Medical Offices May Be Liable for Staff’s Privacy Breaches
May 3, 2013 | Strategic Insights for Ambulatory Care
Medical offices may be held liable if staff share patient health information obtained on the job, even if the employer had no reason to suspect a breach of privacy. A lawsuit being considered by the New York Court of Appeals involves a nurse who texted information about a patient’s sexually transmitted disease to the patient’s girlfriend, who was her sister-in-law. Although the employee clearly acted for personal reasons, her employer may be held responsible for her actions. The case serves as a reminder to medical offices about the importance of educating all employees about privacy regulations and the serious consequences of failing to comply. A trial court dismissed the patient’s claim against the medical center, which alleged that the office breached its fiduciary duty to maintain his confidential information.