A man was admitted to a hospital as a psychiatric patient and as part of his treatment, the man disclosed information that he had kept secret from everyone, including his wife whom he was divorcing. Hospital employees improperly accessed the man’s medical records, informed his estranged wife and her divorce lawyer of the man’s hospitalization, and disclosed to them other confidential medical and psychological information about the man.
Two months later the man learned of the unauthorized access and disclosure. He contacted the hospital and requested an audit of his records. He was informed that the hospital had conducted an investigation, determined that there had been inappropriate access to his records, and taken appropriate action.
The man sued the hospital for negligence, outrageous conduct, intentional infliction of emotional distress, negligent infliction of emotional distress, negligent entrustment, breach of confidentiality, invasion of privacy, and punitive damages. The defendants filed a motion to dismiss for failure to state a claim on the basis that the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) preempted the plaintiff’s state-law claims. In the alternative, the hospital argued that the man’s claims fell under the West Virginia Medical Professional Liability Act (MPLA), and should be dismissed for failure to file a notice of claim and screening certificate of merit. The district court granted the defendant’s motion to dismiss on the grounds that the man’s claims were preempted by HIPAA. The district court also held that the claims were not pursuant to the MPLA. Thus, no notice of claim and screening certificate were required.
The man appealed arguing that the district court erred in dismissing his claims as preempted by HIPAA. Specifically, he argued that he did not expressly claim a private cause of action for violation of HIPAA. The hospital argued that the district court correctly inferred a HIPAA claim and that HIPAA preempts the state law claims because the state law claims are contrary to and less stringent than the standards adopted in HIPAA. The hospital cross-appealed arguing that the district court erred in denying its motion to dismiss on the grounds that the man failed to comply with the MPLA.
The Supreme Court of West Virginia held that HIPAA does not preempt state law causes of action for the wrongful disclosure of health care information. The court reviewed a number of cases from other states allowing both statutory and common law causes of action despite HIPAA preemption claims, including a few that found a HIPAA violation could be used either as the basis for a claim of negligence per se or as the source of the standard of care for other civil claims.
The court also held that the plaintiff’s claims were not covered by the MPLA, so the claims should not be dismissed for failing to comply with the MPLA’s filing requirements. The MPLA only applies to health care services rendered or which should have been rendered. The disclosure of health care information to an estranged spouse and her divorce attorney was unrelated to rendering health care services.
See: R.K. v. St. Mary's Medical Center, Inc., 2012 WL 5834577 (W.Va., November 15, 2012) (not designated for publication).