Case #3: Public Hospital Corrects Impermissible Disclosure of PHI in Response to a Subpoena Covered Entity
Case #3: Public Hospital Corrects Impermissible Disclosure of PHI in Response to a Subpoena Covered Entity: General Hospital Issue: Impermissible Uses and Disclosures Plaintiff: Jennifer Defendant: AU Hospital AU Hospital, a public hospital, in response to a subpoena (not accompanied by a court order), impermissibly disclosed the protected health information (PHI) of one of its patients (Jennifer). Contrary to the Privacy Rule protections for information sought for administrative or judicial proceedings, the hospital failed to determine that reasonable efforts had been made to insure that the individual whose PHI was being sought received notice of the request and/or failed to receive satisfactory assurance that the party seeking the information made reasonable efforts to secure a qualified protective order.
THIS IS THE DEFENDANTS RESPONSE…. PLEASE CORRECT!
Courtroom Drama: For the Defendant
Good Day to all.
We are here today because allegedly one of the AU Hospital employees disclosed Protected Health Information, (PHI), of one of the hospital’s patients. This was a reportedly “Impermissible Disclosure” of the patient’s PHI. The employee when handed the subpoena, the plaintiff, alleges the AU Hospital employee did not follow the Health Insurance Portability and Accountability Act (HIPAA) of 1996, where it states in section 33, that a patient’s PHI cannot be disclosed unless there is judicial and/or administrative proceeding that are requesting the information through the court or administrative tribunal. (HIPPA 33, 2016). Within this act, a subpoena for PHI is deemed a valid disclosure if the circumstances follow the guides in section 34 of the HIPAA where non-court subpoenas or disclosures can be given for one of six reasons. First, as required by law. Second, to identify a suspect in a crime. Third, in response to a law enforcement officer’s request. Fourth, to alert law enforcement of a person’s death. Fifth, when the organization believes a crime has occurred. In addition, sixth, because a medical emergency did not happen on the premises. (HIPAA 34, 2016) These major exceptions have a broad interpretation, and therefore, seen as a subpoena that is unsupported by court orders as a reasonable and logical response of disclosure of a PHI.
Since we do not know if this disclosure is because of the patient’s civil suit or for another patient’s litigation, we cannot tell if the following added to the debate between the plaintiff and the defendant. PHI, in the Rules of Civil Procedure, over rides the privacy regulations of HIPAA. The PHI becomes Public Domain and privacy is, therefore, not in question. (Buchanan, 2005). The broad strokes of the HIPPA laws leaves many possible loopholes for those that choose to exploit them. In fact, under HIPAA, patients cannot prevent their information from disclosures by refusing to sign the HIPAA form or otherwise withhold their consent. (Sobel, 2007). The terms of HIPAA drafted in the company policies with their interpretations of those policies, leaves open the possibilities for the litigation. This paradox encourages the healthcare organizations to spell out the HIPAA guided policies; therefore, allowing the spirit of the HIPAA guidelines have more substance.
Confidentiality and privacy have a long history in the medical conscious. Direction from the American governmental agencies to list and define the Patient’s Bill of Rights and the HIPAA guidelines for PHI, are the backbone for the healthcare organizations. (Bustillos, 2013) With even a question of impropriety, AU Hospital re-examined the Policy and Procedures for PHI disclosures. This new policy has AU Hospital with set steps that follows HIPAA guidelines to prove a subpoena’s judicial and/or administrative validation. This validation will accompany documentation to the presenter of this subpoena on the determination of the subpoena’s validity. AU Hospital established consequences for any employee that does not follow the policies on disclosures of PHI. These consequences can be from docking in pay and reporting to HIPAA regulators to dismissal. All AU Hospital employees have scheduling for education on disclosures of PHI. AU Hospital continues to advocate for the patient’s rights.
References:
Buchanan Jr., J. D. (2005). Subpoenas Duces Tacum vs HIPAA: Which Wins? Florida Bar Journal, 79(2), 39.
Bustillos, D. (2013). Understanding Health Care Ethics and Medical Law, Chapter 5.
HIPAA 33, (http://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.) accessed 1/20/16
HIPAA 34, (http://www/hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.) accessed 1/20/16
Sobel, R. (2007). The privacy rule that’s not. Hastings Center Report, 37(4) 40-52 11p
………………………Answer preview……………………
Public Hospital Corrects Impermissible Disclosure of PHI in Response to a Subpoena Covered Entity:
Defendant: good morning court. I am here to as the defendant in this case. I would like to describe to the court on what happened. As the plaintiff sought health care from our AU hospital, we off course got access to information that is private and protected; his health plan and mental information. Later, the defendant alleges that, one of this hospital doctors who, attended to him, who he suspects to be me disclosed his……………………………..
APA
400 words