Does the healthcare industry still need a refresher in the HIPAA privacy rule?
The Internet was abuzz Wednesday evening after ESPN pro football reporter Adam Schefter tweeted this photo of a medical record supposedly showing that New York Giants player Jason Pierre-Paul had had a finger amputated.
ESPN obtained medical charts that show Giants DE Jason Pierre-Paul had right index finger amputated today. pic.twitter.com/VI5cbS1uCw
— Adam Schefter (@AdamSchefter) July 8, 2015
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
Pierre-Paul reportedly injured his right hand after lighting fireworks at his Florida home on July 4. He was said to have been taken to the Broward Health North hospital in Deerfield Beach, Fla. Someone at the hospital likely leaked the record to ESPN. Unless Pierre-Paul himself gave consent, that’s a serious no-no.
“HIPAA” started trending on Twitter, and some wondered if Schefter had broken the law.
This is illegal. Nice going
RT @AdamSchefter: ESPN obtained medical charts that show Giants DE Jason Pierre-Paul had index finger amputated.— Rob Parker (@parkerdigital) July 9, 2015
@AdamSchefter You just violated JPP's rights as an American. Congrats? It would have come out eventually, but there's no low to low 4u.
— Omar Niamatali (@soopnan) July 9, 2015
Schefter did not. As USA Today correctly reported, HIPAA does not apply to news media in such a case. However, unless Pierre-Paul consented, someone at the hospital — a “covered entity,” in HIPAA parlance — likely did violate the privacy rule.
According to SB Nation, the NFL’s collective-bargaining agreement with the players’ union includes a HIPAA waiver for records to be released to each player’s team, not to the media or the public. (SB Nation cited Healthcare IT News on that one, from a presentation the league’s CIO gave at HIMSS15.)
If it was a hospital employee who leaked the record, that person should be fired and either sued or prosecuted. And healthcare providers nationwide need to remind every employee who has access to patient records that unauthorized peeking at the health data of famous people who come in for care will not be tolerated.
Remind healthcare workers of the $865,500 fine UCLA Health System had to pay in 2011 for snooping involving Farrah Fawcett, Tom Cruise and other Hollywood types. Share the story of the 27 employees of Palisades Medical Center in North Bergen, N.J., who were suspended in 2007 for violating the privacy rights of George Clooney.
And while they’re at it, teach the healthcare industry that HIPAA explicitly gives patients the right to obtain copies of their own records. That seems to have been forgotten as well.
Hours before Schefter’s revelation about Pierre-Paul, the Get My Health Data campaign tweeted this photo from the White House Champions of Change event on precision medicine.
Gotta get a pic @WhiteHouse #PrecisionMedicine #WHChamps event! @Fridsma @aneeshchopra @MsWZ #GetMyHealthData pic.twitter.com/Vp3Ib8S8HR
— GetMyHealthData (@GetMyHealthData) July 8, 2015
I found this ironic because the movement started after the Obama administration proposed lowering the requirement in Meaningful Use Stage 2 regulations that providers engage 5 percent of patients “view, download or transmit” their electronic health data down to just a single patient. I tweeted as such after I saw the photo.
I didn’t get quite the response I had hoped. Instead, health IT industry watcher Margalit Gur-Arie criticized the whole Meaningful Use engagement requirement.
.@nversel @GetMyHealthData Nope. Shouldn't have to coerce people to force other people to exercise their rights
— Margalit Gur-Arie 🇺🇸🕊 (@margalitgurarie) July 8, 2015
To me, this exposed another twisted application of HIPAA, that hospitals and medical practices are using the law as an excuse to deny access rather than to enable it.
@margalitgurarie @GetMyHealthData Providers are doing a horrible job of educating people of their right to access. #HIPAA
— Neil Versel (@nversel) July 8, 2015
How did the industry get it so wrong, and what will it take to fix these serious problems?