Unlike many other states' privacy laws, California's Confidentiality of Medical Information Act "allows patients to bring an action against any entity that has negligently released individually identifiable medical information, seeking minimum damages of $1,000, with no proof of actual damage required," according to Brian Kabeteck, founder and managing partner of Kabeteck Brown Kellner LLP, the law firm representing plaintiffs in the suit.
"California...allows patients to bring an action against an entity that has negligently released individually identifiable medical information, with no proof of actual damage required." - Brian Kabeteck, attorneyKabeteck points out this makes these actions much easier to pursue and that suits like this show there are repercussions for not protecting patient information. This case is also a reminder to business associates about the importance of safeguarding electronic protected health information (ePHI). Business associates and their subcontractors are directly liable for compliance with the HIPAA Omnibus Rule, with fines up to $1.5 million per violation, and vendors could face civil suits related to breaches. To proactively detect breaches of patient data, hospitals and their business associates can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Stanford Breach Lawsuit Settled - www.iHealthBeat.org, 03/24/2014