California Medical Privacy Attorney

Was Your Private Medical or Health Information Exposed?

Every day, insurance companies and health care providers lose protected medical information through careless acts, such as emailing third parties’ medical information or sending your personal information to third parties without any encryption or protection. Potter Handy’s attorneys have been instrumental in protecting privacy rights.

Having your private matters become public knowledge can be a terrifying experience, and while the federal government may focus more on widespread, large-scale data breaches, individual leaks can affect your life far more profoundly. If you believe your doctor has disregarded your right to privacy, it is a good idea to speak to an experienced legal professional.

Patient privacy violations and data breaches often involve records and patient information maintained by:

  • Pharmacies
  • Health insurance companies
  • Hospitals & clinics
  • Government health plans, such as Medicare & Medicaid
  • Treatment & therapy centers
  • Insurance companies
  • Nursing homes & treatment centers

A variety of different laws and regulations protect patients’ privacy, both at the state and federal levels. Our medical privacy attorneys represent those whose rights may have been violated under laws such as:

California Confidentiality in Medical Information Act

California’s Confidentiality in Medical Information Act requires that health care providers, HMOs, and other health care contractors obtain patients’ written authorization before disclosing medical information, with some exceptions. It also requires that these entities establish procedures to ensure the confidentiality of patient medical records and health information in their possession and that they properly dispose of any medical record information in a way that preserves patient confidentiality. California law states that if your medical information is disclosed or released by your insurance company, health care provider, or even your employer, without your permission, you are entitled to a minimum of $1,000 in damages, plus attorneys’ fees and costs.

FTC Health Breach Notification Rule

The Federal Trade Commission (FTC) has established the Health Breach Notification Rule, which requires certain businesses not covered by HIPAA to notify their customers and others if there is a breach of unsecured, individually identifiable electronic health information. Under the FTC’s Rule, companies that have had a security breach must: 1) notify everyone whose information was breached; 2) notify the FTC; and 3) notify the media, in some cases. Businesses that violate the Health Breach Notification Rule may be subject to a civil penalty of up to $16,000 per violation.

California law requires a business or state agency to notify any California resident whose unencrypted personal information, as defined, was acquired, or reasonably believed to have been acquired, by an unauthorized person. (You can read the law here: California Civil Code s. 1798.29(a) for state agencies and California Civ. Code s. 1798.82(a) for businesses).

Experience You Can Count On

If you were notified that your medical information has been breached, let our experienced medical privacy attorney evaluate your case.

Call (415) 534-1911 or email us to schedule a free, confidential consultation.