Skip to main content

HIPAA Violations


The Lyon Firm is actively involved in Class Action Data Breach & Personal Healthcare HIPAA Violations Lawsuits on behalf of plaintiffs nationwide.
Nationwide Success

How Can a HIPAA Violation Lawyer Help You?

HIPAA is a federal law that requires the protection of your sensitive medical information. Violations can lead to fines and prison for those who break the law. Modern pixel tracking technology is creating new kinds of HIPAA violations that must be legally addressed.

Improperly disclosed medical information can put people at risk. For example, your HIV status could lead to discrimination if disclosed to your employer, or your pregnancy status could put you in danger from an abusive spouse. The Health Insurance Portability and Accountability Act of 1996, known as HIPAA, was passed to protect people’s medical records and other identifiable health information.

The Office for Civil Rights in the U.S. has warned that certain third-party tracking vendors like Google and Meta/Facebook are accessing what should be private medical data through pixel-tracking technologies. Regulated entities like clinics and hospitals aren’t permitted to use these technologies if they disclose your data in a way that violates HIPAA.

Pixel tracking and other forms of HIPAA violations can be handled by a HIPAA violation attorney. A class action lawsuit can help identify weaknesses in medical privacy protections, and secure compensation for the individuals affected. Joe Lyon of The Lyon Firm has unique experience in successfully litigating data privacy cases. Reach out to us online or by calling (513) 381-2333 for proven representation and to protect your digital and medical rights.

Acronym Glossary

    • The Health Insurance Portability and Accountability Act of 1996 (HIPAA): A federal law protecting sensitive patient health information from being disclosed without the patient’s consent or knowledge.
    • The U.S. Department of Health and Human Services (HHS): A cabinet-level executive branch department of the U.S. federal government.
    • The Office for Civil Rights (OCR): A division within the HHS created to enforce laws against discrimination based on immutable characteristics by certain healthcare and health insurance plans
    • Personal Health Information (PHI): Data like diagnoses, treatments, and payment methods for care.
    • Personal Identifiable Information (PII): Details like social security numbers, addresses, telephone numbers, and bank or credit card information.

    The Top 5 Digital HIPAA Violation Lawsuit Settlements

    Here are some of the top results for digital HIPAA violation lawsuits:

    1. $115 million from Anthem, Inc. to insurance consumers for failing to implement security controls, resulting in cyber hacks that compromised the day of roughly 79 million Americans. The company also paid another $16 million in fines to the OCR.
    2. $5.55 million in fines from Advocate Health Care for two data breaches over a span of three months. Roughly 4 million patient records were exposed when computers were stolen from offices and an employee’s unlocked vehicle.
    3. $5.5 million settlement from Memorial Healthcare System in South Florida for internal violations. Two of its employees illegally accessed and stole the data of over 115,000 patients to sell, including their social security numbers. They faced criminal charges while the health group was penalized for failing to restrict and monitor login access.
    4. $4.8 million in collective fines from New York Presbyterian Hospital and Columbia University Medical Center for a data leak exposing the PHI of approximately 6800 patients. The sensitive information of patients was exposed to the open internet, and fully accessible to search engines.
    5. $4.3 million in fines for Cignet Health for denying 41 patients access to their own medical records without sufficient justification. Their initial fines were increased by $3 million for being uncooperative to the demands of the OCR, the first-ever civil money penalty imposed by the HHS.

    The wrongful disclosure of your health information can lead to financial loss, more scams and fraud attempts on your identity, improper treatment, and serious injury. These violations can bring both civil and criminal consequences for the person or entity responsible. In addition yo owing damages to you and other patients, violators can be penalized with multi-million dollar fines, and face up to 10 years in prison.

    How Can a HIPAA Violation Lawsuit Help Me?

    Civil class action HIPAA lawsuits can:

    • Reimburse individuals for significant money and time lost dealing with identity theft
    • Stop the behavior that exposes information through a judge’s order
    • Release illegally withheld medical records to patients who are entitled to their own data
    • Punish irresponsible or malicious actors involved in the data breach
    • Encourage improved industry safety standards as companies seek to avoid steep penalties


    Because technological violations of HIPAA rules affect wide swaths of individuals, patients can band together in a class action lawsuit to expedite justice, maximize damages awards, and reduce attorney’s fees. Once your data has been compromised, fair compensation can help you afford better identity protection going forward.

    How Do Meta Pixel & Tracking Technologies Violate HIPAA?

    A release from the U.S. Department of Health and Human Services (HHS) has alerted the public to the privacy dangers of online meta pixel tracking of healthcare websites. Here’s the issue:

    • Pixel tracking is used by online entities like Google to gather information about how users browse websites, what type of ads they click on, and what sort of purchases they make
    • That tracking information can also gather health-related data when you visit a doctor’s website, virtual clinic, or handle other healthcare matters online
    • Healthcare providers have a duty under HIPAA rules to protect your data from unauthorized access, including access by third-party pixel tracking 

    Websites may use tracking technologies such as cookies, web beacons or tracking pixels, session replay scripts, and fingerprinting scripts. These are technologies that did not exist in 1996 when HIPAA was first implemented, but your protections remain the same. It is the responsibility of healthcare providers to protect your information from all prying eyes.

    If you know or suspect your HIPAA rights have been violated, contact an attorney with cybersecurity experience right away. The sooner you act, the sooner your private medical or identifying data may be resecured. Your action could also alert other unsuspecting individuals that their information and identities are in danger. The digital privacy lawyers at The Lyon Firm can be reached directly at (513) 381-2333.

    5 Common Ways Your HIPAA Rights May Be Violated

    These are some of the most common ways HIPAA violations take place:

    1. Lack of Risk Management Process or Failure to Perform Risk Analysis

    Even with a proper risk analysis, that’s just the beginning of ensuring patient data is properly looked after. Personal health data is always a target and requires strong cybersecurity and a good risk management process. The longer data is left unsecured, the stronger the chances of a health data theft incident.

    The failure to perform a full risk analysis is a very common HIPAA violation, which can compromise personal data greatly. When risk analysis is not performed properly or regularly, organizations will not be able to identify security vulnerabilities and data privacy risks remain unaddressed.

    2. Failure to Enter Into a HIPAA-Compliant Agreement or Use Encryption

    The failure to enter into a HIPAA-compliant agreement with third-party vendors is among one of the most common HIPAA violations. Clinics and hospitals must ensure the technology companies they work with are vetted and agree to the rules regarding patient privacy. These are the same expectations they would have for any new human employee.

    An effective method of preventing healthcare data breaches is to encrypt protected health information transmitted through third-party vendors. Although encryption is not mandatory under HIPAA, it is common practice and a failure to do so could mean the leak of sensitive data and the beginning of privacy litigation.

    3. Failure to Meet the Security Breach 60-Day Notification Deadline

    The HIPAA Breach Notification Rule requires healthcare entities to issue timely notifications of security breaches—no later than 60 days following the discovery of a data breach. A delay in notifying patients that their information is compromised could create a window of vulnerability where identities can be stolen, fraud can be committed, and patients are harmed by the exposure of their private data.

    4. Impermissible Disclosures or Improper Disposal of PHI

    Disclosure of protected health information that is not permitted under the HIPAA Privacy Rule can be grounds for penalty and further legal action. HIPAA violations under this umbrella may include disclosing PHI to a patient’s employer or unnecessarily disclosing medical records. There are also violations for disclosures following the theft of unencrypted computers, and the careless handling of healthcare data.

    When a patient’s personal data are no longer needed and retention periods have expired, HIPAA requires the information to be destroyed. For paper records this means shredding or pulping, and for electronic files, wiping, or destroying the storage devices.

    5. Denying Patients Their Health Records

    HIPAA Privacy laws give patients the right to access their medical records at any time. Denying patients copies of their health records, or failing to provide them within 30 days is a clear HIPAA violation.


    The above are common HIPAA violations because they can be too easily overlooked in the bureaucracy of patient care. Another dangerous form of violation comes from the intentional theft of patient medical records through digital hacking or by stealing computers, tablets, or phones that store the data. 

    In cases of criminal data theft, you can file a civil lawsuit for personal compensation separate from any criminal charges handled by law enforcement.

    Contact The Lyon Firm for HIPAA Privacy Cases

    Under HIPAA, regulated entities like doctors, nurses, clinics, and hospitals are not permitted to use tracking technologies that result in “impermissible disclosures” of your private health data to tracking technology vendors. 

    The rising number of digital healthcare hacks have left millions of patients vulnerable to stolen medical records and identity theft. Besides online issues, HIPAA violations through conventional means still exist. In many instances, it takes legal action to put a stop to these violations.

    Attorney Joseph Lyon has decades of experience helping individuals in complex litigation matters. He has represented individuals in every state against many of the largest companies in the world. The Lyon Firm focuses on single-event civil cases and class actions involving corporate neglect and fraud, medical malpractice, and invasion of privacy. We also offer contingency fee arrangements, meaning we front all costs of litigation, and only collect payment for our services if we win for you first.

    Contact our offices right away online or by calling (513) 381-2333 for representation in a HIPAA data privacy lawsuit. Keep in mind that without data breach class actions, large corporate defendants would be able to cause small amounts of harm to a large group of individuals without any risk of monetary penalty. 

    Holding companies accountable for poor cybersecurity and data theft incidents helps secure personal justice for you and your family, and ensures that consumers are better protected in the future.

    CONTACT THE LYON FIRM TODAY

    Please complete the form below for a FREE consultation.

    • This field is for validation purposes and should be left unchanged.

    ABOUT THE LYON FIRM

    Joseph Lyon has 17 years of experience representing individuals in complex litigation matters. He has represented individuals in every state against many of the largest companies in the world.

    The Firm focuses on single-event civil cases and class actions involving corporate neglect & fraud, toxic exposure, product defects & recalls, medical malpractice, and invasion of privacy.

    NO COST UNLESS WE WIN

    The Firm offers contingency fees, advancing all costs of the litigation, and accepting the full financial risk, allowing our clients full access to the legal system while reducing the financial stress while they focus on their healthcare and financial needs.

    photo of data breach attorney Joe Lyon
    Compensation for Victims

    Why are Data Breach Cases important?

    Without data breach class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty.

    Holding companies accountable for poor cybersecurity and data theft incidents helps ensure that consumers are better protected in the future. 

    CONTACT THE LYON FIRM TODAY

    • This field is for validation purposes and should be left unchanged.

    HIPAA Violation Lawsuit FAQs

    What should I do if I am the victim of a data breach?

    General recommendations after a data breach include freezing your credit right away, and closely monitoring your personal information and financial accounts for any fraudulent activity.  

    It’s also recommended that you get official confirmation of the data breach, and collect as many details about the incident as possible. Contact an attorney to investigate the complex litigation involved in security breach lawsuits. Always consult a lawyer before accepting any legally binding settlement offer.

    What is a class action lawsuit?

    A class action is a lawsuit brought by an individual on behalf of all other similarly situated individuals. Class actions are typically filed when the amount of money in dispute for a single plaintiff would not justify litigating the case, but where the amount of damages of the entire class of Plaintiffs would justify the cost of litigation. Without class actions, large corporate defendants would be able to cause small amounts of harm over a large group of individuals without any risk of monetary penalty.

    Can I join a HIPAA class action lawsuit?

    An experienced class action attorney can determine if you are eligible to file a lawsuit or join a class of plaintiffs. A lawyer can assist in determining who is liable for the lack of security, theft, or improper disclosure of your data. Your lawyer can also help evaluate the appropriate amount required to compensate your losses.

    Is my genetic information protected?

    Yes, the Genetic Information Privacy Act (GIPA) is a statute that expands on privacy laws, originally drafted under HIPAA. GIPA includes requirements applicable to genetic testing companies, health care providers, business associates, insurers, and employers.

    Under GIPA, genetic testing and personal information derived from genetic testing is confidential and may only be released to the individual tested or other persons specifically authorized. An insurer may not seek genetic testing information for use in determining eligibility for benefits. Employers cannot use genetic info or testing for workplace wellness programs unless the employee provides written authorization.

    How are HIPAA violations discovered?

    HIPAA violations are often discovered during internal audits. Supervisors may also identify areas of non-compliance or see employees blatantly violate HIPAA Rules. The penalties for violations of HIPAA Rules can be severe, with fines of up to $25,000 per violation. Fines of up to $1.5 million may be possible for a particular company in any given calendar year.


    If your personal health data has been stolen or improperly leaked, you may have a data privacy claim against those responsible. Contact The Lyon Firm at (513) 381-2333 for a free and confidential case review.

    Your Right to Justice

    Learn About the Legal Process

    Filing Class Action lawsuits is a complex and serious legal course and can carry monetary sanctions if proper legal course is not followed. The Lyon Firm is dedicated to assisting injured plaintiffs work toward a financial solution to assist in compensating for medical expenses or other damages sustained.

    We work with law firms across the country to provide the most resources possible and to build your case into a valuable settlement. The current legal environment is favorable for consumers involved in data breach class actions, deceptive marketing lawsuits, TCPA telemarketing claims, and financial negligence claims.