A jury in Marion County, Ind. awarded a plaintiff $1.4 million in damages based on Walgreens' negligence in failing to properly train its pharmacists regarding protected health information and HIPAA compliance, according to a National Law Review report.
An individual whose protected health information is improperly shared by a healthcare provider in violation of HIPAA has no state-based legal recourse available because HIPAA does not create a private state-based cause of action to allow victims to seek recourse from HIPAA violators, according to the report.
However, HIPAA still plays a significant role in state court proceedings when a plaintiff whose health information has been shared files a lawsuit alleging negligence and professional liability as it relates to confidentiality, as illustrated in the case of Hinchy v. Walgreens.
In that case, a Walgreens' pharmacist looked up her husband's ex-girlfriend's medical records who she believed had passed a sexually transmitted disease to her husband. After reviewing the medical records, the pharmacist shared the ex-girlfriend's protected health information with her husband, and the husband confronted his ex-girlfriend regarding the information he had learned from his wife, according to the report.
The ex-girlfriend filed suit against Walgreens alleging the company had failed to protect her privacy and confidentiality and failed to properly train and supervise its employees regarding patient privacy and confidentiality.
Because the court agreed with Walgreens that the pharmacists actions were outside of her job duties, the court granted summary judgment concerning the negligent hiring claim but allowed the rest of the claims to proceed to trial, and a jury ultimately awarded the ex-girlfriend $1.4 million in damages, according to the report.
Although there is no state-based action created under HIPAA, this case shows HIPAA creates the standard of care that is expected concerning patient privacy and confidentiality when plaintiffs bring negligence, invasion of privacy and professional liability claims in state court, according to the report.
More Articles on HIPAA:
4 Steps to Mitigate Data Security Risks, Maintain HIPAA Compliance
HHS: Round 2 HIPAA Audit Details Revealed
10 Necessary Components of a HIPAA Business Associate Agreement