Printer Friendly, PDF & Email

'Any of Us Could Lose Our Deepest Secrets': Privacy Attorney Shares View From Trenches

HIPAA privacy and security officers might not remember his name, but they’ve no doubt felt the ripple effects of what Neal F. Eggeson, and others like him, have achieved. Eggeson, a solo practitioner in Fishers, Indiana, is the attorney whose client won $1.8 million after a Walgreen Co. pharmacist illegally accessed her records.

The Walgreen case was the second of this type that Eggeson successfully brought alleging a HIPAA violation—despite the fact that the law permits no private right of action. In 2010, after a six-year legal battle, he won $1.25 million against a medical practice after a patient’s HIV status was entered into a court document seeking payment for a $326 bill.

Successful privacy cases remain rare, but they do occur. Just last year, borrowing similar legal strategies, a California man in July won a $1 million award[1] against a psychiatrist who thought he was suicidal and told his boss, which led to loss of employment.

Eggeson’s been out of the news since the Walgreen case, but that doesn’t mean he has not been busy. Previously an appellate attorney, today privacy cases comprise his entire practice. But Eggeson hasn’t had to go to court and is, instead, reaching settlements for victims of privacy breaches.

Each year, hundreds of people who believe their privacy rights have been violated contact Eggeson, and he keeps an active case load of 30, all on contingency. As such, he has perhaps a rare if not unique perspective to share with covered entities and business associates who don’t want to get a call from him or similar attorneys.

In this first part of a Q&A with RPP, Eggeson discusses the significance and background of the two cases for which he is best known, personalizing in concrete terms some of the harms that can result when privacy is violated, a concept that might be somewhat abstract for HIPAA officials. Among the surprises: Eggeson offered to settle his first case for $10,000, but the medical practice turned him down. And also of note: taking appropriate actions after a breach can thwart damages.

This document is only available to subscribers. Please log in or purchase access