If you believe your privacy rights were violated under HIPAA by a medical provider, you may file a complaint with the Office of Civil Rights (OCR). This link will show you were to file a complaint and there is information as to the complaint process.
HIPAA rules and regulations provide civil and criminal penalties for those who violate it, but these are enforced by the department of justice, federal attorney general, and/or state attorney general, not private citizens.
As far as possible civil claims, a patient would need to look at what state law claims are available in the state in which the breach occurred. Possible claims, depending on the state, include negligence claims and violation of physician/patient confidentiality as well as invasion of privacy (public disclosure of private facts), and invasion of privacy (intrusion), if such claims exist in that state. However, any such common law claims most certainly will require damages, which may be hard to show as the damages must be tied to the improper access and disclosure.
If you need clarification about my answer or additional information, please use the SEND or REPLY button to continue our conversation. Your satisfaction is my goal and I am here to help!
Please remember to kindly leave a positive rating for me by clicking on the stars, as that is the only way experts are paid for their time even though you may have already paid a deposit to the site. Follow-up questions asked in this thread do not cost anything additional after leaving a positive rating. Thank you!