A Midwestern banker, who also served as a member of his county's health board, cross-referenced a health board's list of patients suffering from various diseases with a list of the bank's customers. He then called due the mortgages of anyone suffering from cancer. In Oregon, computer disks containing the medical records of 365,000 patients were stolen from a car. Along with personal medical information, the records also contained the patients' names, addresses, and Social Security numbers. A Maryland school board member's medical records, revealing that he had been treated for depression, were sent to school officials along with an anonymous note that read, "Is this the kind of person we want on the School Board?" These are just a few of the many recent incidents confirming that breaches of medical privacy occur on a disturbingly regular basis. The nature of the information contained in medical records and the potentially devastating results of improper disclosures make medical privacy violations abhorrent. Medical records contain highly sensitive information, including intimate details about the patient's illnesses, sexually transmitted diseases, genetic abnormalities, drug and alcohol addictions, and mental or psychological disorders. These records also often include information about the patient's financial status, social behaviors, and personal relationships, as well as identifying information like Social Security numbers. Improper disclosure of such sensitive information may subject patients to social isolation, discrimination by employers, or denial of insurance coverage.
Joshua D.W. Collins,
Toothless HIPAA: Searching for a Private Right of Action to Remedy Privacy Rule Violations,
60 Vanderbilt Law Review
Available at: https://scholarship.law.vanderbilt.edu/vlr/vol60/iss1/5