May 27, 2018

May 25, 2018

Subscribe to Latest Legal News and Analysis

Connecticut Recognizes New Cause of Action for Breach of Patient/Physician Confidentiality

Based on the decision in a recent Connecticut Supreme Court case, patients may now sue physicians for breaching confidentiality. Previously, Connecticut did not recognize breach of confidentiality as a cause of action. The unauthorized disclosure at the heart of Byrne v. Avery Center for Obstetrics and Gynecology, P.C. involved a provider’s response to a subpoena. Subpoena compliance has long been an area of confusion for providers. After Byrne, not only must providers pay special attention when responding to subpoenas but now they must also worry about broader breach of confidentiality claims by patients.

In Byrne, the state Supreme Court concluded that the unauthorized disclosure of confidential information obtained in the course of the physician-patient relationship for treatment purposes gives rise to an action for breach of duty of confidentiality.

The patient in Byrne instructed that her OB/GYN not release any of her information to her ex-boyfriend. The ex-boyfriend later filed paternity actions in two states and issued a subpoena to the provider for the patient’s medical records. The subpoena instructed the provider to send a custodian of records to the regional probate court with the records. Instead of appearing in person with the records, filing a motion to quash or notifying the patient of the request and seeking her permission, the provider simply mailed the records to the court. The court clerk inserted the records in the public court file, which allowed the ex-boyfriend full access to the patient’s records. According to the patient, after her ex-boyfriend viewed her records, he began to harass and threaten her.

In reaching its conclusion that the patient could sue a physician for breach of confidentiality, the Court relied on a number of factors including a state statute that grants privilege to physician/patient communications without providing any penalty for violations (Conn. Gen. Stat. § 52-146o) and the decisions by numerous other states to recognize such a cause of action. Although the Court did not outline elements for this new cause of action or provide other guidance as to the conduct that the plaintiff must prove to be successful in her cause of action, it pointed to an earlier decision in which it explained that HIPAA "may be utilized to inform the standard of care" if a breach of duty of confidentiality cause of action existed.

Notably, while the decision addressed only the physician/patient relationship, state courts likely will apply the reasoning in Byrne to other health care providers because Connecticut statutes recognize a number of other classes of providers as having a confidential relationship with patients. Such providers include psychiatrists, psychologists, social workers, licensed marriage family therapists, and domestic violence /sexual assault counselors among others. See Conn. Gen. Stat. §§ 52-146c et seq.

What Does This Mean For Health Care Providers?

This decision means that HIPAA and state privacy law compliance is more important than ever before. Specifically, a breach of protected health information ("PHI") under HIPAA can now subject providers to private lawsuits for a breach of a duty of confidentiality. It may also mean that providers that fail to follow internal policies or procedures regarding privacy could be sued for a breach of duty of confidentiality.

In addressing this new legal risk, understanding how to handle subpoenas should be a top priority. The following must be clear to everyone handling subpoenas: a subpoena alone does not permit the disclosure of PHI. The patient’s written authorization or a specific court order must accompany a subpoena. While HIPAA permits the disclosure of PHI in response to subpoenas under other limited circumstances, it is not required and in light of the Byrne decision, it is not advisable.

In addition, providers need to assess compliance with privacy laws generally, including HIPAA, and step-up compliance efforts across their organizations. This includes compliance with state and federal laws that provide more protection than HIPAA, such as laws that apply to mental health, HIV/AIDS and substance abuse records. It is likely that compliance with these laws will be the measuring stick for determining whether a provider breached a duty of confidentiality in a lawsuit brought by a patient.

© Copyright 2018 Murtha Cullina

TRENDING LEGAL ANALYSIS


About this Author

Dena Castricone, Murtha Cullina Law Firm, Privacy and Cybersecurity Attorney
Partner

Dena M. Castricone is a member of the Long Term Care and Health Care practice groups.  She is the Chair of the Privacy and Cybersecurity practice group and the Chair of the firm’s Pro Bono Committee.  Prior to joining Murtha Cullina, Dena served as a law clerk to the Chief Justice of the Rhode Island Supreme Court, Frank J. Williams.

Dena’s long term care and health care clients compete in a constantly evolving industry, facing both rising administrative and regulatory burdens and shrinking reimbursement rates. She helps skilled nursing centers, physician groups, home health and...

203-772-7767
Stephanie Sprague Sobkowiak, Murtha Cullina, physician group attorney, health care industry legal counsel, hospital regulation compliance lawyer
Partner

As the co-chair of the firm's Health Care practice group, Ms. Sobkowiak represents health systems, hospitals, physicians, physician groups and other clients in the health care industry.  Her practice includes assisting those clients with a wide range of compliance, regulatory, managed care, risk management and reimbursement issues, including fraud and abuse, payor contracts, medical staff and credentialing matters, Certificates of Need and HIPAA and related security breaches. 

Ms. Sobkowiak has experience assisting health care clients with a wide variety of contracts, from physician and physician extender employment agreements to service agreements and medical staff bylaws and related documents. She has negotiated numerous managed care agreements and counseled clients on a variety of issues related to payor relationships. She has also worked with physicians and other practitioners involved in matters before the Department of Public Health and with other health care providers involved in a variety of Medicare/Medicaid matters. She has lectured on meaningful use of electronic health records and general medical records issues as well as various other CMS and state law requirements.

Beginning her legal career as an associate in the firm's Corporate and Health Care Departments, Ms. Sobkowiak also worked with Jeffers Cowherd P.C. where she practiced health care as well as promotions and marketing law. Her promotions and marketing practice includes client counseling, contract negotiation and preparation of sweepstakes and contest rules, including campaigns run through social media.

Ms. Sobkowiak received her B. S. summa cum laude from the University of Delaware and received her J.D. from Boston College Law School.

203-772-7782
Daniel Kagan, Murtha Cullina, health care attorney, regulatory compliance lawyer, reimbursement issue legal counsel
Associate

Mr. Kagan is an associate in the Health Care Group of Murtha Cullina.  He represents hospitals, physicians and other health care clients with a wide range of regulatory, compliance, risk management and reimbursement issues.

Prior to joining Murtha Cullina, Mr. Kagan clerked for the Honorable Lubbie Harper, Jr. and the Honorable Joseph H. Pellegrino of the Connecticut Appellate Court. 

Mr. Kagan received his J.D. with honors from the University of Connecticut Law School where he was a Notes and Comments Editor ...

203-772-7726