Medical Corporation is Not Strictly Liable for Release of Patient's Confidential Medical Information
An opinion issued on January 9, 2014 by the New York State Court of Appeals provides guidance in evaluating the liability of a medical corporation for an employee’s unauthorized release of a patient’s confidential medical information. In Doe v. Guthrie Clinic, 224 2014 NY Slip Op 00138 (N.Y. 2014), the Court ruled that under New York law, a medical corporation was not strictly liable for an employee who, acting outside of the scope of employment, released confidential medical information.
In Doe, the plaintiff went to the medical clinic to receive treatment for a sexually transmitted disease. A nurse employed by the clinic recognized the plaintiff as the boyfriend of the nurse’s sister-in-law and accessed his medical records. The nurse then sent text messages to her sister-in-law informing her of the plaintiff’s condition.
The plaintiff filed an action in federal court against the clinic and various other affiliated entities alleging multiple causes of action, including breach of fiduciary duty to maintain the confidentiality of personal health information. The United States District Court for the Western District of New York dismissed the claims and the plaintiff appealed to the United States Court of Appeals for the Second Circuit. The Second Circuit found that the nurse’s actions were not foreseeable to the defendants and that the nurse’s motive for disclosing the confidential information was outside the scope of employment. The Second Circuit affirmed the dismissal of all but one of plaintiff’s appealed claims. The Second Circuit reserved decision on plaintiff’s claim of breach of fiduciary duty and certified a question to the New York State Court of Appeals. The question asked whether New York recognized a common law right of action for breach of a fiduciary duty of confidentiality against medical corporations under the facts presented.
The New York State Court of Appeals, in a six to one majority opinion, answered the question in the negative. While the plaintiff urged the Court to impose absolute liability on the medical corporation for the release of the confidential medical information, the Court declined to do so. The Court stated that a medical corporation’s duty of safekeeping a patient’s confidential medical information is limited to those risks that are reasonably foreseeable and to actions of its employees taken within the scope of employment.
The Court recognized that a medical corporation may be held liable for an employee acting outside the scope of employment under theories of negligent hiring, supervision, or other forms of negligence. The Court reasoned that those potential claims created sufficient incentive for medical providers to put in place appropriate procedures to safeguard confidential medical information. The Court found that those causes of actions were already dismissed by the federal courts and that there was no need to address them.
If you require further information regarding the content of this alert, please contact David B. Cabaniss, Chair of our Professional Liability Practice Area, at (518) 429-4279 or firstname.lastname@example.org.
- New Cybersecurity Regulations May Apply to Companies that do Business with NYS Chartered Or Licensed Banks, Mortgage Bankers, Insurance Companies and Others
- New York State Department of Financial Services Finalizes Cybersecurity Regulations
- Insurance Agent Held Not Liable for Alleged Failure to Obtain Flood Insurance Coverage