Legal recourse for stolen information?
I received a letter from the health system, where my daughter is a patient, informing me that an unencrypted thumb drive with her personal information was stolen in July of this year.
Although they claim her social security # was not included in the stolen information, I still have concerns that her name, medical record #, physician's name, and location of visit has been stolen and not recovered.
It is especially alarming that this thumb drive WAS NOT encrypted as I understand it is standard operating procedure at this hospital to encrypt all patient information on any technological device. Here's the news story:
So my question is, do I have any legal recourse in regard to violation of HIPAA laws and patient information being stolen? Thanks.
Information provided in our response is NOT formal legal advice. It is generic legal information based on the very limited information provided. Under no circumstances should the information in our response, or anywhere else on this site be relied upon when deciding the proper course of a legal matter. Our response does NOT create an attorney-client relationship. Always
get a formal case review
from a licensed attorney in your area.
ANSWER for "Legal recourse for stolen information?":
A (Durham, NC):
While there is an argument a HIPAA violation occurred, unless you can prove the Duke Hospital Administration acted negligently, or with a wonton disregard for the probability your daughter's medical information would be disseminated, your daughter doesn't likely have a viable claim.
Moreover, HIPAA does not specifically permit individuals to sue covered health entities. Rather, covered entities who violate HIPAA are subject to stiff fines and penalties from the Federal Government.
For there to be a HIPAA violation, your daughter's health information would have had to be electronically, and without her authorization (or yours, if she is a minor), disseminated to third parties. The theft of the thumb drive, while unfortunate, may have been beyond the hospital's ability to effectively control.
For a better understanding of HIPAA and its relation to your daughter's incident, go to the U.S. Dept of Human Services website.
The above is general information. Laws change frequently, and across jurisdictions. You should get a personalized case evaluation from an attorney licensed in your state. Find a local attorney to give you a free case review here, or call (888) 647-2490.
Best of luck,
P.S. Please help us out by sharing this site...