In a decision that is likely to send a chill across the spectrum of health care providers, the Connecticut Court of Appeals recently upheld an $853 thousand jury verdict in favor of a woman whose medical records were transmitted, without the patient's permission, by a healthcare provider to the probate court where they became publicly accessible. The Court of Appeals did not disturb the jury's rejection of the provider's defense that the harm was proximately caused by the probate court rather than the provider when those patient records ended up in a public file.
The underlying dispute arose out of a paternity suit, during which the plaintiff's former partner subpoenaed the plaintiff's gynecological records from her physician. The gynecology center failed to notify the plaintiff of the subpoena and, instead, sent the records directly to the probate court in response to the subpoena.
The medical provider admitted that it had breached its own privacy policy and breached its obligation to maintain the confidentiality of the plaintiff's medical records under HIPAA. However, at trial, the plaintiff argued that its actions were not the proximate cause of the plaintiff's injuries because the probate court should not have made the records public. But for a clerk's error, the provider argued, the records would not have been accessible by the general public.
While the appellate decision focused on the trial court's decision limiting the testimony of the provider's expert, a former probate court judge, the takeaway for medical providers is clear. Transmitting patient health records without consent is fraught with danger. Providers must put procedures in place to ensure that the confidentiality of patient health records is preserved and protected—even in situations that may seem harmless.