The Connecticut Supreme court has ruled that patients have the right to sue healthcare providers for privacy violations and if unauthorized Protected Health Information (PHI) disclosure takes place. Though HIPAA does not permit individuals to sue healthcare providers for HIPAA violations, Connecticut is now the fourth state after New York, Missouri and Massachusetts, to allow patients to file lawsuits against healthcare providers over unauthorized and negligent disclosures of medical records.
This new legal precedent for the state was set by Supreme Court in the case of Byrne v. Avery Center for Obstetrics & Gynecology (ACOG). Emily Byrne sued ACOG for negligence and breach of contract after the provider released her medical records in response to a subpoena issued as part of a separate paternity case filed by her ex-boyfriend seeking custody of her child. Although the subpoena required the “custodian of records” to appear before an attorney, ACOG mailed a copy of Byrne’s medical records to the New Haven Regional Children’s Probate Court. Byrne claimed that after the ex-boyfriend saw the records, he began harassing and threatening her. Byrne sued ACOG, claiming this amounted to negligence and breach of contract, as well as negligent infliction of emotional distress.
Summarized from:
HIPAA Journal: https://www.hipaajournal.com/connecticut-patients-sue-healthcare-providers-privacy-violations/
Elizabeth Snell : https://healthitsecurity.com/news/ct-supreme-court-rules-patients-can-sue-over-phi-disclosure