Byrne v. Avery Ctr. for Obstetrics & Gynecology, P.C.
327 Conn. 540, 175 A. 3d 1 (2018)
Premium Feature
Subscribe to Lexplug to listen to the Case Podcast.
Rule of Law:
A healthcare provider in Connecticut has a common-law duty of confidentiality to their patient, and an unauthorized disclosure of confidential medical information can give rise to a tort action for damages unless the disclosure is otherwise permitted by law.
Facts:
- Emily Byrne received obstetrical and gynecological care from the Avery Center for Obstetrics and Gynecology, P.C.
- Byrne was in a personal relationship with Andro Mendoza, which ended in September 2004.
- In October 2004, Byrne specifically instructed the Avery Center not to release her medical records to Mendoza.
- In May 2005, Mendoza filed a paternity action against Byrne.
- The Avery Center received a subpoena from Mendoza's attorney instructing its records custodian to appear in court with Byrne's medical records.
- Without notifying Byrne, filing a motion to quash, or appearing in court, the Avery Center mailed a copy of Byrne's complete medical file to the court.
- Mendoza reviewed the records in the court file and subsequently used the information to allegedly harass and extort Byrne.
Procedural Posture:
- Emily Byrne sued the Avery Center in a Connecticut trial court, alleging negligence and negligent infliction of emotional distress.
- The trial court granted summary judgment for the Avery Center on the negligence counts, ruling the claims were preempted by the federal HIPAA statute.
- Byrne appealed to the Connecticut Supreme Court, which reversed the trial court, holding that state common law claims were not preempted by HIPAA and remanded the case for further proceedings.
- On remand, the Avery Center again moved for summary judgment, this time arguing that Connecticut common law does not recognize a cause of action for breach of patient confidentiality.
- The trial court granted the defendant's motion for summary judgment on this basis.
- The plaintiff, Emily Byrne, as the appellant, appealed this judgment to the Connecticut Supreme Court.
Premium Content
Subscribe to Lexplug to view the complete brief
You're viewing a preview with Rule of Law, Facts, and Procedural Posture
Issue:
Does Connecticut common law recognize a cause of action in tort against a healthcare provider for breaching the duty of patient confidentiality through the unauthorized disclosure of medical records?
Opinions:
Majority - Eveleigh, J.
Yes, Connecticut common law recognizes a cause of action in tort against a healthcare provider for breaching the duty of patient confidentiality. The physician-patient relationship is a fiduciary one built upon trust, and the principle of confidentiality lies at its heart. Public policy, as reflected in state evidentiary privilege statutes (General Statutes § 52-146o) and the federal Health Insurance Portability and Accountability Act (HIPAA), strongly favors the protection of patient medical information. This court joins the majority of jurisdictions that have found that for such a 'palpable a wrong, the law provides a remedy.' Recognizing this cause of action complements, rather than conflicts with, HIPAA by providing an additional disincentive for wrongful disclosures. A subpoena does not grant absolute immunity for disclosure; a health care provider must still act in a manner consistent with the applicable standard of care, which may be informed by HIPAA's procedural requirements, and genuine issues of material fact exist as to whether the defendant's disclosure in this case was proper.
Concurring - Robinson, J.
Yes, this cause of action should be recognized. While courts should exercise restraint in creating new common-law causes of action, which is a role better suited for the legislature, it is appropriate in this instance. The decision does not disturb settled expectations, as the duty of confidentiality is a long-standing ethical and legal principle for physicians. Recognizing this tort complements the policies enacted by the legislature in § 52-146o and by Congress in HIPAA. The overwhelming consensus in other states supports this conclusion, and it would be more unsettling to the public to deny a remedy for such a clear breach of trust.
Analysis:
This decision formally establishes a new common law tort in Connecticut for the breach of physician-patient confidentiality. It definitively resolves that federal HIPAA regulations do not preempt such state-law tort claims and, significantly, allows HIPAA's standards to inform the standard of care in these negligence actions. The ruling puts healthcare providers on notice that they can be held civilly liable for damages for improper disclosures, even when responding to a subpoena, if they fail to follow legally prescribed procedures for protecting patient privacy. This precedent will likely result in more cautious handling of subpoenas for medical records and strengthen patient privacy rights in the state.
