HIPAA Privacy – Executive Speech Likely Violated HIPAA Privacy Rules
Late in May, Iowa’s largest health-insurer, Wellmark Blue Cross & Blue Shield, cited a case of a 17-year-old boy with hemophilia who had $1 million of monthly prescription costs as an example of increasing health care costs to the 100+ attendees of a Des Moines Rotary Club meeting.
Describing a patient to an audience (or anyone, for that matter) in a way that could directly identify the individual is a significant privacy concern, and a likely HIPAA violation. HIPAA generally does not allow for information to be shared about patients and insureds if “there is a reasonable basis to believe that the information can be used to identify the individual.”
Given the gender, age and health problem of the patient was provided, in a community where such information can be used to pinpoint an individual with this amount of data, there is a potential HIPAA Privacy violation here, that may result in a penalty and possibly a civil suit to follow. It will be interesting to see how this plays out.
A HIPAA Privacy Training program is critical to ensure all employees are aware of the privacy rules and how to handle PHI in situations like this. Although this was a very specific case that may not be addressed in a single training session, and effective HIPAA Privacy Training program should include regular ongoing sessions that cover Privacy rules, employees responsibilities in handling PHI and different scenarios and case studies to prepare employees for unexpected situations like this.
Employees at all levels, especially executives that speak in public forums should not release any type of information to the public that could be used to specifically identify an individual; this goes beyond consideration of just specific types of individual data items.
More information about this topic can be found at these articles:
com/blogs/giving-speech-be- careful-about-privacy- violations-p-2486
erikdbwestlund/the-story-of- the-1-million-per-month-iowa- teen-with-hemophilia-outed-by- a-health-insurance- cb47d6bd66a5
com/story/news/health/2017/05/ 31/hemophilia-patient-costing- iowa-insurer-1-million-per- month/356179001/