Thank you for sharing!

Your article was successfully shared with the contacts you provided.
The Health Insurance Portability and Accountability Act is raising new legal fears for health care providers in light of tougher government enforcement and recent court rulings that could trigger private lawsuits. Labor and employment attorneys who represent health care providers are especially concerned about the prospect of private HIPAA litigation because the law does not currently provide a private right of action. But plaintiffs appear to be getting around that. They say that courts in recent years have begun letting plaintiffs use HIPAA standards to prove liability in privacy lawsuits alleging that their sensitive medical records were inadequately protected. For example, in Utah, a doctor is facing a lawsuit after an appeals court last year cited HIPAA standards in determining that the physician owed a duty of confidentiality to his patients, and allowed the case to proceed. Sorensen v. Barbuto, 143 P.3d 295 (Utah Ct. App. 2006). In North Carolina, a similar case is pending after an appeals court allowed a privacy claim to proceed based on the standard of care HIPAA establishes for protection of patient medical records. Acosta v. Byrum, 638 S.E.2d 246 (N.C. Ct. App. 2006). “A federal scheme that was specifically designed to not contain a private cause of action is being distorted,” said Jacklyn “Jackie” Ford, a health care and employment lawyer at Vorys, Sater, Seymour and Pease of Columbus, Ohio. Ford believes that plaintiffs “in a backdoor kind of way are creating a private cause of action, which HIPAA doesn’t otherwise permit.” Federal crackdown Meanwhile, it’s not just private litigants that have health care providers on edge about HIPAA. A new federal crackdown on HIPAA violators is also giving them something to worry about, according to attorneys, who note that the federal government is stepping up enforcement of HIPAA. For the first time since HIPAA went into effect in 2003, lawyers say, the government is finally putting teeth into a law that has yielded more than 26,000 complaints, but only four convictions. “This is something that the government is beginning to take seriously,” said Joseph Lazzarotti of Jackson Lewis’ White Plains, N.Y., office, who counsels sponsors of health care plans and health care providers about compliance issues. His latest advice to clients? “I want them to know that HIPAA does really mean something and the government is going to do something about it. What that is, well, it’s more than they were doing yesterday,” Lazzarotti said. Government measures According to the U.S. Department of Health and Human Services, which enforces HIPAA, new enforcement measures include HIPAA compliance audits. In Atlanta, auditors are reviewing records policies and security procedures at an area hospital, and more audits may follow. The department also recently granted its Office of Civil Rights the authority to issue subpoenas in HIPAA investigations. Susan McAndrew, Office of Civil Rights deputy director of health information privacy, said: “We’ve actually investigated close to 7,000 cases . . . and as a rule, what we get back from the covered entities is very good cooperation � even appreciation � for having the opportunity to know that something has potentially gone wrong in their institution, and they get a chance to fix it and get it right.” Additionally, a new HIPAA Web site explains enforcement strategies and educates the public on how to file privacy complaints. “I think there’s a growing amount of anxiety [about HIPAA],” said Daniel Icenogle, a health care law attorney and doctor who counsels physicians and physician groups in Wisconsin. But it’s not just HIPAA that health care providers should be wary of, said Icenogle of Icenogle and Associates in Readstown, Wis. “There are a lot of state laws on the books that are a lot more strict than HIPAA,” he said. “But what HIPAA has done is make everyone aware of the [privacy] issue.” Lazzarotti advises his clients to understand their patient-records systems and know exactly what information is on hand and who has access to it. And then document everything, Lazzarotti said. “One of the things that clients have objected about HIPAA is, ‘Why do we have all these policies and procedures?’ It’s because if you get an audit, you’re going to need to point to something tangible that says, ‘Here’s what we did,’ ” Lazzarotti said. “ You can’t just say, ‘We don’t do that.’ “

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.