Visitor Question

Legal recourse for stolen information?

Submitted By: A (Durham, NC)

I received a letter from the health system, where my daughter is a patient, informing me that an unencrypted thumb drive with her personal information was stolen in July of this year.

Although they claim her social security # was not included in the stolen information, I still have concerns that her name, medical record #, physician’s name, and location of visit has been stolen and not recovered.

It is especially alarming that this thumb drive WAS NOT encrypted as I understand it is standard operating procedure at this hospital to encrypt all patient information on any technological device. Here’s the news story:

So my question is, do I have any legal recourse in regard to violation of HIPAA laws and patient information being stolen? Thanks.

Disclaimer: Our response is not formal legal advice and does not create an attorney-client relationship. It is generic legal information based on the very limited information provided. Do not rely upon the information in our response, or anywhere else on this site, when deciding the proper course of a legal matter. Always get a personalized case review from a local attorney.


Dear A,

While there is an argument a HIPAA violation occurred, unless you can prove the Duke Hospital Administration acted negligently, or with a wonton disregard for the probability your daughter’s medical information would be disseminated, your daughter doesn’t likely have a viable claim.

Moreover, HIPAA does not specifically permit individuals to sue covered health entities. Rather, covered entities who violate HIPAA are subject to stiff fines and penalties from the Federal Government.

For there to be a HIPAA violation, your daughter’s health information would have had to be electronically, and without her authorization (or yours, if she is a minor), disseminated to third parties. The theft of the thumb drive, while unfortunate, may have been beyond the hospital’s ability to effectively control.

For a better understanding of HIPAA and its relation to your daughter’s incident, go to the U.S. Dept of Human Services website.

The above is general information. Laws change frequently, and across jurisdictions. You should get a personalized case evaluation from a licensed attorney. Find a local attorney to give you a free case review here , or call (888) 647-2490.

Best of luck,

Published: September 3, 2014

How Much is Your Injury Claim Worth?

Find out now with a FREE case review from an attorney…

  • Your Accident
  • Your Claim
  • Contact Info
  • Your Evaluation
array(1) {
  object(WP_Term)#1942 (11) {
    string(35) "Legal Recourse for HIPAA Violations"
    string(11) "page_id_227"
    string(12) "icc_qa_group"
    string(0) ""
    string(3) "raw"
    string(3) "123"

Leave a Reply

Your email address will not be published. Required fields are marked *