What will New York Court of Appeals protect: your Medical Records from Disclosure or Hospitals from Liability?

Filed in Health Law, Privacy by on April 21, 2013 0 Comments

Judge with GavelDoctors and other healthcare providers are charged with an ethical duty to maintain patient confidentiality and protect sensitive medical information from an unnecessary disclosure.

Such duty is based on an individual’s right to privacy and on the general principle that people seeking medical help should not be hindered or inhibited by fear that their medical conditions will become known to others. Such assurance is necessary in order for the doctor to provide proper treatment.

AMA’s Code of Medical Ethics states that the information disclosed to a physician during the course of the patient-physician relationship is confidential. Hippocratic oath states “I will respect the privacy of my patients, for their problems are not disclosed to me that the world may know.”

Neither AMA’s ethical guidelines nor Hippocratic oath, however, is binding by law.

So to what extent can we really trust that out private information will not be shared with the rest of the world? Under the existing law such assurance seems to be quite vague.

HIPAA, for example, prohibits healthcare providers from disclosing personal health information. Healthcare providers seem to strictly adhere to the Act (sometimes overzealously). Similarly, New York Public Health Law § 4410 imposes a duty upon healthcare providers to maintain confidentiality of patient treatment records.

These statues, however, do not create a private cause of action, which means that if your health information was improperly disclosed to third parties you can’t go to court and sue a healthcare provider for a violation of the statute. Both statues mainly provide a standard under which doctors and hospitals should operate.

Therefore, if you are in New York and your medical information has been disclosed, your only remedy is a common-law claim of breach of fiduciary duty of confidentiality, which springs from the implied covenant of trust and confidence that is inherent in the physician patient relationship, and the breach of which is actionable as a tort.

But in an unexpected twist, which the Court Of Appeals  is scheduled to address, these common law protections could soon be effectively eviscerated.

Under the common law doctrine of respondeat superior an employer is vicariously liable for the actions of its employees, but only when they commit a negligent act within the scope of their employment and in furtherance of an employer’s business. Thus, if a hospital employee accidentally sends your medical records to your neighbor, the hospital will be liable for this act. But what would happen if a nurse looked into your medical chart, learned that you have an STD and called your girlfriend to inform her about it? In this scenario she does not act within the scope of her employment; she commits a willful wrong motivated by personal interest. Will the hospital be liable and should it?

The Appellate Division, Third Department recognized that a reliance on the traditional doctrine on respondeat superior in such a case will render protection of medical information a nullity because in most cases wrongful disclosure would be made outside of employee’s scope of employment. In Doe v. Cmty Health Plan-Kaiser Corp. (709 N.Y.S.2d 215 (3d Dep’t 2000)) the  court has explained that a corporation always acts through its agents, servants and employees and should be directly responsible if patient’s confidences are breached.

The Second Circuit recently declined to follow this one precedent in Doe v. Guthrie Clinic, LTD. and on March 25, 2013, certified the issue to the New York Court of Appeals.

If the Court of Appeals rules that the corporation should be liable, the ruling will dramatically expand the doctrine of respondeat superior. Such an expansion may very well be justified in the light of the high sensitivity of medical information, but when the law creates one exception there is always the risk of going down the slippery slope.

If the Court, on the other hand, adheres to the traditional doctrine, the protections afforded to patients’ healthcare information will continue to be limited, and if our medical information that the hospital is under the duty to protect appears on facebook the hospital may simply wash its hands of any responsibility.

Tags: , , , , , , ,

About the Author ()

Leave a Reply

Your email address will not be published. Required fields are marked *