While no Georgia Court has held that a violation of HIPAA can be used as evidence to support a state law claim for violation of privacy, many courts in other states have held it can.  See Acosta v. Byrum, 180, NC App. 562 (2006).  Furthermore, Georgia Courts have repeatedly held that federal regulations can be used as evidence to support a state law negligence claim.  See Cardin v. Telfair Acres of Lowndes County, Inc., 185 Ga. App. 449 (1990).  Thus, it is likely that when this issue is decided, a Georgia Court will allow the use of HIPAA regulations as evidence supporting a claim for invasion of privacy.

The case of Byrne v. Avery Center for Obstetrics & Gynecology, P.C., 314 Conn. 433 (2014) is instructive for the dangers of HIPPA violations supporting state law invasion of privacy claims.  In Byrne, the patient instructed the medical provider not to release her records to a specified third-party.  The third-party served a subpoena on the medical provider.  The medical provider produced the records without informing the patient or making any objection.  The Court held that the plaintiff could use the HIPAA regulations concerning the release of records pursuant to subpoena to support a state law invasion of privacy claim.  Thus, while plaintiff cannot bring an action for breach of HIPAA, the plaintiff can accomplish the same goal by bringing a state law claim for invasion of privacy based on a violation of HIPAA.  Therefore, medical providers should be aware that breaches of HIPAA can ultimately, although indirectly, expose them to liability.

By: Richard Tisinger, Jr.