privacyHas a doctor, hospital, nurse or other treatment provider disclosed your private health information without your knowledge, consent, or approval? If so, read on to learn about some of your legal rights.

California has some of the strongest pro-patient laws in the country, with strict guidelines protecting health records from disclosure. “Confidential health records” under the California Health and Safety Code, and must be handled with confidentiality.   The unauthorized disclosure of confidential public heath records is subject to civil penalties under Health and Safety Code 121025(e).    

You may also have a claim for “public disclosure of private facts,” which is a civil claim that can be brought by the aggrieved victim in a court of law.   In California, an aggrieved claimant must show that  the disclosure of facts was “public,” that the facts disclosed were private and not generally known, that publication of the facts is offensive to a reasonable person, and that the facts are not newsworthy.

Individuals who suspect that their health records may have been disclosed, especially by a medical provider, should take these steps:

  • Good Notes.  Adequate notes should be taken about the incident, the names/titles of the nurses, doctors, or other practitioners who were involved with the disclosure.  The notes should specify the date/time of visits, what exactly happened, whether the practitioner became aware of the unauthorized disclosure, what the victim said and did to notify the practitioner or treatment facility, and what measures were taken to rectify the disclosure, if any.  Information on whether a treatment facility is a repeat offender is also helpful.
  • Privacy Policies.  The patient should obtain a copy of all privacy policies, written consent forms, releases, and all other information the patient was asked to sign by the perpetrating medical treatment facility.  These documents will help determine whether the medical provider has sufficient controls in place to protect against the unauthorized disclosure of sensitive information.
  • Practices/Procedures.   Even if the privacy policies exist, they may not be enforced.  The victim should pay close attention to whether other staff in the treatment facility demonstrated any concern when reporting unauthorized disclosures.  A lack of regard for privacy concerns of patients could indicate general office sloppiness, and ultimately, the lack of any enforcement of privacy policies.
  • Consult with a Privacy Lawyer. Armed with good notes and documentation, individuals who are the victim of unauthorized disclosures should contact a privacy attorney familiar with the rules governing confidential health records. The attorney will be able to give the patient an overview of the legal rules, their rights, and options.

Unfortunately, doctors, nurses, assistants, and other practitioners are not perfect, and sometimes mistakes happen.   Fortunately, California’s  laws offer victims of unauthorized disclosures some means of rectifying the errors.

California law protects victims of breaches of privacy and provides them with an avenue for recovery against perpetrators. The California Confidential Medical Information Act provides plaintiffs with a private right of action against medical providers that disclose their medical information without authorization. Victims of privacy violations involving medical records need to act quickly to preserve their rights by consulting with a HIPAA violation lawyer.

AXIS represents clients in numerous types of privacy violations, including HIPAA/medical information violations, violations by doctors, medical care providers, schools, and employers, violations of name, likeness, and image, invasion of privacy,  right of publicity claims, online / internet privacy violations, privacy violations, HIV disclosures, HIV privacy violations, unauthorized plastic surgery before-and-after photos, and numerous others. Axis’ managing attorney Rabeh M. A. Soofi is recognized as one of the “Top Women Lawyers in Southern California” by SuperLawyers Rising Stars, and has extensive experience as a HIPAA violation / privacy lawyer serving clients throughout California, Los Angeles, Beverly Hills, West Hollywood, and Orange County.

For information on retaining AXIS Legal Counsel to represent you with respect to a privacy violation, contact or call (213) 403-0130 for a confidential consultation, or visit our Individual Privacy Rights Practice Area, or Individual Rights Portal for more information. AXIS is a Los Angeles, California privacy law firm assisting numerous kinds of clients with a wide array of privacy matters.  AXIS’ managing attorney Rabeh M. A. Soofi is a top Los Angeles Privacy Lawyer and top California Privacy Attorney and is rated “Superb” 10/10 by

 *        *         *

Privacy violations, unauthorized disclosures,
and data breaches are Illegal.

If you or a loved one has been the victim
of a privacy violation, get help now.


Top Privacy FAQs

Latest Privacy Representations