Published on:

Unauthorized Disclosure of Medical Records

recordsIn the electronic world we find ourselves in, many records from a variety of sources have gone digital.  In an effort to streamline and increase efficiency, records ranging from office visits to business transactions are scanned in for easy dissemination.  Additionally, records from offices are sometimes shipped to third parties for copying and scanning if a particular office does not have the capacity to do so.  While this may not have any real implication for some documents- when it comes to highly sensitive information such as medical records, litigation has boomed.

In some situations patients have been apprised by hospitals, clinics, or doctors’ offices that there has been an unauthorized disclosure of their medical records.  Sometimes this comes in the form of requested medical records being sent to the wrong office, or an office receiving the wrong medical records, or even a mistake as to a name.  For instance, if Jane Doe (born in 1967) requests her medical records and she receives the medical records belonging to Jane Doe (born in 1990)- there has been an unauthorized access of medical records.  Medical records contain some of our most highly personal, sensitive, and confidential information- and as such- when those records are disseminated without our permission, this can be actionable.

Under M.G.L. Chapter 214 § 1B:

A person shall have right against unreasonable, substantial or serious interference with his privacy.  The superior court shall have jurisdiction in equity to enforce such right in connection therewith to award damages.

The intent of the law as been characterized to protect information that is highly personal or of an intimate nature.  For purposes of the statute, any purported inference with privacy must be unreasonable.  If it is trivial or insubstantial, it will not be prohibited by the statute.

Additionally, another cause of action exists under HIPPA.  The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) established federal privacy protection for medical records, including records and information that relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.  HIPAA limits the dissemination and use of personal information about patients by health-care providers. The patient medical record privacy requirements under HIPAA apply to “covered entities.” HIPAA defines “covered entity” to include health plans, health-care clearinghouses, and health-care providers that transmit health information in electronic form.

In the event that an unauthorized access of medical record dissemination occurs, a potential plaintiff may want to pursue the organization under the Consumer Protection statute as well.  Under the statute, unfair methods of competition and unfair or deceptive acts or practices in the conduct of any trade or commerce are hereby declared unlawful.  This may benefit an injured person as the statute allows for treble damages and allows for a plaintiff to recover attorney’s fees and costs associated with the case.

If you or a family member have been injured, or have been a victim of the disclosure of your protected health information, our office may be able to help. Whether the complained of activity resulted in physical injury or severe emotional distress, our office would be happy to speak with you.  To schedule a free consultation with lawyer Daniel Cappetta, call our office today at (508) 969-9505 or fill out or contact form available on the right side of this page