Last January, a woman in California says she was billed by a hospital for a treatment she never received. She took her complaint to the folks at California Watch, who published a story about her predicament. But when a local newspaper went to verify the information, the hospital’s CEO had absolutely no problem showing up at the reporter’s door to rifle through that patient’s file without her permission.
According to the editor of the Redding Record Searchlight, the area newspaper working on the follow-up story, both the hospital’s CEO and its chief medical officer came to the paper’s office to go over, in detail, the patient’s medical records to highlight what it saw as inaccuracies with the California Watch story. Following this meeting, the paper chose not to run a story.
But the L.A. Times’ Michael Hiltzik believes the hospital’s actions may have crossed a line, as there are California and federal laws prohibiting hospitals from making patient information public without written permission:
There are a few limited circumstances in which a healthcare provider doesn’t need permission. Chiefly these fall into the categories of “treatment, payment and healthcare operations” — in other words, charts can be seen by doctors treating the patient or insurers paying for care, or in connection with hospital functions such as evaluating doctors’ competency — and regulatory activities or subpoenas.
You’ll notice that nowhere in there does it state “providing information for a newspaper report.”
The patient’s daughter, who has power of attorney over her mother’s dealings, says there was no effort made to seek permission to view the medical records. But the CEO tells Hiltzik he didn’t need permission because she had shown her records to reporters for California Watch.
“As far as we’re concerned, the patient gave that permission when she gave her records to California Watch and was quoted on the record,” the CEO explains. “That waived her privacy.”
But privacy experts tell Hiltzik that there’s no such thing as an implied authorization by a patient for disclosure of personal records.
In fact, the office of civil rights of the U.S. Department of Health and Human Services, which enforces HIPAA, states, “There is no ‘waiver’ that would apply to the release of a chart or medical record to the media without an individual’s written authorization.”
Even so, a rep for the hospital tells the Times that it has “acted in accordance with HIPAA and state law at all times.”
The patient’s daughter says, “my mom was trying to do the right thing [by talking to California Watch] and stand up for Medicare…. Does that mean her life is an open book?”
Her case shows why healthcare privacy laws exist [L.A. Times]