Good afternoon Susan, I'm Doug, and I'm very sorry to hear of your situation. My goal is to provide you with excellent service today. First of all, the pharmacist has violated HIPAA regulations by passing your information on to others. Second, I'm wondering how he came across this information as according to NORML, "The state ID card system has safeguards to protect patient privacy. Patient names and addresses are not kept in the state's data base: the only information retained is a personal photo and ID number...."
A HIPAA violation does not give rise to a private cause of action because the federal government, through the US Department of Health and Human Services, enforces HIPAA violations. However, the same facts which constitute a HIPAA violation can give rise to a meritorious Negligence action and/or Invasion of Privacy action. You can sue for Negligence/Invasion of Privacy based on the dissemination of your private medical information. You might also file a formal complaint with The Joint Commission, which is responsible for certifying health care facilities for eligibility to receive federal payments of health services. If a hospital or large clinic loses certification, they also lose the ability to be paid for MediCare, MediCaid patient treatment---which can force a facility to have to close down. Here is a link to the Joint Commission’s complaint web page: http://www.jointcommission.org/report_a_complaint.aspx Also, you may also report the violation to the US Department of Health and Human Services Here is a link to a website that will assist you in filing a complaint with regard to the unauthorized dissemination of your medical records: http://www.dhhs.gov/ocr/privacy/hipaa/complaints/index.html
In terms of your job, you should know that if your CA employer has a zero tolerance policy and they test you---either because it is a random test, or they have reason to believe you are using--- and you are positive, the law presently allows them to terminate you for the positive test. Your remedy would then be to sue the company and the pharmacist and prove that the reason you were tested was based on information gained during a search in violation of HIPAA, and sue for damages under an Invasion of Privacy argument.
If your pharmacist is smart, they will recognize the fact that they stand to be in more trouble than you, and they will keep their mouth shut.
Please keep in mind that, even though you have already paid your deposit money over to JustAnswer, until you rate me highly for my service, I will not be paid for having assisted you with your questions. If you have additional questions, you may of course reply back to me and I will be happy to continue to assist you further until your questions have been answered to your satisfaction. I wish you the best in your future. Doug
DISCLAIMER: Answers from Experts on JustAnswer are not substitutes for the advice of an attorney. JustAnswer is a public forum and questions and responses are not private or confidential or protected by the attorney-client privilege. The Expert above is not your attorney, and the response above is not legal advice. You should not read this response to propose specific action or address specific circumstances, but only to give you a sense of general principles of law that might affect the situation you describe. Application of these general principles to particular circumstances must be done by a lawyer who has spoken with you in confidence, learned all relevant information, and explored various options. Before acting on these general principles, you should hire a lawyer licensed to practice law in the jurisdiction to which your question pertains.
The responses above are from individual Experts, not JustAnswer. The site and services are provided “as is”. To view the verified credential of an Expert, click on the “Verified” symbol in the Expert’s profile. This site is not for emergency questions which should be directed immediately by telephone or in-person to qualified professionals. Please carefully read the Terms of Service (last updated February 8, 2012).