By Steven Wiley | September 27, 2013 at 04:22 PM EDT | No Comments
The records kept by health care providers, like doctors and hospitals, often contain patient information that, if released into the wrong hands, has the potential to cause patients a great deal of embarrassment, humiliation and even economic damage. On the federal level, most health care providers are subject to the "privacy rule" of the Health Insurance Portability and Accountability Act of 1996, better known as "HIPAA." HIPAA has become fairly well-known for its protection of the confidentiality of medical records. Under HIPAA, a covered health care provider can be subject to administrative fines or even criminal sanctions for improperly disclosing medical records or other protected health information, with the severity depending on the circumstances. However, HIPAA does not actually provide for the right of the patient actually affected by the breach of confidentiality to seek recourse for his or her damages.
In West Virginia, the Supreme Court of Appeals held in the 2012 case of R.K. v. St. Mary's Medical Center, Inc. that HIPAA does not prevent a patient from suing a health care provider for the improper disclosure of confidential records or information under West Virginia's common law. The decision in this case allows for the actual injured party, the patient, to hold health care providers accountable for breaches of confidentiality and to recover damages for the disclosure of their sensitive information.
In Virginia, the courts have also recognized the right of a patient to sue a health care provider for a breach of confidentiality, as discussed in the 1997 case of Fairfax Hosp. by and through INOVA Health Sys. Hosps., Inc. v. Curtis. Although the Supreme Court of Virginia did not discuss the effect, if any, of HIPAA on the private right to sue based upon a breach of confidentiality in Curtis, a bankruptcy court for the Eastern District of Virginia has, in a case alleging damages based upon the disclosure of confidential health information in a public bankruptcy pleading, noted the viable co-existence of the cause of action recognized in Curtis with HIPAA. See Maple v. Colonial Orthopaedics, Inc., 434 B.R. 363 (Bankr. E.D. Va. 2010). The Curtis decision was also cited by the West Virginia Supreme Court of Appeals in the 2012 decision discussed above as an example of a state recognizing common law claims for the wrongful disclosure of medical information.