Nurse Reveals STD Patient to Girlfriend, Man Sues; and More

Wayne J. Guglielmo, MA


May 13, 2013

In This Article

Nurse Reveals STD Patient to Girlfriend, Man Sues

By now, in the evolution of the Health Insurance Portability and Accountability Act (HIPAA) patient privacy guarantees, doctors don't need to be reminded that protected information must be keep secure and confidential. But what kind of legal risk do doctors run if one of their employees fails to abide by the same strict letter of the HIPAA law? That's the question that will be taken up by the New York Court of Appeals, the state's highest court, as a posting on the Website of American Medical News points out.[1]

The underlying case involves a nurse employed by Guthrie Clinic Steuben in Corning, New York. When the nurse learned of a patient's sexually transmitted disease, she sent 6 text messages to the patient's girlfriend, who was the nurse's sister-in-law, about the patient's condition. The patient -- identified in court documents as "John Doe" -- learned about the text messages, called the clinic to complain, and then sued the clinic, despite the clinic having terminated the nurse’s employment. Among other things, the patient claimed that the clinic and several related entities had breached their responsibility under the law to keep his health information confidential.

A trial court dismissed the plaintiff's claims, at which point he appealed to the Second United States Circuit Court of Appeals. This court, in turn, asked the state's highest court to decide the following question: Could a plaintiff sue a medical clinic for breaching his rights to confidentiality when that breach was the result of a nonphysician staff member acting outside the scope of her job duties?

Typically under New York common law, employers are liable for the actions of their employees under 2 conditions: that their conduct was something that should have been foreseen, and that they were acting within the scope of their employment.

Regarding the latter condition, a nurse who, in the process of transmitting medical records to a doctor, accidentally transmits those records to an unauthorized third party would be said to be acting within the scope of her employment. If, on the other hand, she transmitted these same records in order, for personal reasons, to embarrass or defame the patient in question, her employer would not be liable for her conduct.

In asking the high court to certify the question at issue, the appeals court indicated its belief that New York's conditions for employer liability appeared not to be met in this case -- in other words, that the nurse's actions seemed unforeseeable and beyond the scope of her employment. But the plaintiff has countered that "medical clinics and corporations are separately and strictly liable under New York law" -- that is, they can be assigned responsibility for an injury absent proof of fault -- "for breaching their fiduciary duty to keep personal health information confidential."

Experts believe that the high court's decision could have significant implications for future confidentiality cases in New York and beyond.