San Diego Law Review

Library of Congress Authority File


Document Type



HIPAA’s lack of an individualized remedy harmed individuals and left the law a toothless monster, but Byrne begins to fill the longstanding gap by offering greater protection for individuals and their sensitive information. Byrne will also incentivize better compliance with HIPAA by instilling in companies a fear of sizeable tort suit damage awards.

Part II of this Note introduces HIPAA and its ability to protect sensitive health information. Part III discusses the facts, holding, and reasoning of Byrne, in which a state supreme court, for the first time, recognized HIPAA requirements as a duty owed in negligence claims. Part IV examines the available remedies for injured individuals before and after Byrne. Part V analyzes how the Byrne decision, in combination with HIPAA’s expansion under the Health Information Technology for Economic and Clinical Health Act (HITECH), affects companies subject to HIPAA. Part VI demonstrates that Byrne and other similar state court decisions are trending toward recognizing HIPAA as a standard of care nationwide. Part VII concludes.