Q&A with Karen Rieger, a director with Crowe & Dunlevy law firm

Medical facilities face fines for patient data breaches
Oklahoman Modified: August 27, 2012 at 7:07 pm •  Published: August 28, 2012

Q&A with Karen Rieger

Medical facilities can face fines

for patient data breaches

Q: There have been recent breaches of patient data at medical facilities. What rights do patients have to the security of their medical records?

A: Many. The federal Health Insurance Portability and Accountability Act limits the ability of health care providers and insurance companies to use and disclose patient health information without the patient's authorization, except as necessary for purposes of treatment, payment and certain health care operations. Oklahoma also has a number of laws and regulations that protect sensitive health information.

Q: What recourse do they have, should that information be leaked?

A: Patients can't bring lawsuits, but violations may be reported to the Office of Civil Rights (OCR), which can impose fines and penalties on health care providers and insurance companies that violate the law. We have seen an increase in enforcement activities by the OCR over the past several years, in light of several well-publicized cases in which health information of celebrities and other high-profile individuals was inappropriately leaked. Patients also may bring a claim based upon invasion of privacy, breach of contract or other legal grounds, depending upon the facts of a particular case.

Trending Now


  1. 1
    Preseason All-ACC team has nine Florida State players
  2. 2
    Sarah Palin bites into 'True Blood' for 'misogynist attacks'
  3. 3
    Foursquare Checks Out of the Check-in Game, Reveals New Logo
  4. 4
    WATCH: Laverne Cox Talks Transgender Issues On 'The View'
  5. 5
    Kansas State coach Bill Snyder eats one meal a day, often Taco Bell
+ show more