Privacy: State Law Claims for Breach of Health Information Privacy Not Preempted by HIPAA
April 1, 2013 | Healthcare Risk, Quality, & Safety Guidance
HIPAA's privacy rule does not preempt state law causes of action for wrongful disclosure of healthcare information, according to the Supreme Court of Appeals of West Virginia. In so ruling, the court cited similar decisions in Connecticut, Delaware, Minnesota, New York, Ohio, and Virginia permitting claims for breach of health information privacy to proceed under state common law. The court also noted that several other jurisdictions, notably Missouri, North Carolina, and Tennessee, permit a plaintiff to use a HIPAA privacy violation as the basis for a claim of negligence or use the HIPAA privacy rule as some evidence of the standard of care required of the defendant.
The West Virginia case involved a claim by an individual, who, while in the midst of divorce proceedings, was admitted to the defendant hospital for psychiatric care. During his admission, the patient disclosed confidential personal information that he had not previously disclosed to anyone, including his estranged wife. The patient did not authorize disclosure of information related to his psychiatric condition or hospital admission to anyone. Nevertheless, during his admission, hospital employees improperly accessed the patient's medical records, informed the patient's estranged wife and...