Conn. Ruling Expands HIPAA Liability For Medical Providers

November 10, 2014 – In The News

Michael Kline was quoted in the Law360 article, “Conn. Ruling Expands HIPAA Liability For Medical Providers.” Full text can be found in the November 10, 2014, issue, but a synopsis is below.

The Connecticut Supreme Court ruled that medical providers that allegedly exposed confidential patient health data can be hit with state-law negligence claims based on the Health Insurance Portability and Accountability Act.

The Connecticut Supreme Court reasoned that the ability to bring negligence claims in state court is beneficial because the allegations “support at least one of HIPAA's goals by establishing another disincentive to wrongfully disclose a patient's health care record” if they don't conflict with or complicate health care providers' compliance with HIPAA.

“It's likely that other states are going to be saying the same thing as the Connecticut high court, because they're not going to want to see decades of laws regarding negligence simply stripped away by an endeavor to have the claims preempted by HIPAA,” explained Fox Partner, Michael Kline.

Kline noted that he wouldn't be surprised if the issue made it to the U.S. Supreme Court, given the possible conflicts between the desire of states and plaintiffs to sue for medical privacy violations and the aim of HIPAA to restrict private rights of action.

“In light of some of the huge HIPAA breaches that have been reported over the past year that have affected thousands and even millions of people, if those people have the right to sue for emotional distress or some other claim under state law, the number of lawsuits could be unbelievable and even rise to the level of toxic torts,” Kline stated.