HIPAA experts include individuals who provide expert consulting services to healthcare providers. One common form of consulting services is expert witness testimony. HIPAA experts can serve as expert witnesses in court cases where the issues consist of whether a party did or did not comply with HIPAA law and regulations.

Why are HIPAA Experts Needed?

HIPAA itself does not contain a “private right of action.” This means that an individual or institution that is the victim of a HIPAA Security Rule or HIPAA Privacy Rule breach, may not file a lawsuit claiming money damages on the basis of “HIPAA being violated.”

Do you have an effective HIPAA compliance program? Find out now by completing the HIPAA compliance checklist.

How Does HIPAA Come Up in Court?

Issues of whether a party complied with HIPAA still frequently come up in court cases. Many states have passed consumer privacy and security protection laws. These laws provide a remedy for individuals whose medical privacy has been violated. For example, a state law may allow an individual who is the victim of a data breach, to sue the healthcare organization that committed the breach.

Laws that permit individuals to sue for data breaches impose a “standard of proof” on those individuals. That is, the individual must demonstrate that the healthcare organization breached a legal responsibility duty owed to a plaintiff. Some state laws provide that a healthcare organization has breached a legal duty if it failed to adopt specific security measures A, B, and C. The “standard of proof” in a lawsuit brought under such a law, requires a plaintiff to produce evidence, showing A, B, and C were not adopted. Other state laws may be more stringent. For example, a state may require a plaintiff to prove that a legal duty was breached, by showing that A, B, C, and two additional security measures, D and E, were not taken.

Many state laws use HIPAA itself as the standard of proof. That is, the laws state that if a plaintiff can demonstrate the healthcare organization did not comply with the HIPAA regulations, the healthcare organization has automatically violated state law. Likewise, many state laws provide that if a healthcare organization has complied with HIPAA requirements, the organization will be legally “deemed” to be in compliance with state law. 

Where Do HIPAA Experts Come In?

HIPAA experts with experience in HIPAA expert witness testimony can be called on by either side of the case. A Plaintiff may call a HIPAA expert witness of his or her own. That person must demonstrate to the judge, that by virtue of training, education, and experience, the person is qualified to give an opinion as to whether HIPAA was violated under a given set of facts. A healthcare organization defendant may call a HIPAA expert witness of its own; this person must also be qualified to give an informed opinion as to whether HIPAA was violated under a particular set of facts. Both of the HIPAA experts – the plaintiff’s, and defendant’s, can be cross-examined by the other side. A jury or judge hearing a case will evaluate the testimony of the HIPAA experts, and then make a decision as to whether the plaintiff should prevail in the lawsuit.

Rated #1 on G2

“Compliancy Group makes a highly complex process easy to understand.”

G2 Leader Fall 2024