HIPAA Lawyer Cleveland, OH

What is a HIPAA Violation?

HIPAA Lawyer Cleveland, OHThe Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. This law addresses a number of legal issues, including the confidentiality of patients’ protected health care information. The HIPAA law sets forth standards for the protection of patients’ information, but also requirements for making those records available to authorized persons. However, the HIPAA law does not include a private right of action. This means that if your HIPAA law rights are violated, the HIPAA law itself does not provide a vehicle for seeking compensation for injuries caused by this violation.

Though the HIPAA law does not provide a private right of action, Ohio common law does. “Common law” is law that is created by judges over time.  Many important legal rights have been created in the common law, such as the right to sue for personal injuries caused by the negligence of another. Ohio common law recognizes that when a health care provider accesses or discloses confidential health care information without authority to do so, the aggrieved patient can sue for money damages. This common-law right is often referred to as the right to privacy.

What Happens When a Health Care Worker Violates my HIPAA Right?

Though the HIPAA law does not provide a private right of action, it sets forth standards that control how the confidential information contained in your medical records must be protected and utilized. For example, the regulations require that hospitals protect your medical records by both training staff about confidentiality, and by implementing physical and technical safeguards to prevent unauthorized access to your medical records.

The HIPAA law also identifies those categories of health care workers who are entitled to access your medical records in the course of providing patient care. Employees of a hospital system are not allowed to access any and all patient records unless they have a medical or business reason for doing so. These rules also extend to outside vendors hired by the hospital to conduct a hospital’s business, such as IT workers and lawyers who engage in debt collection.

Finally, the HIPAA law provides the standards that must be complied with in order for a hospital to release your confidential medical records to an individual who is authorized to obtain those records, such your lawyer or personal representative. The law imposes a fee restriction on hospitals when providing a copy to you, your personal representative or your lawyer. Generally, an individual can obtain a copy of your medical records if you provide them with a signed written authorization that contains HIPAA-compliant language authorizing the individual’s access to your medical records.

When a health care worker, whether a doctor, nurse or clerical worker, accesses your medical information without your authorization, a record of this unlawful access is created in the electronic medical record. Each time an individual accesses your medical record, a log entry is created indicating the accessing individual’s name, the date and time of access, and which portions of the record were accessed. This entry log is called an audit trail. Your privacy lawyer can obtain a copy of both your complete medical record and the audit trail when investigating whether your HIPAA rights have been violated.

In addition, the HIPAA law sets forth regulations that require a hospital to investigate a suspected violation of your rights when that is brought to the hospital’s attention. Generally, it is our recommendation that you contact the hospital immediately upon suspecting that someone has obtained unauthorized access to your medical record or has disclosed your medical information to another without your permission. The hospital’s compliance department will review the audit trail and undertake an investigation to determine whether the individual who accessed your record had a business reason for doing so. The compliance department’s investigation usually includes an interview of the hospital employee who is suspected of unauthorized access, giving them an opportunity to explain why they accessed your medical record. The compliance department’s investigation provides useful documentation in litigation showing that unlawful access occurred.

Once your right to privacy is violated, you have a right to sue for money damages under Ohio law. This lawsuit will be filed in the county court of common pleas where the HIPAA violation occurred.

What Damages Are Recoverable When Someone Violates My Right to Privacy?

The common law pertaining to claims for violation of an individual’s right of privacy in the health care setting is relatively new and unexplored. There are many questions about these claims that have not been answered by the courts. For example, there is no case law published in Ohio that sets forth what damages are recoverable in these actions. In the absence of case law setting forth the parameters for damages, your privacy lawyer can look to other sources for precedent on the measure of damages. These sources might include the common law of other states and aspirational rules established by the Restatement (Second) of Torts, a compendium of proposed legal standards established by a consensus of legal scholars.

In reviewing the laws of other states and the Restatement (Second) of Torts, it seems that the right of privacy is somewhat of a hybrid. It is recognized that a violation of your right to privacy can result in personal injury, specifically emotional distress. However, it is also recognized that your right to privacy is akin to a property interest that has value in its own right. By analogy, the law recognizes that you have a right to your own likeness and personality interest. So, if someone takes your photograph and uses that in an advertisement or mimics your appearance and personality for entertainment purposes, you can sue for this misappropriation of your property rights. Likewise, you can sue for diminution in the value of your right of privacy that occurs when someone accesses or discloses your private information without your permission.

Because claims for violation of the right to privacy are new, there are also few reports of verdicts or settlements in these cases. Generally, hospitals take a dim view on the value of the right of privacy, arguing that no real harm occurs when your private information is disclosed without your authorization. We reject that sentiment. It is our belief that a jury of your peers would be incensed to find out that a hospital has failed to protect your most sacred information or that a hospital worker has obtained unauthorized access to your private health information.

What Can I Expect in Litigation?

In the State of Ohio, when you file a lawsuit in a county court of common pleas, the court will set the case schedule. Generally, it takes about one year from the date of filing a lawsuit until a trial can take place. The schedule varies by county and by judge, so it may be longer or shorter. During the litigation, you will be expected to cooperate with your privacy lawyer in the so-called “discovery process.” Discovery is a term that lawyers use when referring to the procedural rules that govern the litigation process. Lawyers are required by law to share information with each other and to make their clients and clients’ employees available for depositions. A deposition is a formal interview under oath. Depositions are an important part of the litigation process. Discovery is meant to prevent surprises at trial.

Will I Be Responsible For Legal Fees?

In violation of the right to privacy cases, we offer a contingent fee arrangement. Contingent fees are used in situations where an injured party does not have sufficient financial assets to pay a lawyer’s hourly rate. The lawyer will provide legal services without charging an hourly rate. The lawyer will recover his or her legal fees at the conclusion of the case by taking a pre-agreed portion of the recovery as his/her fee. If there is no recovery, the lawyer does not receive a fee or reimbursement of his/her expenses.

Do Time Limits Apply?

Yes.  Under Ohio law, a claim for violation of your right to privacy must be brought within four (4) years of the date on which the violation took place. Since you may not know when the hospital employee accessed your medical record or disclosed confidential medical information without your permission, it is important to contact a privacy lawyer as soon as you suspect that your privacy rights have been violated. If you fail to file a lawsuit within the applicable four-year period, you are time-barred from seeking compensation for injuries caused by the violation of your right to privacy.

Does the Right of Privacy apply Outside of the Health Care Setting?

To date, Ohio courts have only recognized that a right to privacy exists in the health care setting. This right has not been extended to other contexts, but we believe that it can be. For example, if a landlord puts a hidden camera in your apartment and spies on you, this act of voyeurism may constitute an invasion of your privacy for which a claim for money damages can be maintained.  Other types of peeping tom activities, such as use of a two-way mirror or peep hole, would likely give rise to a claim. On the other hand, the use of a nanny cam or surveillance camera for monitoring in the workplace would not likely qualify if placed in an area of the house or workplace where you would not reasonably have an expectation of privacy.

We have received inquiries about whether an employer can obtain copies of medical records or test results as a condition of employment. This question is complicated by the fact that both your privacy interests and federal and state employment laws are involved. Generally, an employer has a right to demand the right to review test results related to Covid-19 testing or drug testing as a condition of employment. The Americans With Disabilities Act imposes some restrictions on how far an employer can go in accessing your health care information. Beyond that, each case must be evaluated on a case-by-case basis.

What Can Mishkind Kulwicki Law Do for Me?

We are privacy lawyers. We handle breach of privacy cases throughout the State of Ohio. The trial attorneys at Mishkind Kulwicki Law have tried over 100 lawsuits and have appeared in 27 of Ohio’s 88 counties, including courts in Akron, Canton, Cincinnati, Cleveland, Columbus, Dayton, Lorain/Elyria, Toledo and Youngstown.  We are licensed in both State and federal court.  Call a HIPAA Lawyer Cleveland, OH residents trust today for a free consultation.