Q: Data governance liability of hospital to patient
Does hospital have liability to patient for integrity and security of patient's records? NOT counting CMIA (or HIPAA)
What statutes define corporate liability in this respect - if applicable? What kind of legal theory is applicable?
Lawyers, want to be a Justia Connect Pro too? Learn more ›
- California
- (916) 704-3009
- View Profile
- Answered
A:
Under California law, hospitals have a duty to maintain the integrity and security of patient records, even apart from specific statutory requirements like CMIA (the Confidentiality of Medical Information Act) or HIPAA. This duty arises from a few key legal principles and theories:
1. Fiduciary Duty: The relationship between a hospital and patient is considered a fiduciary one, meaning the hospital has a heightened duty of care, loyalty, and confidentiality to the patient. Failing to properly secure patient records could be a breach of this fiduciary duty.
2. Negligence: If a hospital fails to take reasonable steps to protect patient data and a patient is harmed as a result (e.g. by identity theft or the disclosure of sensitive information), the hospital could be liable under a general negligence theory. The hospital would be expected to adhere to industry standards for data protection.
3. Implied Contract: When a patient provides information to a hospital, there is an implied understanding that the hospital will protect that information. Failure to do so could be considered a breach of this implied contract.
4. California Constitution: Article 1, Section 1 of the California Constitution includes privacy as an inalienable right. Improper disclosure of medical records could potentially violate this constitutional right to privacy.
5. Unfair Competition Law (UCL) - California Business and Professions Code § 17200: If a hospital's data practices are considered "unfair" or "fraudulent," it could face liability under the UCL, which allows for broad consumer protection actions.
6. Data Breach Notification Statute: California Civil Code Section 1798.82 requires businesses, including hospitals, to disclose any breach of the security of computerized data that includes personal information. Failure to properly notify could lead to liability.
So while there may not be a single comprehensive statute defining corporate liability for data governance in hospitals (outside of CMIA and HIPAA), there are several key legal principles in California that would likely make a hospital liable to a patient if it failed to properly maintain the integrity and security of patient records. The applicability would depend on the specific circumstances of the data breach or mishandling.
Justia Ask a Lawyer is a forum for consumers to get answers to basic legal questions. Any information sent through Justia Ask a Lawyer is not secure and is done so on a non-confidential basis only.
The use of this website to ask questions or receive answers does not create an attorney–client relationship between you and Justia, or between you and any attorney who receives your information or responds to your questions, nor is it intended to create such a relationship. Additionally, no responses on this forum constitute legal advice, which must be tailored to the specific circumstances of each case. You should not act upon information provided in Justia Ask a Lawyer without seeking professional counsel from an attorney admitted or authorized to practice in your jurisdiction. Justia assumes no responsibility to any person who relies on information contained on or received through this site and disclaims all liability in respect to such information.
Justia cannot guarantee that the information on this website (including any legal information provided by an attorney through this service) is accurate, complete, or up-to-date. While we intend to make every attempt to keep the information on this site current, the owners of and contributors to this site make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained in or linked to from this site.
