In the wake of changes made to HIPAA and HITECH regulations last year, doctors and medical professionals need to be more careful than ever about the information they provide to anyone—including law enforcement officials and other outside parties. HIPAA regulates the collection, use, storage, and sharing of all confidential information about a specific patient. This private health information, known as PHI, is a personal disclosure between doctor and patient, and is subject to several confidentiality laws and procedures. But the rules for disclosing PHI can become complex when law enforcement officials and ongoing investigations are involved, medical malpractice defense lawyers in Florida, Georgia, New York and New Jersey say.
The Fourth Amendment to the U.S. Constitution protects all citizens’ “persons, houses, papers, and effects” from unreasonable search and seizure, which includes the unauthorized or unnecessary perusal of personal, confidential health information. The Amendment goes on to say that such information must be protected until probable cause and, if necessary, a court-ordered warrant, can be obtained. Although “privacy” is not specifically listed in the Amendment, its inclusion is clear. A person has an expectation of privacy when providing confidential information to his or her doctor, and that expectation extends far enough to make sharing this information a crime in most cases.
Medical data is comprised of the most personal information. Doctors must ask questions that range from personal habits and background to family history, to sometimes illegal activities such as drug or alcohol use. To compile a medical record, doctors may look into personal life—sexual orientation, living situation, eating habits—and private personality traits that a patient may want to keep confidential. These traits could be detrimental to a career or lifestyle if exposed. Because of its sensitive nature, PHI is heavily guarded, and rarely provided to outsiders such as police officers or federal agents. There are penalties on the criminal and civil level for releasing PHI without authorization.
However, most laws, including recent amendments made to HIPAA and HITECH regulations, include a “law enforcement exception” clause. Disclosures of PHI are permitted in certain scenarios that are deemed “reasonable” requests to search or investigate a patient. In most cases, the situation for needing the information dictates how much and what kind of PHI is provided. For example, a court order overrides the right or expectation to privacy, and doctors or nurses can expect that any PHI they give out will be similarly protected by law enforcement officers. Other exceptions include administrative subpoenas or investigative requests from the Board of Medicine. Limited information can sometimes be given out for purposes of identifying a suspect in an ongoing investigation, or a missing person.
At Lubell Rosen’s Coral Gables, Fla. office, partner Aldo M. Leiva, Esq. specializes in defending and counseling doctors and other medical professionals regarding HIPAA and HITECH regulations, including the appropriate disclosures of PHI. With a background in systems biology, Mr. Leiva has a strong knowledge of the technology used to collect and protect PHI in modern-day doctor’s offices and hospitals. If you have questions regarding the rules of HIPAA and PHI protection, contact Aldo Leiva at Lubell Rosen for a consultation today.