MedCity Influencers

Leaks about Prince’s death might be HIPAA violations

TMZ said that doctors gave Prince treatment “typically administered to counteract the effects of an opiate.” TMZ has since reported that the treatment was given by EMTs in response to a Percocet overdose.

Prince & 3RDEYEGIRL "HitnRun" Tour - Toronto

Following Prince’s sudden death on April 21, media speculation about the causes surrounding the event have already begun to circulate widely.

TMZ has reported that the artist was treated for a drug overdose just six days prior to his death. His private jet was reported to have made an emergency landing in Moline, Illinois, where Prince was taken to a hospital just hours after performing in Atlanta.

TMZ cited “several sources in Moline” in their report, saying that doctors gave him treatment “typically administered to counteract the effects of an opiate.” TMZ has since reported that the treatment was given by EMTs in response to a Percocet overdose.

While the story itself does not constitute a HIPAA violation, the question remains surrounding the integrity of the information that TMZ received in their reporting. If medical professionals or hospital staff disclosed the information about the potential drug overdose, then that would be considered a serious breach of Prince’s rights under the HIPAA privacy rule.

The unauthorized disclosure of patients’ protected health information is strictly prohibited by federal regulation. The Department of Health and Human Services’ Office for Civil Rights released specific guidance on the issue of PHI and media releases, stating that:

Health care providers cannot invite or allow media personnel […] into treatment or other areas of their facilities where patients’ PHI will be accessible in written, electronic, oral, or other visual or audio form, or otherwise make PHI accessible to the media, without prior written authorization from each individual who is or will be in the area or whose PHI otherwise will be accessible to the media.  Only in very limited circumstances […] does the HIPAA Privacy Rule permit health care providers to disclose protected health information to members of the media without a prior authorization signed by the individual.

Celebrities and individuals who have a strong public presence who experience health crises or deaths are often subject to intense media scrutiny and reporting in the aftermath of these events.

Back in July of 2015, a similar scenario played out when New York Giants player Jason Pierre-Paul’s medical records were unlawfully disclosed after being tweeted by an ESPN reporter. But because the records weren’t leaked by a healthcare professional, the tweet technically does not constitute a HIPAA breach, and OCR cannot step in to remediate the leak.

The same reasoning holds true for TMZ’s story. If, upon further reporting, it becomes apparent that a medical professional was responsible for leaking the story, then the hospital could potentially be at fault for violating Prince’s rights under the HIPAA privacy rule. However, as it stands, TMZ and other news media outlets reporting this, or similar stories, cannot be charged with violating HIPAA.

Photo: Cindy Ord/Getty Images for NPG Records 2015


Avatar photo
Avatar photo

Frank Sivilli

Frank Sivilli is the editorial director of Blog HIPAA and content and marketing manager at the Compliancy Group.

This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.

Shares0
Shares0