Patients Can Not Sue For Breach Of HIPAA Privacy Rule

Posted by donna@healthlawcenterplc.com in Jul, 2018

  The United States District Court is the most recent court to rule on whether a patient has a right to sue a health care provider when the privacy of protected health information is breached.  Consistent with previous court decisions, the U.S. District Court for the District of Columbia concluded that HIPAA does not grant a private right of action for a patient when it dismissed a case brought by patient, Hope Lee-Thomas.  Enforcement of HIPAA violations is limited to the Department of Health and Human Services (HHS) and state attorneys general, not patients.

In the case of Lee-Thomas v. LabCorp,  the patient, while at Providence Hospital in Washington DC, she alleged that the public nature of LabCorp’s medical intake computer station violated HIPAA privacy protections.  Ms. Lee-Thomas filed a complaint with HHS Office for Civil Rights and the District of Columbia’s Office of Human Rights, which both decided not to pursue her claims. On June 15, 2018 Ms. Lee-Thomas’ suit was dismissed.