In a recent decision by the Second Circuit Court of Appeals, the court upheld a lower court’s decision that a plaintiff could not sue a health clinic for a non-physician employee’s unauthorized disclosure of health information, when the employee acted outside the scope of her employment. The case arose when the plaintiff was treated for a sexually transmitted disease at a health clinic. The plaintiff’s girlfriend’s sister-in-law worked as a nurse at the clinic, and accessed plaintiff’s confidential medical information, which she then texted to plaintiff’s girlfriend for reasons unrelated to his medical treatment or care. The patient then brought suit against the health clinic, alleging it had, inter alia, breached the fiduciary duty of confidentiality. Although New York has recognized a cause of action against physicians who improperly disclose confidential medical information, few cases deal with whether a medical corporation could be liable on a theory of respondeat superior for the actions of its rogue employees. The court certified to the New York Court of Appeals the question whether under New York law, a medical corporation could be liable for such a breach of fiduciary duty claim when the employee responsible for the breach was not a doctor and was acting outside the scope of her employment. The New York Court of Appeals answered “no”, holding, “[A] medical corporation’s duty of safekeeping a patient’s confidential medical information is limited to those risks that are reasonably foreseeable and to actions within the scope of employment.” The Second Circuit upheld the decision.

Tip: This case is a reminder that companies will not necessarily be viewed as responsible for the action of their employees, when those employees are acting outside the scope of their employment.