Victims of compromised healthcare information may be able to file a HIPAA violation lawsuit against the responsible party. Last month, Downers Grove, Illinois-based Advocate Health System reported the second-largest HIPAA data breach to date after four unencrypted laptops were stolen from its facility. As a result of the incident, confidential medical information and Social Security numbers of more than 4 million people were placed at risk.
What Is HIPAA?
Medical privacy is a top concern for most people. Because the protection of personal and confidential health information is so important, there are a number of laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the Illinois Personal Information Protection Act, that are designed to protect confidential information such as medical records, Social Security numbers, and private contact information.
HIPAA, created in 1996, implemented national standards for the handling of sensitive patient medical information. This act prohibits the disclosure of a patient’s private information without his or her knowledge or consent by the covered entities. Those established as covered entities, and therefore required to protect patient information, are:
- healthcare providers
- health plans/insurance companies
- healthcare clearinghouses
- business associates
Established with the HIPAA Privacy Rule, the HIPAA Security Rule outlines an additional subset of protected information. Under this act, covered entities must:
- Protect against impermissible use or disclosure of patient information
- Safeguard against anticipated security threats
- Ensure the confidentiality of electronic protected information
- Certify compliance
Not only do these laws obligate health care providers to keep a patient’s medical information confidential, but a breach of patient confidentiality may also create state tort liability for health care providers when data breaches occur.
Can You Sue for HIPAA Violations?
A class action HIPAA violation lawsuit was recently filed by two patients affected by the Downers Grove breach, alleging negligence, deceptive business practices, invasion of privacy, intentional infliction of emotional distress and consumer fraud due to the health care provider’s failure to take the necessary precautions required to protect patients’ confidential medical information. According to the lawsuit, the unencrypted laptops were stolen from an “unmonitored” room with “little or no security to prevent unauthorized access.”
According to the plaintiffs, a recent Javelin Identity Fraud Report indicates that those individuals who have their personal health information or personal identity information compromised in a data breach are nearly 10 times more likely than the public to experience identity theft or fraud.
The breach is currently being investigated by the Office for Civil Rights and the Illinois Attorney General’s office for possible HIPAA and Illinois privacy law violations.
As we reported last week, technological advances have taken patient confidentiality into uncharted territory, and a recent lawsuit filed by a patient in California highlights the privacy and data risks inherent in this age of smartphones and social media. As the Los Angeles Times reports, the patient’s anesthesiologist decorated the patient’s face with stickers while she was unconscious and a nurse’s aide subsequently snapped a photo.
The Chicago medical malpractice lawyers at Ankin Law take the patient information protection very seriously. We have considerable experienced with all types of medical malpractice claims, including those resulting from a breach of patient confidentiality, and we can help you understand your legal rights and remedies. If you were a victim of the Advocate Health data breach, or you suspect that you have the victim of a breach of patient confidentiality, contact one of our Chicago medical malpractice attorneys at (312) 600-0000 to schedule a free consultation to learn more about a possible legal claim.