Connecticut Court Allows Claim for a Breach of HIPAA to Proceed
The Connecticut Supreme Court has ruled that a plaintiff can proceed with a claim for a breach of HIPAA after her private health details were released without her consent.
Emily Byrne brought her claim for a breach of HIPAA after advising her doctor at the Avery Center for Obstetrics and Gynecology in Westport not to provide her protected health information to the father of the child to whom she was pregnant as their relationship had broken up – Andro Mendoza.
However, after Mendoza had obtained a subpoena to support a paternity suit, the health center released Emily´s protected health information without telling Emily or fighting the subpoena in court. Emily´s former partner then used the information to launch “a campaign of harm, ridicule, embarrassment and extortion”.
Emily took her claim for a breach of HIPAA to the Appellate Court – claiming that the Avery Center had been negligent in releasing her protected health information to Mendoza. The court decided that HIPAA preempted the negligence suit which meant that the health center could admit to a breach of HIPAA and face a lesser civil penalty rather than the consequences of a negligence claim.
Get The Checklist
Free and Immediate Download
of HIPAA Compliance Checklist
Delivered via email so verify your email address is correct.
Your Privacy Respected
Undeterred, Emily appealed to the Connecticut Supreme Court, where a panel of judges ruled that the preamble in HIPAA did give her a justifiable case. Together with a claim for a breach of HIPAA, the Supreme Court ruled that the Avery Center had acted in violation of Connecticut´s Unfair Trade Practices Act by releasing Emily´s protected health information, and sent the case back to the Appellate Court for a hearing to be scheduled later this year.
This is the first instance that Connecticut’s Supreme Court has ruled regarding HIPAA negligence, and the state now joins Missouri, West Virginia and North Carolina in similar rulings The Department of Health and Human Services later confirmed that “the fact that a state law allows an individual to file [a civil action] to protect privacy does not conflict with the HIPAA penalty provisions.”