The Metric for Compliance in a Negligence Suit

The previous HIPAA Update News by addressed the Connecticut Supreme Court’s ruling in the Emily Byrne vs. Avery Center for Obstetrics and Gynecology case. That ruling is allowing a case to be heard that is using HIPAA as the metric for compliance in a negligence suit. While HIPAA does not allow for a private cause of action against a Covered Entity or Business Associate for a Breach, the landscape is quickly changing and less direct avenues are being utilized to file suits.

As further evidence of this, last Friday, a $1.4 million verdict was upheld by the Indiana Court of Appeals for an employee’s action resulting in a Breach. The metric of privacy was used to find for negligent supervision and retention and invasion of privacy.

As I previously noted, the concept of HIPAA as the “compliance metric” or “standard of care” for negligence suits continues to gain momentum. Sometimes I hate being right.

Feel free to contact me with any comments or questions. I’m here to help.

Remember that this is not a legal opinion.