Individuals do not have the right to sue healthcare providers under the Health Insurance Portability and Accountability Act simply because their personal information was compromised, a federal judge recently ruled.
Bobbi Polanco, whose daughter had been treated at a hospital working with Omnicell Inc., brought the suit. She argued that her personal data, and that of her daughter, had been stored on a laptop stolen from an Omnicell employee in 2012, and that she suffered injury as a result of the theft. Omnicell provides medication and medication delivery systems to hospitals and long-term care facilities.
Individuals do not have a right to bring lawsuits to enforce HIPAA, as this is the responsibility of the Health and Human Services Department, according to the Dec. 26 ruling from Judge Noel L. Hillman.
Hillman also dismissed the argument that Polanco was harmed because her distrust of Omnicell and hospitals that used Omnicell forced her to seek care for her daughter elsewhere. Expenses “incurred in anticipation of future harm” do not establish standing to bring a lawsuit of this kind in federal court, he wrote.
Because the judge dismissed the case without prejudice, the plaintiff is free to refile in state court.