I believe my local health clinic violated HIPAA. What can I do?

Asked over 1 year ago - Cadillac, MI

I recently received a letter form the clinic stating, "A medical assistant viewed your record and saw your name, contact information, and the results of a test ... The employee disclosed this information to a member of his household."

Attorney answers (3)

  1. Barry Franklin Poulson

    Contributor Level 20

    1

    Lawyer agrees

    Answered . You can file a complaint with the clinic or governing agency. The clinic has already disclosed to you what it discovered, and may have taken disciplinary action against the employee.

    We do not have a client/attorney relationship until you make an appointment, we discuss your case face to face, I... more
  2. Alan James Brinkmeier

    Contributor Level 20

    2

    Lawyers agree

    Answered . The federal agency in charge of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 (HIPPA) is the Health and Human Services Department. The complaint mechanism for a person to follow is to go about filing a complaint with the federal Health and Human Services department if you have experienced a HIPPA violation. The federal HIPAA statute does not provide anyone, including any person, with a private cause of action in the courts. This means that even for a violation by your doctor or other medical personnel, a person cannot bring a lawsuit. A person may, however, use the complaint mechanism by filing a complaint with the federal Health and Human Services department. That HHS Department can and may follow up on a reported HIPAA violation. Complaint forms are available on the Internet.

  3. Martha Ann Knutson

    Contributor Level 11

    2

    Lawyers agree

    Answered . The letter you got is an indication that the clinic is doing what it is supposed to under the law - part of which is notify you when a "breach" of your information occurs. They are also required to tell the Office for Civil Rights mentioned in my colleague's answer. So you can file a complaint but it will just (hopefully) "meet up" with the report from the facility. OCR will require the facility to demonstrate how it has fixed the problem - they won't do anything in addition just because of your complaint unless there are additional facts that you provide to them.

    It is possible that there is a common law claim under Michigan law for some sort of damages relating to loss of privacy, but you'd need to hire a lawyer there to analyze this under the facts and circumstances of your case. If you didn't know about the breach until you got the letter, it doesn't sound like you have had special damages arising from this (loss of a job, loss of something else), which would probably be necessary to get an attorney interested in working on your behalf unless you are willing to pay up front for his/her services.

    This response is intended to provide general information, but not legal advice. The response may be different if... more

Can't find what you're looking for? Ask a Lawyer

Get free answers from experienced attorneys.

 

Ask now

29,811 answers this week

3,150 attorneys answering

Ask a Lawyer

Get answers from top-rated lawyers.

  • It's FREE
  • It's easy
  • It's anonymous

29,811 answers this week

3,150 attorneys answering