Medical Offices May Be Liable for Staff’s Privacy Breaches

Medical offices may be held liable if staff share patient health information obtained on the job, even if the employer had no reason to suspect a breach of privacy. A lawsuit being considered by the New York Court of Appeals involves a nurse who texted information about a patient’s sexually transmitted disease to the patient’s girlfriend, who was her sister-in-law. Although the employee clearly acted for personal reasons, her employer may be held responsible for her actions. The case serves as a reminder to medical offices about the importance of educating all employees about privacy regulations and the serious consequences of failing to comply. A trial court dismissed the patient’s claim against the medical center, which alleged that the office breached its fiduciary duty to maintain his confidential information.