Two HIPAA Decisions

Posted on January 25, 2006 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I had been getting some searches on the site for HIPAA Lawsuits or HIPAA cases and it started me thinking about what might be out there. Sure enough I found some interesting info in another HIPAA Blog.

Here’s the 2 points I took from these 2 HIPAA cases:
there’s no private cause of action against a covered entity for a HIPAA violation
This is good for those organizations to know that they can’t be sued for one person’s carelessness(or direct violation). At least that’s my understanding from what was written. It did say that Rite Aid could have a breach of privacy and negligence claim brought against them. I think this is what we are really mostly wondering about. I guess we’ll have to see how the courts work it out.

The second point was a parent trying to get a child’s counseling records. Essentially they weren’t able to do that. It looked like there good be a few state loopholes so that might be something of concern, but overall it seems like the court upheld the privacy of the patient from the parent. While I think it’s appropriate it is sad to think that so many parents would need to go to these extremes to get information on the child(pardon the social commentary).

I must admit that reading this information makes me glad I’m not a lawyer and confirms my current opinion that HIPAA is a necessary evil.