A case in Indiana demonstrates another concern with HIPAA violations. While HIPAA itself does not create a private cause of action, on July 23rd, 2013 a jury awarded 1.44 million to a Walgreens customer after a negligence and professional liability claim was brought by a guest.
A lot of bad facts existed in this case including a love triangle involving the pharmacist's husband and the guest but the claim against the pharmacist and covered entity included private causes of action due to the HIPAA violations. The claims included allegations of breach of statutuory and common law duties of confidentiality and privacy, as well as negligence, invasion of privacy, negligent training, negligent supervision, etc.
The case held that since the pharmacist's actions violated HIPAA, this was a breach of the standard of care resulting in liability for the harm caused to plaintiff. Additionally, since the pharmacist acted within the scope of her employment, plaintiff argued that Walgreens also was liable for the pharmacist's actions. After a four-day trial, the jury agreed and found both parties liable.
As HIPAA develops into a standard of care, violating HIPAA may result in new forms of liability (even under state law) when individuals or organizations breach those standards.
If you have questions on HIPAA standards, including privacy, security or HITECH, please contact Kinney & Larson.