There are a variety of types of claims for breach of the right to privacy. These arise under various States’ laws. As with any personal injury lawsuit, you will need to consult your States’ laws for specific rules. Generally, a person’s right to privacy is a property interest similar to an individual’s right to their own likeness. A violation of the right to privacy occurs when an individual accesses or discloses confidential information about you without authorization to do so. Often, the right to privacy is implicated when discussing an individual’s protected health care information. However, a right to privacy also exists when an individual has a reasonable expectation that they are engaged in an activity in a private setting.
Both federal and state law regulate a person’s right to privacy in the health care setting. Under federal law, the Health Insurance Portability and Accountability Act (HIPAA) regulates the use, maintenance and transfer of an individual’s protected health information. The HIPAA law was enacted simultaneously with federal funding of electronic medical records throughout the hospital industry. The federal law provides specific requirements for protecting such health care information, including training requirements for hospital employees, as well as physical and technical safeguards.
Unfortunately for patients, however, the HIPAA law does not include any private right of action. This means that when there is a HIPAA violation, there is no civil penalty or recourse such as a lawsuit included in the law which will allow an aggrieved patient to recover from the hospital for its breach of the law. This is truly a law without teeth. Aggrieved patients must look to their own State’s law to determine whether a private right of action exists independent of the HIPAA law.
State common law may recognize several claims that may apply to a hospital’s breach of a patient’s right of privacy. For example, hospitals owe a fiduciary duty to each of their patients. Any misuse of a patient’s protected health information might be characterized as a breach of fiduciary duty. Likewise, state common law may recognize a claim for breach of the right to privacy. Finally, if information is used with the intent to embarrass the patient, a claim for intentional infliction of emotional distress may arise.
The law pertaining to misuse of a patient’s health information is often unsettled. Some important issues remain unresolved in various States’ courts. For example, what is the measure of damages? In addition, if a hospital employee is trained regarding proper use of healthcare information but nonetheless misuses a patient’s protected information for their own purposes, can the hospital be held liable? Finally, does the HIPAA law preempt State law that provides a private remedy for violations of the HIPAA law? The last question is the subject of a case pending in the Ohio Supreme Court. Again, other States law might treat these issues differently. When a State’s law does not directly address questions pertaining to violation of the right to privacy, we look to other resources such as the Restatement (2nd) of Torts and the law of other jurisdictions.
In addition to the right to privacy arising out of the doctor-physician relationship and duties owed by all healthcare workers to patients, a reasonable expectation of privacy exists in the setting of the privacy of one’s home or residence, whether temporary or permanent. For example, an individual staying at a hotel has a reasonable expectation that their activities within the hotel room, after the door is closed, are private and not the subject of videotaping or other surveillance. Likewise, a tenant would not expect that the landlord has placed a nanny cam or other surveillance device inside the rental property. In fact, monitoring an individual’s activities in the setting of the privacy of their home or other residence might be considered a crime, commonly known as voyeurism or a “Peeping Tom” law.
A related issue arises with wiretapping. State law varies regarding when one individual may record a conversation taking place over a phone or via an Internet connection. Some States require both parties to the conversation to give permission to one another for the communication to be recorded. Other States permit lawful recording when one party to the conversation so chooses. In yet other States, certain categories of individuals are allowed to record private communications, while others cannot. For example, it is considered unethical in the State of Ohio for a lawyer to record a conversation with a client without that client’s knowledge and consent.
Each State has a statute of limitations that sets a deadline for filing a lawsuit arising out of a violation of an individual’s right to privacy. You must check your own State’s laws to determine the applicable statute of limitations. Failure to file a lawsuit within the statute of limitation results in a time bar which precludes recovery of compensation for injuries caused by the violation of your right to privacy. You should contact a personal injury lawyer in Cleveland, OH, such as from Mishkind Kulwicki Law Co, LPA, as soon as you are aware that your rights have been violated so that the lawyer can advise and protect you.