I recently found out that my sister who works for a physician's office has been accessing my medical records and my husbands at a local hospital here. The hospital has verified this to me and it was confirmed by her practice manager. What should I do in this case? What legal actions can I take? And what are the consequences for her? Thanks, [email protected]

I recently found out that my sister who works for a physician's office has been accessing my medical records and my husbands at a local hospital here. The hospital has verified this to me and it was confirmed by her practice manager. What should I do in this case? What legal actions can I take? and what are the consequences for her? Thanks, [email protected]


It is not wise to post your e-mail. This is a thread, other people read and learn. You will not get private advice at your e-mail address.

What did your sister do with the info - ?

"The DOJ concluded that the criminal penalties for a violation of HIPAA are directly applicable to covered entities—including health plans, health care clearinghouses, health care providers who transmit claims in electronic form, and Medicare prescription drug card sponsors. Individuals such as directors, employees, or officers of the covered entity, where the covered entity is not an individual, may also be directly criminally liable under HIPAA in accordance with principles of "corporate criminal liability." Where an individual of a covered entity is not directly liable under HIPAA, they can still be charged with conspiracy or aiding and abetting.

While HIPAA protects the health information of individuals, it does not create a private cause of action for those aggrieved (65 FR 82566). State law, however, may provide other theories of liability."

What has the employer done about the situation?

She informed other family members of what was going on with me medically. Her office has kept her with a reprimand that I know of and she lost the privilege of the portal in their office.