25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Connecticut Court Allows Claim for a Breach of HIPAA to Proceed

Posted By on Nov 6, 2014

The Connecticut Supreme Court has ruled that a plaintiff can proceed with a claim for a breach of HIPAA after her private health details were released without her consent.

Emily Byrne brought her claim for a breach of HIPAA after advising her doctor at the Avery Center for Obstetrics and Gynecology in Westport not to provide her protected health information to the father of the child to whom she was pregnant as their relationship had broken up – Andro Mendoza.

However, after Mendoza had obtained a subpoena to support a paternity suit, the health center released Emily´s protected health information without telling Emily or fighting the subpoena in court. Emily´s former partner then used the information to launch “a campaign of harm, ridicule, embarrassment and extortion”.

Emily took her claim for a breach of HIPAA to the Appellate Court – claiming that the Avery Center had been negligent in releasing her protected health information to Mendoza. The court decided that HIPAA preempted the negligence suit which meant that the health center could admit to a breach of HIPAA and face a lesser civil penalty rather than the consequences of a negligence claim.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Undeterred, Emily appealed to the Connecticut Supreme Court, where a panel of judges ruled that the preamble in HIPAA did give her a justifiable case. Together with a claim for a breach of HIPAA, the Supreme Court ruled that the Avery Center had acted in violation of Connecticut´s Unfair Trade Practices Act by releasing Emily´s protected health information, and sent the case back to the Appellate Court for a hearing to be scheduled later this year.

This is the first instance that Connecticut’s Supreme Court has ruled regarding HIPAA negligence, and the state now joins Missouri, West Virginia and North Carolina in similar rulings The Department of Health and Human Services later confirmed that “the fact that a state law allows an individual to file [a civil action] to protect privacy does not conflict with the HIPAA penalty provisions.”

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist