Class Action Lawsuits and HIPAA
Individuals cannot file a private right of action under HIPAA. That is, HIPAA does not authorize individual lawsuits against covered entities or business associates, where the complaint is a HIPAA violation. However, in many states, individuals can file class action lawsuits for HIPAA violations. This is why class action claims were brought under the laws of the different states in which the plaintiffs reside.
21CO HIPAA Data Breach Lawsuit
In 2016, three proposed HIPAA data breach lawsuits were filed against 21CO. These complaints were consolidated into a single case. In the single class action HIPAA data breach lawsuit, the plaintiffs, 14 individuals filing on behalf of a nationwide class, alleged that 21st Century Oncology:
- Failed to secure patients’ sensitive and confidential data entrusted to them, including full names, Social Security numbers, physicians’ names, medical diagnoses, treatment information, and insurance information.
- Failed to secure, protect, and encrypt the PHI of the 2.2 million individuals, thereby making them vulnerable to misuse of their data.
- Made plaintiffs vulnerable to having fraudulent tax returns filed in their names; to stolen identities; and to medical fraud.
The plaintiffs in th