When you purchase insurance or seek medical treatment, you entrust far more than your health to someone else. Along with the responsibility to treat or insure you, those with sensitive personal information have an obligation to protect it.
The damage can come when someone steals information that can help commit identity theft. Healthcare providers and insurance companies often have information like your Social Security number and bank account. Criminals use that information to steal your identity, use it to run up enormous debt in your name, and destroy your credit.
Federal and California laws provide accountability for those who fail to adequately protect your information. The government can fine them. What matters to you is that you can receive financial compensation for the inconvenience and risk you face. You can file a lawsuit through medical data breach lawyer against the party who compromised your information.
After a Medical Data Breach, The Kazerouni Law Group Can Help
The Kazerouni Law Group can assess your legal options following a medical data breach. In many situations, we can file a lawsuit to get compensation and justice for you. We are a leading consumer protection law firm with a track record of delivering results for our clients. Our legal team has grown to become one of the largest and most respected consumer protection law firms in the nation, and we have recovered more than $750 million for consumer plaintiffs who suffered harm.
Call us today to schedule your free initial consultation so that you can learn more about your legal rights and our services. We pride ourselves on providing excellent customer service to anyone who contacts our law firm for help. Never delay in seeking a case evaluation from our team.
The Healthcare Data Security Situation Has Deteriorated
The Department of Health and Human Services Office of Civil Rights (OCR) publishes summaries of reported data breaches.
The HIPAA Journal compiles statistics based on these reports. Healthcare data breaches have increased substantially. We recently saw the most healthcare data breaches in the 12 years since OCR began compiling statistics. Data breaches have since declined slightly but they remain high. In total, OCR identified 5,150 data breaches reported over 12 years.
Hackers Cause Most Data Breaches
It does not matter how the breach occurred. You can hold the medical provider liable for failing to protect your data.
Recently, the causes of data breaches have shifted. In the past, careless providers lost your records. Alternatively, someone may have stolen physical records.
Now, hackers cause data breaches. They either want to steal your data so that they can commit identity theft, or they want to hold the medical provider’s system hostage in a ransomware attack. Recently, two ransomware attacks made the list of the top five largest ransomware attacks of all time.
Hacking is the most common cause of data breaches. Unauthorized access and disclosure is another leading cause.
Another disturbing trend is the increasing average number of patients affected by each data breach. The average number of patients who had their data stolen is approaching 150,000.
California Has Seen Large Medical Data Breaches
California has seen several high-profile medical data breaches in recent years. In February 2023, a ransomware attack against the Heritage Provider Network exposed the sensitive personal information of 3.3 million patients. The hacker had infected the provider’s network with malware. While the breach occurred on December 1, 2022, the provider did not notify patients for two months (violating California laws described below).
All Heritage offered to affected patients was one year of credit monitoring services. While Heritage made cybersecurity upgrades after the attack, it was too late for the patients who had their data stolen.
The provider faced several class action lawsuits after the data breach because they allegedly failed to follow the law about protecting medical information.
HIPAA Dictates What Someone Must Do When They Have Your Data
HIPAA imposes requirements for healthcare data security. You likely hear this law mentioned every time you visit the doctor’s office. Medical providers need to follow HIPAA or suffer severe consequences.
HIPAA rules apply to the following covered entities:
Health plans
Medical providers
Healthcare clearinghouses
There have been numerous instances in which medical data breaches exposed patients’ sensitive data. In the past several years, ransomware attacks spiked, as cryptocurrency makes it easier for hackers to receive undetectable payments.
How HIPAA Rules Protect Your Data
Congress often gives an agency the power to issue rules and regulate under the law. Here, the Secretary of Health and Human Services makes the rules that those who possess your sensitive data must follow. Here, HHS published two major rules that affect how offices must safeguard your sensitive data.
The Privacy Rule sets standards to protect your medical information. The rule requires appropriate safeguards to protect the privacy of protected health information. There are also limits and conditions on how offices can use your information and whether disclosures may occur without express authorization.
The Security Rule is what is extremely important in a data breach. There are national standards that offices must follow to protect your information. These standards put into practice the requirement to safeguard your protected health information. Covered entities must follow the standard to protect data.
While HIPAA imposes legal requirements on healthcare providers, the statute does not give you a private right of action. You cannot sue a covered entity under HIPAA. Nonetheless, you can use the failure to follow HIPAA to support your lawsuit to make it a stronger case.
However, you are not without legal options. You can still file a lawsuit against the healthcare provider for not adequately protecting your private data. You might file a lawsuit under state law, as each state has its laws on data privacy that healthcare providers must follow.
California Law Also Protects Your Medical Data
In California, Section 1280.15 of the Health and Safety Code governs how healthcare providers must protect confidential information. The law imposes a categorical requirement for covered entities to protect your data. The law says:
“A clinic, health facility, home health agency, or hospice…shall prevent unlawful or unauthorized access to, and use or disclosure of, patients’ medical information.”
If there is a data breach, the covered entity has 15 business days to report the breach to the California Department of Public Health. In addition, the covered entity has the same 15-business-day requirement for reporting the data breach to you.
The entity needs to follow numerous requirements when they report the breach to you. They must give you the notice in writing. The provider must report additional information to you as it becomes available. CDPH can fine the provider for not meeting these requirements.
Under California law, the CDPH can issue rules that implement the statute. The agency defines a breach as “each individual instance of unlawful or unauthorized access to, use, or disclosure of a specific patient’s medical information.” The lawyers at the Kazerouni Law Group have detailed knowledge of healthcare privacy laws and regulations, and courts interpret them in lawsuits.
You Might File a Lawsuit After a Medical Data Breach
When your sensitive data has been compromised, you are at risk for a lifetime. You never know when you will be the victim of identity theft. At any time, you might notice someone emptied your bank account or destroyed your credit. Knowing that bad guys have your personal information can cause stress, anxiety, and distress.
The Kazerouni Law Group can help you file a class action lawsuit against the company that failed to protect your data. Medical data breach lawsuits are often filed as class action lawsuits because scores of people have suffered the same harm as you. Class action lawsuits join individual plaintiffs in one case under the theory that the whole is larger than the sum of the parts.
Common Allegations in a Medical Data Breach Lawsuit
Lawsuits against those who failed to protect your data may allege that:
Covered entities have willfully, recklessly, or negligently failed to take and implement adequate and reasonable measures to protect your data.
The entity was well aware of the risk of data breaches in light of the increase in these incidents but did nothing to invest in data security.
The covered entity failed to follow the data security procedures from the Federal Trade Commission or HIPAA.
The covered entity breached an implied contract with you in which they promised to protect your medical data.
Winning your lawsuit is not a certainty. The mere fact that a breach happened is not enough to make the defendant legally responsible for what happened. Plaintiffs will have to show some type of negligent (or reckless) conduct or that the medical provider failed to follow HIPAA. If you can prove a HIPAA violation, you can hold the defendant liable under the rule of negligence per se.
Damages in a Medical Data Breach Lawsuit
In a medical data breach lawsuit, you might seek these damages:
Compensation for the costs of dealing with the data breach
Payment for the time that you have spent on the data breach
Emotional distress and anxiety from knowing that someone else has your data
If your case goes to court against an extremely negligent or reckless medical provider, you may seek punitive damages. Punitive damages are rare, but their prospect often frightens defendants in lawsuits.
Class action settlements can result in substantial financial compensation for you. The largest class action settlement was in response to the biggest medical data breach ever. Anthem Healthcare had to pay $115 million to settle a lawsuit.
Once the class action lawsuit settles, you can claim your share of compensation. The amount you receive depends on what you have endured personally and the number of claimants.
Settlements are usually on a per-patient basis. There have been some lawsuits where patients have received thousands of dollars in a settlement agreement. You will often receive money to cover the expenses you incurred due to the breach and for some of the time you spent dealing with the situation. If criminals stole your identity, you can receive more money to compensate for the harm you suffered.
You Need a Lawyer for a Medical Data Breach Lawsuit
Class action lawsuits for medical data breaches are about two things:
Overcoming any defenses that the responsible entity may raise in response to your lawsuit
Negotiating with the defendant for the maximum possible compensation
At The Kazerouni Law Group, we know that data breach victims have legal rights and more power than they think when suing healthcare providers. We will take advantage of that as your case progresses. If we negotiate a settlement on your behalf, we will drive a hard bargain, knowing that the responsible party may not want to go to court.
You cannot afford to be without a medical data breach lawyer. Our consumer protection attorneys are hard-hitting advocates for you as we work to hold the responsible party accountable for their failure to protect your information. We will learn what the covered entity did or did not do and file the lawsuit on your behalf.
Contact a Medical Data Breach Lawyer Today
When you need a tough and aggressive lawyer to take on a large company, contact the attorneys at The Kazerouni Law Group. You can schedule a free consultation with us to discuss your case. You can send us a message online or call us today at (949) 612-9999. We charge you nothing unless you win your case, and we can give you the peace of mind you deserve following a medical data breach.