Bootstrapping HIPAA Into Breach of Privacy Claim

Jeff Drummond over at the HIPAA Blog reports on a recent North Carolina Court of Appeals decision in Acosta v. Byrum indicating that a private cause of action is not allowed under HIPAA, but that a HIPAA breach is evidence that the standard of care was not met in a common law claim for breach of privacy and negligent infliction of emotional distress.

The decision of the Court states:

. . . Plaintiff contends that no claim for an alleged HIPAA violation was made and therefore dismissal on the grounds that HIPAA does not grant an individual a private cause of action was improper. We agree.

In her complaint, plaintiff states that when Dr. Faber provided his medical access code to Byrum, Dr. Faber violated the rules and regulations established by HIPAA. This allegation does not state a cause of action under HIPAA. Rather, plaintiff cites to HIPAA as evidence of the appropriate standard of care, a necessary element of negligence. Since plaintiff made no HIPAA claim, HIPAA is inapplicable beyond providing evidence of the duty of care owed by Dr. Faber with regards to the privacy of plaintiff's medical records. . .

UPDATE: An interesting followup post on federal preemption under HIPAA and use of HIPAA in intentional infliction of emotional distress type cases prompted by a question from John Dascoli, a West Virginia attorney at The Segal Law Firm and fellow law school classmate of mine.
Tags: HIPAA, privacy, health care, law