Tammy Worth reports on HIPAA-related privacy breaches and one lawyer’s experience representing plaintiffs. There are some interesting points and examples in the articles as to what awards or settlements have been. As examples:
A woman in St. Louis, Missouri, whose mental health records were released to her ex-husband during custody suit settled a case for $385,000. In that case, the ex’s attorney subpoenaed the records and, without notifying the patient, the hospital mailed the records to the attorney.
In a case in Alabama, a jury awarded $300,000 after a doctor accessed a woman’s drug history from the state’s prescription monitoring program. The woman was in a custody battle with her ex-husband, and his current wife asked the doctor to retrieve the records. The plaintiff sued the hospital for failing to discipline the doctor after notification of the breach.
Read more on Renal and Urology News.
So here’s a news story from today that might lead to a patient wanting to sue an entity for a HIPAA breach. But is this a case that a lawyer should take or that would be likely to lead to a settlement:
UMC launches probe after confidential patient records were mistakenly given to wrong family
According to the news story, University Medical Center in El Paso, Texas sent the wrong patient’s records to another patient who had requested their records. It’s a mistake, right? But is there harm or injury or anything that would justify any kind of suit or settlement? What would influence your opinion? What if the records accidentally released involved a very stigmatizing medical condition or prognosis? Would that make a difference?
And no, I am not trying to encourage lawsuits. I am trying to get us all to think about what matters to us when we think of harm or injury and compensating people for breaches – whether they should be compensated monetarily at all, and if so, on what basis?