What legal basis allows a patient to sue for damages due to inappropriate use of their protected health information (PHI)?

The ability for a patient to sue for damages related to the inappropriate use of their protected health information (PHI) is primarily grounded in common law principles. Common law provides a basis for various torts, including invasion of privacy and breach of confidentiality, which are highly relevant to cases involving PHI. Under common law, individuals can seek remedies for violations of their personal rights, which encompasses the misuse of sensitive health information.

While statutory law, such as the Health Insurance Portability and Accountability Act (HIPAA), also plays a crucial role in setting the rules regarding the handling of PHI, it primarily provides a regulatory framework and establishes penalties for violations rather than creating a private right of action for patients. Therefore, patients generally rely on common law to seek damages directly.

Administrative law pertains to regulations and decisions made by governmental agencies, while constitutional law involves challenges against the government based on constitutional rights. Neither of these areas directly address an individual's right to sue for damages specifically arising from the misuse of their PHI in the same way that common law does. Thus, the foundation for suing in this context is primarily based on the established principles of common law.