HIPPA Violation

[proud_parent]

Posting hx is a doozy.

 

[swalsh411]

PLEASE just give ME the ANSWER I want TO HEAR. It is A LOT of WORK to TYPE like THIS!

 

[Proserpina]

PLEASE just give ME the ANSWER I want TO HEAR. It is A LOT of WORK to TYPE like THIS!

I just snorted water everywhere.

Srsly.

 

[I'mTheFather]

PLEASE just give ME the ANSWER I want TO HEAR. It is A LOT of WORK to TYPE like THIS!

Thanks for the belly laugh!!!

 

[Adam G]

This thread seriously has gone as far as it can. If you think there has been a HIPAA violation, report it per the appropriate website - it's easy to Google. There will be no financial pay off for you though, even if there WAS a violation (which there isn't).

Damages are set by statute. Although an individual cannot file his/her own lawsuit for violation of HIPAA, he/she can share in the recovery of a case brought by the state or feds. Similar to a qui tam action, if you're familiar.

http://www.hallrender.com/health_care_law/library/articles/1085/033009___Enforcement_after_the_Recovery_Act.pdf&pli=1

 

[ecmst12]

There are no damages provided for by the HIPAA statute. A violating entity can be FINED by the HIPAA board (though that rarely if ever happens) but it's not compensation and the "victim" gets nothing. If you haven't actually read the HIPAA law, please refrain from commenting on things you know nothing about.

Besides that THIS WAS NOT A HIPAA VIOLATION. Nothing that happened here is related, in any possible way, to HIPAA.

 

[Adam G]

There are no damages provided for by the HIPAA statute. A violating entity can be FINED by the HIPAA board (though that rarely if ever happens) but it's not compensation and the "victim" gets nothing. If you haven't actually read the HIPAA law, please refrain from commenting on things you know nothing about.

At the risk of sounding like zigner, you might want to "try to keep up" with changes in the law:



State Attorney General Enforcement.

Prior to HITECH, the Secretary was the sole enforcement agency for civil violations of HIPAA. Now, under HITECH, state attorneys general are authorized to bring civil actions against persons who violate HIPAA if the attorney general has reason to believe that the violation threatens or adversely affects any resident of the state. The attorney general must file the action in the United States District Court for the appropriate jurisdiction, and must provide the Secretary with prior notice of the action, where feasible. The Secretary will have the right to intervene and be heard in the action, and to file petitions for appeal. The state attorney general cannot bring an action as long as an action for the same violation is pending by the Secretary.

State attorneys general may impose injunctions against further violations of HIPAA, as well as monetary damages of up to $100 per violation, with a cap of $25,000 for all violations of an identical standard in a calendar year. In considering the amount of damages, the court, like the Secretary, may consider the nature and extent of both the violation and the harm caused by the violation. A person found liable may also be required to pay the attorney fees and court costs incurred by the state in bringing the action.

These provisions of HITECH also became effective upon the passage of the Act. Therefore, covered entities should be cognizant of this additional enforcement mechanism, particularly in states where attorneys general have shown a propensity for actions against health care entities.

Sharing of Penalties with Persons Harmed.
Under HIPAA, individuals do not have a private right of action, i.e., the right to sue covered entities for breaching their obligations under HIPAA. HITECH does not create a private right of action, but it does give financial incentives to complainants. Individuals who are harmed by HIPAA violations may now be able to share in any monetary penalties or settlements collected as a result of those violations. This is similar in concept to qui tam relators, who often are the initiators of cases alleging fraud in the health care industry. While these provisions became effective for any HIPAA violations occurring after February 17, 2009, the Secretary has up to three (3) years to issue a regulation establishing a methodology by which the monetary penalties or settlements will be shared.

These provisions will make it more enticing for individuals to allege HIPAA violations. Covered entities should use this as an opportunity to improve the manner in which they respond to and handle HIPAA complaints so as to minimize the incidence of claims reported to the Secretary or state attorney general to the extent possible.

http://www.hallrender.com/health_care_law/library/articles/1085/033009___Enforcement_after_the_Recovery_Act.pdf

 

[ecmst12]

Which of course is STILL irrelevent because a HIPAA violation has not occurred.

 

[Adam G]

Which of course is STILL irrelevent because a HIPAA violation has not occurred.

That wasn't what I was responding to. All I know is the guy who said you cannot recover anything from a HIPAA violation was wrong.

 

[ecmst12]

Find a situation where it has ever actually happened.

 

[Adam G]

Find a situation where it has ever actually happened.

Not sure what that has to do with anything or why you can't use Google, but the state AG's have been slow to use their new authority in this area. This is due to several factors, one of which is that the states are broke and can't afford to prosecute these cases. Only Vermont and Connecticut have taken a stab at it (as of September 2011). I'm not sure if the finders fee we're talking about is public record or not.

http://www.iwatchnews.org/2011/09/20/6666/state-attorneys-general-not-leaping-embrace-hipaa-enforcement

 

[ecmst12]

It's not something that anyone should EXPECT to occur even if they have experienced a violation outside of EXTREME cases where tangible damages were suffered, it's not a normal part of enforcement of the law. No one should file a HIPAA complaint expecting to get something in their pocket.

 

[tranquility]

All I know is the guy who said you cannot recover anything from a HIPAA violation was wrong.

Sigh. You forgot one part:

Individuals who are harmed by HIPAA violations may now be able to share in any monetary penalties or settlements collected as a result of those violations.

Damages from privacy violations are compensible. Not damages from not-violations are not. That the state can sue in the damaged stead isn't really that interesting if it isn't happening. Saving attorney fees is the point of the change, not creating rights/damages.

And, while we talk about damages, how was the OP(other person) damaged by the purported HIPAA violation?

 

[Adam G]

It's not something that anyone should EXPECT to occur even if they have experienced a violation outside of EXTREME cases where tangible damages were suffered, it's not a normal part of enforcement of the law. No one should file a HIPAA complaint expecting to get something in their pocket.

I never said anybody should. The data breaches have to be extremely widespread in order for the case to have monetary value.

OP should contact the Secretary of HHS to report it anyway if he believes there was a breach. Even if there isn't any money coming his way, the Feds happily throw people in prison for seemingly minor violations of HIPAA. I ran across one case in the past few minutes where a cardiothoracic surgeon at UCLA did four months in the federal pen for merely looking at the records of somebody else's patient without authorization. Hard to believe.

Tranquility was correct, investigate the med mal angle.

 

[Adam G]

Sigh. You forgot one part:
Damages from privacy violations are compensible. Not damages from not-violations are not. That the state can sue in the damaged stead isn't really that interesting if it isn't happening. Saving attorney fees is the point of the change, not creating rights/damages.

And, while we talk about damages, how was the OP(other person) damaged by the purported HIPAA violation?

I have no idea if it was a violation or not. I didn't say that it was and I wasn't responding to OP.