If you are the victim of a HIPAA violation, determining the right next step is not always easy. Federal HIPAA laws are complex and difficult to understand, and the federal Department of Health and Human Services does not provide victims with legal advice. Victims of HIPAA violations in California have unique rights and remedies that are available in addition to the protections provided by federal law. If you have been the victim of a HIPAA violation in California, this guide will give you an overview of what to do next.
Individuals who suspect that their health records may have been disclosed, especially by a medical provider, should take these steps:
- Good Notes. Adequate notes should be taken about the incident, the names/titles of the nurses, doctors, or other practitioners who were involved with the disclosure. The notes should specify the date/time of visits, what exactly happened, whether the practitioner became aware of the unauthorized disclosure, what the victim said and did to notify the practitioner or treatment facility, and what measures were taken to rectify the disclosure, if any. Information on whether a treatment facility is a repeat offender is also helpful.
- Privacy Policies. The patient should obtain a copy of all privacy policies, written consent forms, releases, and all other information the patient was asked to sign by the perpetrating medical treatment facility. These documents will help determine whether the medical provider has sufficient controls in place to protect against the unauthorized disclosure of sensitive information.
- Practices/Procedures. Even if the privacy policies exist, they may not be enforced. The victim should pay close attention to whether other staff in the treatment facility demonstrated any concern when reporting unauthorized disclosures. A lack of regard for privacy concerns of patients could indicate general office sloppiness, and ultimately, the lack of any enforcement of privacy policies.
- Consult with a Privacy Lawyer. Armed with good notes and documentation, individuals who are the victim of unauthorized disclosures should contact a privacy attorney familiar with the rules governing confidential health records. The attorney will be able to give the patient an overview of the legal rules, their rights, and options.
Unfortunately, doctors, nurses, assistants, and other practitioners are not perfect, and sometimes mistakes happen. Fortunately, California’s laws offer victims of unauthorized disclosures some means of rectifying the errors.
California law protects victims of breaches of privacy and provides them with an avenue for recovery against perpetrators. The California Confidential Medical Information Act provides plaintiffs with a private right of action against medical providers that disclose their medical information without authorization. With two offices in Los Angeles and Beverly Hills, California, Axis Legal Counsel represents clients in numerous types of privacy violations, including HIPAA/medical information violations, violations by doctors,medical care providers, schools, and employers, violations of name, likeness, and image, right of publicity claims, online / internet privacy violations, and numerous others.
* * *
For information on retaining Axis Legal Counsel to represent you or provide you with legal advice with respect to a privacy violation, contact firstname.lastname@example.org or call (213) 403-0130 for a confidential consultation.