The Latest Issue of Privacy This WeekNovember 13, 2014 – In The News
Elizabeth Litten and Michael Kline were quoted in the Data Guidance article, “The Latest Issue of Privacy This Week.” Full text can be found in the November 13, 2014, issue, but a synopsis is below.
On November 11, 2013, the Connecticut Supreme Court ruled in the case of Byrne v. Avery Center for Obstetrics and Gynecology, P.C. that an action for negligence arising from health care providers' breach of patient privacy is not preempted by HIPAA and that HIPAA regulations may well inform the applicable standard of care in certain circumstances.
“This has opened the floodgates of litigation because this decision may have established a new level of punishment," said Fox’s Michael Kline.
"The precedents this case sets may have exponential repercussions and may twist the decision in extreme illogical directions," explained Fox Partner, Elizabeth Litten.
Kline agreed, adding, "Just consider the liability a doctor would incur if he mistakenly leaves a document with personal health data on the wrong nurse station desk. If someone improperly accesses that information and uploads the data to the Internet we are dealing with a data breach under HIPAA standards - a negligent act."
Litten also mentioned there is fear that some of the things HIPAA tries to regulate, such as transparency in data breaches, may be undermined. If individuals can resort to state law to seek compensation for data breaches, companies may see benefits in not complying with the transparency finality of HIPAA.
"Furthermore there are many other federal standards with implications in data protection, such as the Family Educational Rights and Privacy Act (FERPA), that could follow the case of HIPAA,” Litten noted.
“It would not be surprising if HIPAA is taken to the Federal Supreme Court to delimit its preemption scope,” Kline continued. “We haven't seen the end of it."