Kaplan Fox Protects Your Medical Privacy Rights

Instances regarding the loss of or exposure of medical information have been on the rise in the last few years. One study indicated that over twenty-nine million patient records had been breached since 2009, and that between 2012 and 2014 medical data breaches increased by 138%. This is particularly alarming because health information can be more valuable to criminals than financial information because they can obtain free medical services and file false insurance claims assuming someone else’s identity.

Our medical privacy attorneys have brought class action cases against health insurers, HMOs, and hospitals that have breached their patients’ medical privacy. In these cases, patients have had their personal information and medical records lost, stolen, and even published on the Internet.

Medical Privacy Law Under HIPAA

Medical privacy is regulated on federal and state levels. The federal regime—the Health Information Privacy Assurance Act (“HIPAA”)—regulates the use and disclosure of personal health information (“PHI”) by covered entities, such as medical providers, insurance companies, and their business associates, but it does not provide patients the ability to file a private lawsuit against hospitals or health care providers when they lose or improperly disclose their medication information.

HIPAA’s regulations are divided into three parts: the Privacy Rule, the Security Rule, and the Enforcement Rule. The Privacy Rule encompasses several requirements, including that PHI will only be shared to the minimum extent necessary to achieve the purposes of disclosure. The Security Rule enumerates specific safeguards for physical and technological records.  The Enforcement Rule permits the Department of Health and Human Services (“DHHS”) to regulate inadequate privacy practices, and patient complaints for breaches must be handled through the DHHS Office of Civil Rights. However, it is rare for the DHHS to enforce HIPAA through fines—although in 2011, it fined UCLA Hospital over complaints that employees were looking at celebrity patients’ medical records.

State Medical Privacy Law

Although HIPAA does not allow patients to sue, when your medical privacy is breached certain state laws can be invoked to protect your rights and obtain compensation. For example, in California the Confidentiality in Medical Information Act (“CMIA”) permits private suits against medical providers for damages and statutory fines of $1,000 for negligent releases of medical information. Many lawsuits have been filed under this statute or other data breach laws for medical privacy breaches in California to hold hospitals or health maintenance organizations responsible when they breach patient confidentiality.

Kaplan Fox’s Medical Privacy Lawyers

Our patient privacy lawyers have expertise and experience enforcing patients’ rights to medical privacy in cases involving data breaches and the loss or theft of medical records. Our team has a strong track record of representing consumers in class action lawsuits against health insurers, retailers, manufacturers and internet service providers when they have failed to protect their own customers’ privacy rights. As a result of our efforts, we’ve recovered compensation for victims and worked hard to ensure companies implement stronger privacy practices to ensure customers are protected in the future.

Representative medical privacy cases include:

Doe v. Caremark, LLC, et al., No. 2:18-cv-00488-EAS-CMV (S.D. Ohio): Kaplan Fox is court appointed co-lead counsel in a class action alleging CVS/Caremark unlawfully disclosed 4,500 Ohioans’ HIV status in a mailing to participants in a state sponsored medication program. The Court approved a $4.4 million settlement for the impacted patients, who will each receive checks of $525 or more.

In re 21st Century Oncology Customer Data Breach Security Litigation, No. 8:16-md-02737-MSS-AEP (M.D. Fla.): Kaplan Fox is appointed to the Steering Committee in a consolidated case arising out of a 2016 data breach at a cancer treatment center for patients through the United States. The case has survived a motion to dismiss.

In re Horizon Healthcare Services Inc. Data Breach Litigation, No. 13-7418 (CCC) (D.N.J.): We are working as co-lead counsel representing patients in a consolidated alleging that their personal and medical information was unlawfully exposed by their health insurance company when laptops containing their data was stolen from corporate headquarters. The case won a successful ruling at the Third Circuit Court of Appeals, 846 F.3d 625 (2017).

Beckett v. Aetna, et al., No. 2:17-cv-03864-JS (E.D. Pa.): Kaplan Fox represents patients whose HIV status was disclosed in violation of state and federal law in connection with a mailing about their pharmacy benefits. The patients alleged that the unauthorized disclosures to their roommates, friends, and families caused severe disruptions to their personal lives and resulted in emotional distress and discrimination. The Court approved a $17 million settlement to compensate each class member $500, with an opportunity to obtain up to $20,000 more per person.

What should I do if my medial privacy rights have been violated?

If you believe your medical or patient privacy has been violated, please fill out the form below or call 1-844-333-7660 for a free and confidential consultation.