law, PLCC

Rachel V. Rose, JD, MBA, is a Houston, TX-based attorney advising on federal and state compliance and areas of liability associated with a variety of healthcare, legal and regulatory issues including: HIPAA, the HITECH Act, the False Claims Act, Medicare issues, women's health as well as corporate and security regulations.

Article Resources:
[1] 42 USC § 1320d (1996).
[2] Pub. L. 111-5, Sec. 13001 (Feb. 17, 2009).
[3]Valentin-Munoz v. Island Fin. Corp., 364F. Supp. 2d 131, 136 (D. Puerto Rico 2005);
Univ. of Co. Hosp. Auth v. Denver Publ'g Co., 340F. Supp. 2d 1142, 1145-46 (D. Colo. 2004).
[4] R.K. v. St. Mary's Medical Center, 2012 WL 5834577 (WV S.Ct. (Nov. 15, 2012), cert. denied.

NAMAS is setting the standards in medical auditing & education    

The NAMAS team and faculty work hard to bring you membership resources, products, tools, and training that is not only timely and specific to medical auditing and compliance, but also that is     specific to the needs of medical practices today. NAMAS staff are industry recognized experts who provide audits and consulting services to active clients which gives NAMAS the cutting edge to provide relevant training.



Questions, comments?

If you have questions or comments about this article please contact us.  Comments that provide additional related information may be added here by our Editors.

Latest articles:  (any category)

Q/A: How Many Diagnosis Codes do I use?
April 15th, 2019 - Wyn Staheli, Director of Research
Question: My patient has a lot of chronic conditions. Do I need to include all these on the claim? I know that I can have up to 12 diagnoses codes on a single claim. What if I need more than that? Answer: More is not always better. You only need to ...
Watch out for People-Related ‘Gotchas’
April 15th, 2019 - Wyn Staheli, Director of Research
In Chapter 3 — Compliance of the ChiroCode DeskBook, we warn about the dangers of disgruntled people (pages 172-173). Even if we think that we are a wonderful healthcare provider and office, there are those individuals who can and will create problems. As frustrating as it may be, there are ...
Q/A: What do I do When a Medicare Patient Refuses to Sign an ABN?
April 8th, 2019 - Wyn Staheli, Director of Research
Question: What do I do when a Medicare patient refuses to sign an ABN? Answer: That depends on whether the patient is still demanding to have/receive the service/supply. If they aren’t demanding the service, then there is no need to force the issue. Just make sure that you still have an ...
Prepayment Review Battle Plan
April 8th, 2019 - Wyn Staheli, Director of Research
Any type of payer review can create some headaches for providers and cause problems for a healthcare office. Even for a practice that has taken administrative steps to try and prevent a prepayment review, it can still happen. A prepayment review means that you must include documentation WITH your claim. ...
Looking Ahead - Changes in Dentistry!
April 3rd, 2019 - Christine Taxin
In the next 10 years, what is the biggest change dentistry will experience? FW: We all know healthcare in the U.S. is changing rapidly. Dentistry is no exception. My opinion is that several big changes are forthcoming. Most often, I think about changes that benefit patients and/or providers. Here are three ...
Q/A: I Submitted a Claim to the VA and it’s Being Denied. Why?
April 1st, 2019 - Wyn Staheli, Director of Research
I submitted a claim to the VA and it’s being denied. Why? There are several reasons why your claim might be denied by the Veterans Administration (VA). However, without more information about the claim itself (e.g., services billed), we can only provide the following general information about the VA and chiropractic ...
Corrections and Updates
April 1st, 2019 - Wyn Staheli, Director of Research
One constant in our industry is change. Policies change, contracts change, and there are updates. Also, people aren’t perfect and mistakes can be made. So this article will cover a variety of topics. Published Articles We appreciate feedback from our valued customers. We have received feedback regarding two of our articles which ...

About Codapedia & Find-A-Code Contact Us Terms of Use Privacy Policy Advertise with Us

Codapedia™/Find-A-Code™ - 62 E 300 North, Spanish Fork, UT 84660 - Phone 801-770-4203 (9-5 Mountain) - Fax (801) 770-4428

Copyright © 2009-2019 Find A Code, LLC - CPT® copyright American Medical Association