On July 17, 2012 Dept. of Health and Human Services Secretary Kathleen Sebelius announced that a national survey of office-based physicians reports that most of those who have adopted electronic health record (EHR) systems are satisfied with their system and say it has improved patient care. Federal agencies have recognized that “it is impossible to overstate the importance of confidentiality” of health information.
Ensuring the security of protected health information (PHI) in an entity’s health IT system requires instituting measures to guard against unauthorized use and disclosure of PHI.
Lawsuits involving the unauthorized disclosure of confidential medical records are on the increase. It is critical for attorneys to understand the potential theories of liability and defenses, and for physicians, insurers, and employers to be aware of their exposure to liability.
 |
Attorneys:
Counsel must develop a list of facts and circumstances that demonstrates proof that a healthcare provider breached a common law duty of confidentiality owed to a patient, which may be based on a breach of a fiduciary duty, a breach of a contractual duty, or an invasion of privacy.
|
 |
Physicians:
Physicians must consider this litigation checklist when presenting a defense to a claim that the physician breached a common law duty of confidentiality owed to a patient.
|
 |
Insurers:
The insurer should review the following aspects of its procedures for collecting, maintaining, and releasing confidential health information of insured persons and consider how they impact the insurer's potential liability.
|
 |
Employers:
In the case of a hospital that could be considered the employer of a physician, nurse, or other worker who discloses a patient’s confidential medical information, the hospital should be concerned with possible respondeat superior liability for inappropriate or unauthorized disclosures or breaches of the security of electronic medical records.
|