The disclosure of health information, contrary to the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), can impose significant liability on the disclosing business organization or person. Claims alleging such liability should be reported promptly to all liability insurers, because such claims may be covered by insurance.
A business specializing in the electronic safekeeping of medical records made such a report to its insurer after the business was sued in a class-action asserting claims for negligence, gross negligence, breach of warranty, breach of contract, and injunctive relief. The plaintiffs in that case alleged that, upon performing a “Google” search of their respective names, they discovered that their confidential medical records, in the business’ custody and control, were accessible, viewable, printable, and downloadable from the Internet.
A federal court rejected the attempt by the insurer of the business to escape coverage of the class action because the business’s commercial general liability policies contained endorsements enhancing the scope of “personal injury” coverage to include the electronic publication of material that discloses information about a person’s private life. Travelers Indem. Co. of Am. V. Portal Healthcare Solutions, LLC, 35 F. Supp.3d 765 (E.D. Va. 2014) aff’d., ___ Fed.Appx. ___, 2016 WL 1399517 (4th Cir., Apr. 11, 2016).
If you are in a business or a professional that stores electronically the private or confidential information of your customers, patients or clients, such as health care facilities, physicians, attorneys, accountants, and financial services companies, try to make certain that your liability insurance is at least as broad as the insurance policies Travelers sold to Portal Healthcare Solutions. Insurance, however, may not cover the defense of and the liability for HIPAA violations charged by the U.S. Office of Civil Rights, the federal agency charged with enforcing HIPAA.