The Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) established a national standard for the protection of certain health information. Specifically, the HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI). Because healthcare fraud constitutes a major component of our practice as well as a significant portion of whistleblower cases nationally, clients that are healthcare providers are often concerned about their obligations not to disclose PHI to their attorney as it may violate HIPAA. These legitimate concerns need to weighed against a whistleblower’s obligation to file a pleading with sufficient specifics about a fraudulent scheme. HIPAA actually includes a whistleblower exception under the Code of Federal Regulations, 45 C.F.R. § 164.502 that provides as follows:
(j) Standard: Disclosures by whistleblowers and workforce member crime victims.
(1) Disclosures by whistleblowers. A covered entity is not considered to have violated the requirements of this subpart if a member of its workforce or a business associate discloses protected health information, provided that:
(i) The workforce member or business associate believes in good faith that the covered entity has engaged in conduct that is unlawful or otherwise violates professional or clinical standards, or that the care, services, or conditions provided by the covered entity potentially endangers one or more patients, workers, or the public; and
(ii) The disclosure is to:
(A) A health oversight agency or public health authority authorized by law to investigate or otherwise oversee the relevant conduct or conditions of the covered entity or to an appropriate health care accreditation organization for the purpose of reporting the allegation of failure to meet professional standards or misconduct by the covered entity; or
(B) An attorney retained by or on behalf of the workforce member or business associate for the purpose of determining the legal options of the workforce member or business associate with regard to the conduct described in paragraph (j)(1)(i) of this section.
There have been a few court cases that have recently discussed HIPAA confidentiality requirements and the exception above in the context of the False Claims Act (Qui Tam) actions.
In the case of Howard ex rel. U.S. v. Arkansas Children's Hosp., 2015 WL 4042170, the United States District Court for the Eastern District of Arkansas considered a case where the plaintiffs were fired after raising concerns about Arkansas Children's Hospital’s billing practices to the federal government. The plaintiffs obtained a large amount of personal health information for the facility’s patients in the course of their duties. They retained that information after they were terminated and subsequently disclosed that information to an attorney in anticipation of the case.
It appears that there was no dispute that the Arkansas Children's Hospital was a “covered entity” and that the plaintiffs were members of its workforce or business associates of this entity before they were terminated. The court found that is was unclear whether the plaintiffs disclosed the personal health information to their attorney before or after their respective termination; however, it also found that there is no dispute that the plaintiffs acquired the information in the course of their employment. The court went on to find that the plaintiffs believed that hospital had acted unlawfully, violated professional or clinical standards, or that it had endangered patient safety. The court ultimately found that the plaintiffs qualified as whistleblowers under the HIPAA regulations as their disclosure to their attorneys was for purposes of determining their legal options with regard to their concerns.
In a separate case, the Federal District Court for the Northern District of Illinois considered a defense attorney’s conduct at a deposition wherein he continually pressed the plaintiff about her HIPAA obligations. In the case of United States ex. rel. Baltazar v. Warden, 302 F.R.D. 256 (N.D. Illinois, 2014), the plaintiff claimed that defense counsel acted inappropriately and unprofessionally at her deposition. Specifically, the plaintiff accuses defense counsel of, among other things, repeatedly accusing her of violating HIPAA by disclosing patient records to the U.S. Attorney's Office and her attorneys. The plaintiff contended that her conduct was protected under HIPAA's whistleblower exception, 45 C.F.R. § 164.502(j)(1). The court seemed to give credence to this argument and, further stated that regardless of whether the plaintiff’s transfer of patient information was entitled to the protection of the HIPAA whistleblower provisions, defense counsel improperly harassed the plaintiff by repeatedly accusing her of engaging in illegal behavior. The court stated that the
case [was] not about whether [the plaintiff] violated HIPAA or had a legal right to take the patient records; it [was] about Defendants' alleged violation of the False Claims Act, 31 U.S.C. § 3729, et seq., and the Illinois Insurance Claims Fraud Prevention Act, 740 ILCS 92/15(a), by submitting false claims to Medicare and private insurers. Repeatedly accusing [the plaintiff] of illegally copying patient records was out-of-line and unacceptable. The obvious purpose of [defense counsel’s] repeated questions was to intimidate and scare [the plaintiff].
As a result of this conduct, the court issued a protective order to protect the plaintiff from similar conduct and ordered defense counsel to, among other things: be courteous, respectful, and civil to all other counsel and witnesses; not characterize or comment on any answer given by a witness; and, not engage in any argument with the witness or opposing counsel.
These cases illustrate the willingness of the courts to extend the whistleblower protections under the HIPAA statute in the appropriate circumstances. If you are aware of healthcare fraud or other fraud against the government and would like to discuss this with an attorney, please contact the AntiFraud Law Group today. We accept cases from whistleblowers living in all parts of the country.