Matt Fisher writes:
Healthcare organizations are learning tough lessons that actions of employees can come back with serious consequences to the organization. When it comes to maintaining the privacy and security of patient data, no action comes without a consequence. While some actions are completely uncontrollable, that does not necessarily mean that liability cannot potentially flow to the employer. Additionally, HIPAA may only tell part of that story in that regard as state law will play a significant role in determining potential liability.
The impetus for the focus on potential employer liability is a recent decision from the Supreme Court of Virginia. The high-level summary is that the employer healthcare organization (Carilion) may be liable for the snooping of two employees into the record of a patient and the subsequent spreading around of information learned.
Read more on Mirick O’Connell’s Health Law Blog.