Keeping medical information private is an important concern. Unauthorized disclosures of health information can have serious consequences for patients. These consequences range from damaged relationships with friends and family to disrupted careers. Individuals may have good reason for keeping their treatment for an illness, like a sexually transmitted disease or drug addiction, out of view from unsupportive family members. Employers who inadvertently learn about a job candidate’s health situation might decide to hire someone else. To protect patients from consequences like these, health privacy laws provide robust tools for them to protect their privacy rights.
The Privacy Rule under the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) restricts disclosures of individually identifiable health information by certain covered entities. These include most health care providers, providers of insurance and other forms of health benefits, and intermediary organizations that process health data for other businesses. The law protects information in a patient’s medical file, as well as the content of communications (whether oral, telephonic, or electronic), and billing information, among other things. Covered entities are required to adopt policies to protect information that falls within the law’s scope. Under HIPAA, disclosures may only be made under certain limited circumstances, primarily related to the patient’s care or to facilitate bill payments.
Someone who has had their HIPAA rights violated can file complaints against the offending organization with the U.S. Department of Health & Human Services. HIPAA protects patients who file complaints from retaliation. Note that although this administrative process may result in an examination of the offender’s practices, HIPAA doesn’t provide for a private cause of action, so the affected patient cannot sue a health care provider for HIPAA violations.
Note that the scope of “covered entities” under HIPAA does not capture employers unless they are also administering a health plan, such as administering a workers’ compensation program. Employers may end up with the health information of a job candidate or employee outside of the health plan context. For example, an employee may disclose a health condition to a manager to let the manager know about a job limitation the employee has. An employee may disclose a pregnancy in anticipation of filing a Family Medical Leave Act claim. Or a candidate may submit information through the pre-employment screening process, including the results of drug tests. Each of these circumstances may fall under a different set of standards than HIPAA. In general, employers are restricted in how they can use health information when making job-related decisions and may be subject to a claim of unlawful discrimination in some circumstances.
When a health privacy violation leads to serious consequences, it can be helpful to talk to an attorney about your options for seeking compensation. The law firm of Greenman Goldberg Raby Martinez represents clients in the Las Vegas area in cases involving personal injury, workers’ compensation, and other matters. If you think your health privacy rights have been violated, please contact us today for a free attorney consultation. Call us today at 702-388-4476 or contact us through our website.