The court stated a medical corporation “may also be liable in tort for failing to establish adequate policies and procedures to safeguard the confidentiality of patient information.."In Doe v. Guthrie, the Second Circuit Court of Appeals dismissed a patient’s claim against a medical corporation for alleged breach of fiduciary duty based on a non-physician employee’s unauthorized disclosure of confidential medical information. It did so because the NY State Court of Appeals answered the following certified question in the negative: “Whether, under New York law, the common law right of action for breach of the fiduciary duty of confidentiality for the unauthorized disclosure of medical information may run directly against medical corporations, even when the employee responsible for the breach is not a physician and acts outside the scope of her employment.”
- Workplace Privacy Data Management & Security Report
Despite the ruling in this case, the court stated a healthcare organization “may also be liable in tort for failing to establish adequate policies and procedures to safeguard the confidentiality of patient information or to train their employees to properly discharge their duties under those policies and procedures,” thus healthcare organizations must be cautious.
Inadequate policies and procedures to protect patient information could expose organizations to damages in these kinds of suits, as well as penalties under HIPAA. One procedure organizations can utilize is proactive detection of patient data privacy breaches with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Employee’s Unauthorized Texting of Confidential Health Information May Impose Employer Liability - SOURCE_NAME_AND_DATE