Provided by:  Jennifer Kirschenbaum, Esq.

October 16, 2018


Hi Jennifer, 

We sent a patient the wrong form which contained PHI on it.  The patient who received it is trying to hold it over my head.  Do I have exposure?

Thanks, Dr. D


You may have exposure by not addressing the "disclosure" promptly and properly.  Steps must be taken to mitigate the exposure; for instance, have the patient who received confirm it is now destroyed and was not shared.  If the patient is not cooperative, do not worry, HIPAA protects against this exact scenario by not affording individuals a "private right of action".  Meaning, the patient who received cannot hold this over your head by saying he/she will sue and you will end up paying in court.  The patient could report you to the office of the professions, which would set off some potential headaches, but doing so would not benefit the patient in any capacity because that patient has no legitimate right of recovery - just the right to report...   

Related to this - Breach! reporting at the end of the year; under 500 and you have to report within 60 days.  

Let us know if you have any questions, or if you need a legal internal assessment for any potential breach.  


Every NYS Employer (no matter the size) is required to have Sexual Harassment Policies and Train NOW. 
Order Policies and Training here:

Learn about the law and what you need by watching our Free webinars: 
Webinar 1: CLICK HERE NYS Free Sexual Harassment Policies: Employer Beware (overview in 6 minutes) 
Webinar 2: CLICK HERE NY Sexual Harassment Training Requirements: Protecting Your Business from your Employees