The Privacy Rule does not provide a private right of action, it only
provides for the civil and criminal penalties to be imposed by the
government. However, a clever plaintiff's attorney could craft an argument
that the violation of the HIPAA Privacy Rule is evidence that the Covered
Entity was negligent ("negligence per se") by violating the Rule. This
would be a way in which an attorney could sue for damages.
As a disclaimer, I do not represent plaintiffs, I represent Covered
Entities, so there might be other crafty arguments of which I am not aware.
Jud DeLoss
Gerald "Jud" E. DeLoss, Esq.
Barnwell Whaley Patterson & Helms, LLC
885 Island Park Drive
Post Office Drawer H (29402)
Charleston, SC 29492
Telephone (843) 577-7700
Direct (843) 329-5313
Facsimile (843) 577-7708
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
The information contained in this message may be privileged and/or
confidential and protected from disclosure. If the reader of this message is
not the intended recipient or agent responsible for delivering this message
to the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If
you have received this communication in error, please notify the sender
immediately and delete all copies of the material.
-----Original Message-----
From: Nancy Jones [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 24, 2003 12:40 PM
To: WEDI SNIP Privacy Workgroup List
Subject: Re: Is HIPAA Individually Liable?
I would like to add to this question . . . I have been to several HIPAA
workshops, each taught by a different attorney or team of attorneys.
One group will tell you that the entity can't be sued for damages if a
HIPAA violation occurs . . . . that sanctions from the OCR is punishment
enough for the covered entity and that patients may not expect damages.
Others have said that plaintiff's attorneys are circling like buzzards
and buying the back covers of telephone books all over America with the
big question . . HAS YOUR MEDICAL PRIVACY BEEN VIOLATED?
I havent' gotten a straight answer yet! And now I hear that "THIPAA" -
the Texas version of HIPAA that goes in to effect in 9/03 not only
allows the entity to be sued, but the individual can be held personally
liable. I am a patient advocate and believe in the fundamental
principals of protecting health information, but this is really getting
out of hand.
Patricia Conroe wrote:
>
> I apologize if this is listed somewhere real obvious, but I was wondering
if there was a definite answer as to who's liable when HIPAA has been
violated? In a hospital situation, if HIPAA's violated and jail time and
fines are distributed who gets that fun time? Is it the CEO, the Privacy
Officer, the employee who violated the rule, all of the above, etc? Thank
you!
>
> ---
> The WEDI SNIP listserv to which you are subscribed is not moderated. The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board
of Directors nor WEDI SNIP. If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and
services. They also are not intended to be used as a forum for personal
disagreements or unprofessional communication at any time.
>
> You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED]
> To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
> If you need to unsubscribe but your current email address is not the same
as the address subscribed to the list, please use the Subscribe/Unsubscribe
form at http://subscribe.wedi.org
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions
on this listserv therefore represent the views of the individual participants, and do
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If
you wish to receive an official opinion, post your question to the WEDI SNIP Issues
Database at http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and services.
They also are not intended to be used as a forum for personal disagreements or
unprofessional communication at any time.
You are currently subscribed to wedi-privacy as: [email protected]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to
[EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the
address subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org
