The patient sued the physician for negligence to get around a federal ruling against direct HIPAA privacy lawsuits.
A North Carolina appeals court ruling suggests an alternate route patients may take to sue physicians for HIPAA violations, in spite of a 2006 federal decision that essentially closed the door on lawsuits brought directly under the privacy statute, experts warn.
The plaintiff in the case, Heather D. Acosta, was an employee and a patient at a psychiatric clinic, according to court records. She sued the clinic’s owner, David R. Faber II, MD, in May 2005 for giving his medical records access password to an office manager. That person later disclosed Acosta’s confidential information to a third party without her consent.