Protecting the Privacy of Your Medical Records

What to do if a hospital or physician improperly discloses your medical info

By

In February 2017, the medical records of hundreds of patients at South Fulton Mental Health Center were discovered in an open dumpster in front of the facility in East Point. The papers, in open view for anyone to see, held detailed and highly sensitive psychiatric reports of confidential treatment sessions, as well as patient names, addresses and Social Security numbers.
 
While the circumstances vary—from unauthorized nurses viewing a celebrity patient’s chart or taking smartphone photos to a hacker breaching a hospital’s private servers—such invasions of privacy are not isolated incidents. In fact, they’re on the rise. According to its 2017 federal report, complaints filed with the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights rose about 5 percent per year until 2012. The increase over the past three years: almost 22 percent. To be more specific, the number of privacy-related complaints went from 2,268 in 2003 to 17,661 in 2015.
 
Such invasions of privacy are in violation of HIPAA, the Health Insurance Portability and Accountability Act, which is enforced by HHS’ Office for Civil Rights. Such violations can carry both civil and criminal penalties, including fines up to $250,000 and 10 years in prison. HIPAA settlements can sometimes amount to millions of dollars.
 
However, HIPAA does not provide for a private right to sue based on its violation. Rather, you can file a complaint with your health care provider, with your health insurance, or with HHS. You must file a HIPAA Privacy Complaint within 180 days of the circumstances giving rise to the complaint. The OCR will investigate and let you know their conclusions and what actions have been taken.
 
If the investigation concludes there was a possible criminal violation, OCR will forward the matter to the U.S. Department of Justice. If there’s a determination that a non-criminal violation occurred, the OCR will seek voluntary corrective action or will issue a formal finding of violation. They may impose civil monetary penalties as part of the negotiated resolution, and these can, as noted, run into the millions of dollars. However, monetary penalties are paid to HHS, not to any injured individual. 
 
You may be able to bring a civil suit for violation of Georgia’s state medical records disclosure law, or under Georgia’s invasion of privacy or negligence law. Personal medical records are protected by Georgia’s constitutional right to privacy. The challenge to successfully waging this type of claim is that you must show documented and provable damages—that is, specifically, quantifiably, how you were harmed by the disclosure. Examples of documented losses include medical or counseling bills, credit protection or identity theft insurance, costs related to stolen identity, lost pay for time off, and other expenses that resulted directly from the breach to your privacy.

Georgia

Personal medical records are protected by Georgia’s constitutional right to privacy. The challenge to successfully waging this type of claim is that you must show documented and provable damages—that is, specifically, quantifiably, how you were harmed by the disclosure.

Other Featured Articles

The Advantages of a Special Needs Trust

SNTs and Pooled SNTs allow loved ones to gift money to those on government benefits

 

Driving a Hard Bargain

Fighting fraud and deception at car dealerships in Florida

 

What Should You Do When You Get an IRS Audit Notice?

Don’t panic. Do call a professional.

 

See More Legal Issue Articles »

Share:
Page Generated: 0.1325089931488 sec