When you go to a hospital, medical clinic or doctor’s office, they ask you’re to sign several forms.  One of those forms is probably a HIPAA Release Form.  HIPAA stands for the Health Insurance Portability and Accountability Act.  The law seeks to establish privacy standards to protect a patient’s medical records and personal information about his/her health.

Not only does a medical provider have to protect your private health information, but also it must protect your private personal information – like your name, address, phone number, emails, etc.

What About the Form?

The HIPAA consent form you signed typically authorizes the healthcare provider to release information to other medical professionals and insurance companies.  HIPAA was put into place to prevent the unlawful distribution of your information, without specific authorization from the patient.  Sometimes it is called a breach of fiduciary duty.

Unfortunately, improper disclosure of private health and personal information occurs on a daily basis.  HIPAA violations occur with a high level of frequency.  Information about your health is extremely personal.  Medical providers are, and should be, held to a high standard of care when it comes to protecting your privacy.

If a provider fails to protect your personal or medical information, they may have committed a public disclosure of private information or HIPAA violation.  When this happens, you can’t necessarily sue because the provider violated HIPAA rules, but you can use the rules as proof of negligence.  In other words, I can’t approach the hospital and tell them that I’m going to sue them based on a HIPAA violation.  You actually sue based on the negligent action that caused the violation.

Don’t let this legal-speak confuse you.  There can often be grounds for suing a hospital or medical office if it can be proven that a violation took place, especially if that unauthorized sharing can be shown to have caused damages to a person and or their reputation.

Your Next Steps

What’s important to remember is that HIPAA is there to protect you.  If you suspect that your personal or medical records were released without your authorization, or were used in an unauthorized manner, you should consult an attorney.  There’s a chance that you may not be the only one who’s been harmed by the medical provider.  Typically, the improper disclosure is due to a greater problem within the company such as improper procedures or lack of internet security.

The information you provide and what is discussed between you and your doctor often involves extremely personal and sensitive issues.  That doctor, the office staff and the institution have a specific duty to keep that information private.  After all, wasn’t it they who required you to sign the HIPAA form and what seemed like a hundred other documents in the first place?