Although HIPAA provides for civil and criminal penalties against those who improperly disclose an individual's health information, "the law specifically indicates that the Secretary of HHS shall pursue the action against an alleged offender, not a private individual." Logan v. Dep't of Veterans Affairs, 357 F. Supp. 2d 149, 155 (D.D.C. 2004) (dismissing HIPAA claim involving testimony regarding federal employee's mental health because HIPAA provides no private right of action); see also Johnson v. Quander, 370 F. Supp. 2d 79, 99-101 (D.D.C. 2005) (dismissing HIPAA claim involving disclosure of DNA information because no private right of action exists under HIPAA). No federal court "has ever found that Congress intended HIPAA to create a private right of action." Swift v. Lake Park High Sch. Dist., 2003 U.S. Dist. LEXIS 18684, No. 03-C5003, 2003 WL 22388878, at *4 (D.C.Ill. Oct. 21, 2003) (quoted in Dominic J. v. Wyo. Valley W. High Sch., 362 F. Supp. 2d 560 (M.D. Pa. 2004)); see also O'Donnell v. Blue Cross Blue Shield of Wyo., 173 F. Supp. 2d 1176, 1179-80 (D. Wyo. 2001); Univ. of Colo. Hosp. Auth. v. Denver Publ. Co., 340 F. Supp. 2d 1142 (D. Colo. 2004).

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1764/26#26