What happens when a nurse breaches patient confidentiality?

By | 2021-05-07T14:44:15-04:00 February 5th, 2018|Tags: , |4 Comments

In previous blogs I explored how an employer can be sued due to a nurse’s negligence or misconduct under the doctrine of respondeat superior, which holds the employer liable for an employee’s or agent’s wrongdoing committed within the scope of employment.

In the following case, a New York court showed why this doctrine is not always applicable.

In 2010, “John Doe” was being treated for a sexually transmitted disease at a private medical facility in New York. A nurse at the facility recognized Doe as the boyfriend of her sister-in-law. The nurse, not assigned to Doe’s care, checked Doe’s chart and learned of his diagnosis and treatment.

While Doe was waiting for his treatment, the nurse texted her sister-in-law and told her Doe was being treated for the STD. The manner in which she texted this information led the sister-in-law to believe the staff was making fun of his diagnosis and treatment. The sister-in-law immediately forwarded the messages to Doe.

Five days after his treatment, Doe met with the administrator of the facility and the nurse was fired. A letter was sent to Doe from the president and CEO of the facility informing Doe that an unauthorized disclosure of his confidential health information did occur, appropriate disciplinary action had been taken and steps put into place to prevent such a breach from happening in the future.

Doe then filed a lawsuit in federal court against the facility and other facilities that were associated through staffing and ownership, alleging several causes of action. They included breach of fiduciary duty to maintain the confidentiality of personal health information, breach of contract, negligent hiring and training of employees, and breach of duty to maintain patient confidentiality, according to records.

Numerous legal proceedings prior to this one resulted in a dismissal of all of Doe’s allegations except his claim of breach of fiduciary duty. This court was asked to certify if the breach of fiduciary duty claim could go forward.

The court reviewed the lower court rulings leading up to this one. It supported the Second Circuit Court’s ruling that the actions of the nurse were not foreseeable to the facility, nor was her behavior within the scope of her employment. Rather, as Doe’s complaint stated, her conduct was “motivated by purely personal reasons and ‘those reasons had nothing to do with [Doe’s] treatment and care.’”

Therefore, the lower court held that respondeat superior cannot be applied in this case. But that court was unsure if a distinct cause of action against the facility for a breach of its duty to maintain patient confidentiality can survive when respondeat superior liability is absent. This question was what this court had to determine.

The court opined that a medical facility’s duty of safekeeping a patient’s confidential medical information is “limited to those risks that are reasonably foreseeable and to actions within the scope of employment.”

Because the nurse’s misconduct did not meet these requirements, the facility cannot be held liable in this case or any other case in which respondeat superior is absent.

However, the court did point out that an employer could be held liable if evidence exists that the facility was negligent in hiring or supervising its employees or if it failed to establish adequate policies and procedures to safeguard confidential patient information. The lower court decisions in this case dismissed these allegations and this court did not further address them.

Nurses must protect patient confidentiality

As you know all too well, the protection of patient confidentiality is an essential duty of all healthcare providers, including nurses.

What this case underscores about patient confidentiality is that there can be liability for a facility for its own duties to protect a patient’s medical information.

But if an employee who is obligated to protect patient medical information acted in a manner as this nurse did, the only potential liability is with the employee and not the employer.

Apparently Doe did not name the nurse in his lawsuit but elected to sue only the facilities that either owned or provided staff and other support to the facility. Perhaps Doe thought this was how he could obtain the largest amount of a monetary award. If so, the decision was unwise at best. Doe cannot now file the same suit against the nurse under the doctrine of res judicata, which bars the same parties from litigating a second lawsuit on the same claim or any other claim arising from the transaction or series of transactions that could have been — but were not — raised in the first suit (Black’s Law Dictionary, 1336).

Clearly, the nurse should have been an essential defendant in this case. Her unprofessional behavior could have, I believe, resulted in a judgment against her. Moreover, a complaint to the state board of nursing would more likely than not result in a discipline.

A breach of confidentiality can take many forms, including the one in this case. You can read more about patient confidentiality violations in Beltran-Aroca and others’ 2016 article, “Confidentiality Breaches in Clinical Practice: What Happens In Hospitals?” .

Although this was a New York case, it provides guidance in your duty to maintain patient confidentiality. Keep the following guidelines in mind at all times

1 — Never breach a patient’s confidential medical information.

2 — If you are unsure about sharing a patient’s information, seek guidance from your nurse manager.

3 — Know and follow your facility’s policies and procedures governing patient confidentiality without fail.

4 — Never seek information about a patient for whom you are not providing care.

5 — Know what your state nurse practice act requires of you in regard to maintaining patient confidentiality.

Editor’s note: Nancy Brent’s posts are designed for educational purposes only and are not to be taken as specific legal or other advice. Individuals who need advice on a specific incident or work situation should contact a nurse attorney or attorney in their state.  Visit The American Association of Nurse Attorneys website to search its attorney referral database by state.


Explore Your Higher Education Options at Nurse.com/Schools.

Check out some of our most popular CE courses

opioid60185: Advanced Practice Nurse Pharmacology
(25 contact hours)
Written and rigorously peer reviewed by pharmacists and advanced practice nurses, this course features a wide range of medical conditions and the medications associated with them. Chapter topics include hypertension, diuretics, GI, critical care, sexually transmitted diseases, asthma, oncology, non-opioid analgesics, diabetes, weight loss, mental health conditions and more. APN tips are featured throughout the chapters to help clinicians in their prescribing practices. This course will help APNs meet the new ANCC 25-contact hour pharmacology requirement for recertification.

WEB341: Inattentional Blindness: When You Just Didn’t See It
(1 contact hour)
Inattentional blindness is a phenomenon that can have a profound influence on perception and decision-making. Inattentional blindness is as an occurrence that happens when one is concentrating on a main task so that one misses detecting an unanticipated object or change in one’s environment. The level of attention needed for a task or specific features of the unanticipated thing that could be overlooked and influence the risk of inattentional blindness occurring.

WEB337: Human Trafficking
(1 contact hour)
Human trafficking is a secretive yet widespread form of slavery that is a problem on a global scale. Many may not realize the widespread scope of trafficking operations in the United States. It is difficult to track the scope of trafficking because of the underground or hidden nature of activities. Most victims in the U.S. are unwilling participants in the sex trade. This webinar provides information about referral resources, tools, assessment data and reporting to help the healthcare team identify and help victims.




Nurse.com Job Seeker

Discover how Nurse.com can help you find your next dream job.
Just sign up and wait to be paired with your perfect match.

About the Author:

Nancy J. Brent, MS, JD, RN
Our legal information columnist Nancy J. Brent, MS, JD, RN, received her Juris Doctor from Loyola University Chicago School of Law and concentrates her solo law practice in health law and legal representation, consultation and education for healthcare professionals, school of nursing faculty and healthcare delivery facilities. Brent has conducted many seminars on legal issues in nursing and healthcare delivery across the country and has published extensively in the area of law and nursing practice. She brings more than 30 years of experience to her role of legal information columnist. Her posts are designed for educational purposes only and are not to be taken as specific legal or other advice. Individuals who need advice on a specific incident or work situation should contact a nurse attorney or attorney in their state. Visit The American Association of Nurse Attorneys website to search its attorney referral database by state.


  1. Avatar
    Judy Hall August 21, 2018 at 7:01 pm - Reply

    I filed a complaint with the hospital and patient safety

  2. Avatar
    Janet dreaver November 26, 2018 at 4:40 pm - Reply

    How much did doe get? I am in same place my health director send my medical information to many people without my consent even my doctor and pharmacist

  3. Avatar
    victim December 12, 2020 at 5:18 am - Reply

    May I get “strongly agree, agree, or a Disagree , doing a poll among associates and need some more voters for our debate.

    Should healthcare workers be in their field if they make fun of and jeopardize a patients health, privacy, wellbeing etc.

    Should a healthcare worker be calling and describing patients as crazy when she employed temporarily at a Psych Office yet is helping a wanted felon on the run stalk and threaten and intimidate and follow his victim he sent to the hospital.

    Should a healthcare worker be allowed in a field where ones are supposed to be looking out for the safety of patients

  4. Avatar
    Richard A. Arnold March 14, 2022 at 11:51 am - Reply

    This article is full of some well-researched information. You have made valid points in a unique way. after reading this article we know the Law and facts for an employee for breach of confidentiality.

Leave A Comment