134 N.E.3d 435
Ind. Ct. App.
2019

Amanda Henry, Appellant-Plaintiff, v. Community Healthcare System Community Hospital, Appellee-Defendant

Court of Appeals Case No. 19A-CT-1256

COURT OF APPEALS OF INDIANA

October 8, 2019

Baker, Judge.

Appeal from the Lake Superior Court, The Honorable John M. Sedia, Judge, Trial Court Cause No. 45D01-1811-CT-803

ATTORNEY FOR APPELLANT

Neal F. Eggeson, Jr.

Eggeson Privacy Law

Fishers, Indiana

ATTORNEYS FOR APPELLEE

Sharon L. Stanzione

Alan M. Kus

Johnson & Bell, P.C.

Crown Point, Indiana

[1] Amanda Henry appeals the trial court‘s order dismissing the complaint she filed against Community Healthcare System Community Hospital (Community) after a Community employee allegedly provided Henry‘s medical records to the employee‘s spouse, who happened to be Henry‘s employer. Henry argues that (1) while HIPAA does not contain a private right of action, it can form the basis of a duty and/or standard of care; (2) the trial court erroneously found that Indiana does not recognize the tort of public disclosure of private information; and (3) dismissal was improper where there were multiple viable negligence-based claims implicated by the complaint. Finding that Henry has one or more claims that should have survived dismissal, we reverse and remand for further proceedings.

Facts1

[2] On March 1, 2018, Henry received medical treatment at Community Hospital in Munster. As part of her treatment, she underwent radiographic imaging. Three days later, Henry‘s employer showed her digital images of her X-rays on the employer‘s cell phone. Henry later learned that her employer is married to the radiologic technician who performed her radiographic imaging.

[3] On October 24, 2018, Henry filed a complaint against Community. The relevant portions of the complaint read as follows:

3. On March 1, 2018, plaintiff received medical care at Community.

4. Community owes a duty to protect the privacy, security, and confidentiality of health records generated or maintained by providers within its network.

5. At some point between March 1, 2018 and March 4, 2018, a Community workforce member shared plaintiff‘s protected health information with the workforce member‘s spouse.

6. On March 4, 2018, the workforce member‘s spouse showed plaintiff digital images (contained in the spouse‘s cellular telephone) of plaintiff‘s March 1, 2018 x-ray films.

***

11. As a direct and proximate result of the above-described acts of Community and of Community‘s workforce member, plaintiff has suffered damages for which Community is liable.

Appellant‘s App. Vol. II p. 10-11 (emphases omitted). Community filed an answer denying the allegations.

[4] On April 17, 2019, Community moved to dismiss the complaint pursuant to Indiana Trial Rule 12(B)(6). Henry responded the same day. The trial court held a hearing on the motion to dismiss on June 3, 2019, and entered an order dismissing the complaint the next day. The trial court found that because the motion to dismiss was filed after the pleadings were closed, the motion should be treated as a motion for judgment on the pleadings pursuant to Trial Rule 12(C). In relevant part, the trial court found as follows:

Here, the question is quite simple: Does Henry have a right of action against Community on the facts she alleges?

It has long been held that no private action exists under HIPAA, found at 42 U.S.C. § 1320(d), and its implementing regulations[.]

As to Henry‘s claim under the Public Disclosure Privacy Act, the very recent case of [F.B.C. v. MDwise, Inc., 122 N.E.3d 834 (Ind. Ct. App. Apr. 16, 2019), trans. pending,] held:

. . . [t]he tort of Disclosure has not yet been recognized in Indiana. . . . In Doe v. Methodist Hospital, the Indiana Supreme Court declined to adopt [the tort of private disclosure of public facts (“Disclosure“)], which is a sub-tort of invasion of privacy, as an actionable claim. 690 N.E.2d 681, 693 (Ind. 1997). The Court recognized that while neighboring states have adopted a more liberal Disclosure standard, it was not persuaded to adopt Disclosure as a cognizable claim in Indiana. Id. at 692-93. See also Felsher v. University of Evansville, 755 N.E.2d 589, 593 (Ind. 2001).

It is therefore ordered, adjudged and decreed by the Court as follows:

  1. The Motion to Dismiss of [Community] is granted.
  2. This case is ordered dismissed with prejudice.

Appealed Order p. 2-3 (emphasis and citation in original omitted). Henry now appeals.

Discussion and Decision

[5] As noted above, the trial court treated Community‘s motion to dismiss as a motion for judgment on the pleadings pursuant to Indiana Trial Rule 12(C).2 We apply a de novo standard of review to a ruling on a motion for judgment on the pleadings. Murray v. City of Lawrenceburg, 925 N.E.2d 728, 731 (Ind. 2010). When evaluating such a motion, we must accept as true the well-pleaded material facts alleged in the complaint. Consol. Ins. Co. v. Nat‘l Water Servs., LLC, 994 N.E.2d 1192, 1196 (Ind. Ct. App. 2013). A Rule 12(C) motion is granted only where it is clear from the face of the complaint that under no circumstances could relief be granted. Id. A complaint will withstand a motion for judgment on the pleadings if it states any set of allegations, no matter how inartfully pleaded, upon which the trial court could have granted relief. Tony v. Elkhart Cty., 851 N.E.2d 1032, 1035 (Ind. Ct. App. 2006).

[6] Community attempts to frame this case under the Health Insurance Portability and Accountability Act (HIPAA) and the Indiana Access to Health Care Records Statute (IAHRS), arguing that there is no private right of action under either statute. This framing is a red herring, however, inasmuch as Henry agrees that there is no private right of action and is not attempting to assert one.

[7] Instead, Henry argues that HIPAA may be used to establish the standard of care in a common law negligence action. To ensure that litigants are not enabled to make an end-run around the lack of a private right of action under HIPAA, Community argues that there must first be a common law duty. We agree.

[8] There is an age-old recognition that medical providers owe a duty of confidentiality to their patients. While this duty is now codified by statute in Indiana, that does not change the historical recognition of the duty at common law.3 See Schlarb v. Henderson, 211 Ind. 1, 4, 4 N.E.2d 205, 206 (1936) (acknowledging, in the context of doctor-patient privilege, that there was a “common-law rule before the statute” to ensure open communication “without the danger of publicity concerning such private and intimate affairs“); Springer v. Byram, 137 Ind. 15, 36 N.E. 361, 363 (1894) (observing that communications made by a patient to a doctor are “intended to be private and confidential, and can never be divulged without the consent of the patient“). This common law duty finds support in the ethical rules governing the medical profession. See

Canfield v. Sandock, 563 N.E.2d 526, 529 and 529 n.2 (Ind. 1990) (observing that “the ethical rules of the medical profession . . . prohibit disclosure of confidential information in non-judicial settings” and that the “Hippocratic Oath imposes on physicians a duty to maintain confidences acquired in their professional capacity“); see also Am. Med. Ass‘n, Code of Medical Ethics Opinion 3.2.1, https://www.ama-assn.org/delivering-care/ethics/confidentiality (stating that physicians “have an ethical obligation to preserve the confidentiality of information gathered in association with the care of the patient“); Vargas v. Shepherd, 903 N.E.2d 1026, 1031-32 (Ind. Ct. App. 2009) (acknowledging argument that medical providers assume a duty to abide by ethical guidelines, including obtaining patient consent before disclosing any medical information, and assuming without deciding that such a duty exists).

[9] We have little trouble concluding, based on the above authority, that there is—and, in modern times, always has been—a common law duty of confidentiality owed by medical providers to their patients. And it is necessarily true that if a duty exists, a breach of that duty is also possible. Indeed, this Court has more than once considered a claim that a medical provider negligently or recklessly disseminated a patient‘s confidential information, finding that such a claim sounds in ordinary negligence rather than in medical malpractice. G.F. v. St. Catherine Hosp., Inc., 124 N.E.3d 76, 86-88 (Ind. Ct. App. 2019), trans. denied; H.D. v. BHC Meadows Hosp., Inc., 884 N.E.2d 849, 855-56 (Ind. Ct. App. 2008); see also Reply Br. p. 15 n.4 (citing to multiple cases from other states showing that torts related to medical privacy breaches are well established based on an underpinning of the public policy goal of protecting physician-patient communications).

[10] Having found that a common law duty exists, we have little trouble agreeing with a sister court that “HIPAA and its implementing regulations may be utilized to inform the standard of care” in tort claims related to alleged breaches of the duty of confidentiality owed by medical providers to their patients. Byrne v. Avery Ctr. for Obstetrics & Gynecology, P.C., 102 A.3d 32, 49 (Conn. 2014).

[11] Under Indiana‘s liberal notice pleading standard, we find that Henry‘s complaint includes the operative facts necessary to make a negligence-based claim against Community. See ARC Constr. Mgmt., LLC v. Zelenak, 962 N.E.2d 692, 697 (Ind. Ct. App. 2012) (holding that “[u]nder Indiana‘s notice pleading system, a pleading need not adopt a specific legal theory of recovery to be adhered to throughout the case“). Specifically, the complaint alleged a duty to protect the privacy, security, and confidentiality of her health records, a breach of that duty by Community‘s employee when the employee shared Henry‘s x-rays with employee‘s spouse, and resulting damages, if any. Under these circumstances, it was erroneous to grant Community‘s motion for judgment on the pleadings because it is not clear from the face of the complaint that under no circumstances could relief be granted.4,5

[12] The judgment of the trial court is reversed and remanded for further proceedings.

Kirsch, J., and Crone, J., concur.

Notes

1
We held oral argument in Indianapolis on September 23, 2019. We thank counsel for both parties for their truly superb oral and written presentations.
2
Henry argues that nothing in the rules provides for this procedure. She maintains that the motion to dismiss should have been denied as untimely and that Community should have then had to file a motion for judgment on the pleadings. As everyone would have ended up in the same place had that occurred, we will join the trial court in considering the matter as a ruling on a motion for judgment on the pleadings for the sake of judicial economy and efficiency.
3
We acknowledge the caselaw providing that, in the context of the doctor-patient privilege in our judicial system, the privilege did not exist at common law and is, instead, a statutory creation of the legislature. E.g., Terre Haute Reg‘l Hosp., Inc. v. Trueblood, 600 N.E.2d 1358 (Ind. 1992). But we do not believe that the existence of this privilege in the context of our judicial system has any bearing on the historical duty of confidentiality owed by medical providers to their patients.
4
Because we find that the complaint survives dismissal based on medical providers’ common law duty of confidentiality, we need not and will not discuss Henry‘s other claims implicated by the complaint, including public disclosure of private facts and other negligence-based claims. On remand, Henry is free to pursue whichever theories of the case she chooses so long as they stem from the operative facts pleaded in her complaint.
5
If this litigation continues, at some point, Henry will have to show that she sustained damages as a result of the alleged breach of confidentiality, whether in the context of a negligence-based claim or an invasion of privacy claim. We note that the Restatement (Second) of Torts indicates that, for an invasion of privacy claim, damages can include (1) the harm to the plaintiff‘s privacy interest itself; (2) the plaintiff‘s mental distress; and (3) special damages. Restatement (Second) of Torts § 652H. If, in the context of a negligence-based claim, Henry cannot prove damages, we note that the Vargas Court, in similar circumstances, explained that the appropriate remedy would be “a complaint to the medical licensing board or professional organization.” 903 N.E.2d at 1032.
Read the detailed case summary