Atlanta HIPAA Violation Lawyer

With more than a decade of experience securing settlements for clients in all manner of medical cases, Marks Law Group has the knowledge and drive to provide legal counsel on even the most complicated cases.  If your privacy rights guaranteed under HIPAA regulations have been violated, contact our Atlanta HIPAA Violation Lawyer for a free case consultation.   

What is HIPAA?

While the majority of medical malpractice cases involve physical harm to a patient due to a medical mistake or negligence, there are others that come about from a violation of the patient's right to privacy.  The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that limits the disclosure of medical information by medical providers in the United States.  HIPAA is supplemented in the state of Georgia by state level laws that manage privacy and medical records.  These laws are incredibly important due to the private and potentially sensitive nature of personal medical information. 

Any unauthorized release of this information can cause a broad range of significant damages to an individual including public embarrassment, family conflict, and employment issues.  With the laws we have in place protecting individual from these sorts of releases, violations of HIPPA or it's local equivalents, can have major consequences.  If you have suffered violations of your privacy rights by a hospital worker or other health care professional or company, contact a knowledgeable HIPAA lawyer at Marks Law Group to go over your legal options.  

Were Your HIPAA Rights Violated By an Employer?

HIPAA was passed federally in 1996 and requires medical providers within the country to follow certain privacy rules and guidelines set in place to protect individuals from the unauthorized disclosure or use of protected health information (PHI).  In general, the groups that fall under the purview of HIPAA are not allowed to use or disclose any PHI without your express permission.  Whether or not your employer has violated your rights as outlined in HIPAA depends on a number of factors, most notably whether or not they are considered a covered entity under the law, and on the circumstances in which they used or obtained your health information.  


HIPAA-covered entities are essentially anyone providing health care or managing payments for health care, such as health insurance companies, healthcare providers, and health care clearinghouses.  Based on this, the majority of employers do not automatically fall into the category of "covered entities".  That being said, employers who offer health care clinic operations, act as middlemen between employees and health care providers, or offer an employer-sponsored ERISA group health plan must follow the HIPAA guidelines for maintaining privacy.  With this in mind, your employer may have violated your HIPAA rights if it leveraged its position as the group health plan manager or clearing house in order to access your PHI. 

What Qualifies as Protected Health Information?

PHI is health information in any form, including physical records, electronic records, or spoken information, that includes individual identifiers.  

The 18 individual identifiers that make health information PHI are:

  • Names
  • Dates, except year
  • Telephone numbers
  • Geographic data
  • FAX numbers
  • Social Security numbers
  • Email addresses
  • Medical record numbers
  • Account numbers
  • Health plan beneficiary numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers including license plates
  • Web URLs
  • Device identifiers and serial numbers
  • Internet protocol addresses
  • Full face photos and comparable images
  • Biometric identifiers (i.e. retinal scan, fingerprints)
  • Any unique identifying number or code

The inclusion of any of these identifiers in a medical record make it PHI, and therefore subject to HIPAA compliance.  Conversely, removing these identifiers from a medical record will change it's status to de-identified PHI, and that record will no longer be subject to HIPAA rules.

Filing Complaints about Potential HIPAA Violations

Suspected violations of HIPAA rules should be reported to the Department of Health and Human Services' Office for Civil Rights (OCR).  Reports must be submitted to the department within 180 days of the discovery of any HIPAA violation. 

Related Content: Negligence Lawyer

Any complaints received and substantiated by OCR may result in action being taken against the covered entity.  What that action entails is dependent on multiple factors, including the nature of the violation, the extent of the violation, the number of individuals impacted, whether there have been multiple violations of the HIPAA Rules, and if the violation is ongoing or has been identified by the covered entity and voluntarily corrected. These actions may include financial penalties for the offending party.

In cases where there are allegations of criminal violations of the HIPAA legislation, such as theft of medical records, or use of patient data for personal profit, complaints may be referred to the Department of Justice.  Additionally, complaints of HIPAA violations can be submitted to professional boards (eg the Board of Medicine or the Board of Nursing) and to the state attorneys general.  

The first thing to do if your protected health information has been exposed in a healthcare data breach is to file a complaint about the possible privacy violation with the OCR. You may file your complaint in writing or electronically. If you mail in your complaint, use the official complaint form from the OCR website and be sure to save a copy for your attorney.


Your next step will be finding a lawyer to pursue legal actions against the covered entity.  An attorney with experience handling cases involving HIPAA violations will be your best bet, as they will be familiar with the laws and regulations related to your case.  Particularly in the event of a large scale data breach, you may find that others have already begun to take legal action.  If this is the case you may be able to join an existing class action lawsuit.  

Class action lawsuits have become more common in recent years following PHI data breaches.  It has become far more common in recent years for class action lawsuits to be filed following a healthcare breach of security, though chances of success in mass breaches can actually be lower as it can be difficult to establish definite proof of harm to the individuals. 

Work with an Experienced Atlanta HIPAA Violation Lawyer

If you face a violation of your HIPAA privacy rights you may be confronted with personal damages to your reputation, family cohesion, or even employment standing.  At Marks Law Group, we will work on cases either simple or complex, determine the legal options you have, and strive to achieve the best possible solution for your unique case.  Our only goal is to reach a successful financial recovery for our clients, allowing them to move forward with their lives.  Contact an Atlanta HIPAA Violation Lawyer today for a case review.