Quote:
Originally posted by Atticus Grinch
The "of course" part is the rub. Since the DOJ doesn't comment on pending litigation, I assume that the DOJ's contention that it wasn't seeking patient-identifying information in these 40 files was an argument made to the court, not just to the press. And yet the judge found that it would have violated HIPAA.
I've read medical files, too. It's hard to redact all of the identifying info, esp. when a complete medical history is taken before a procedure involving anesthesia.
|
But it's fairly easy to remove the identifying info under HIPAA. Make sure that all 18 identifiers are out of there, and then double check for the "other identifing code or characteristic," and you're done.
The DoJ had at least three ways of obtaining the information under HIPAA's privacy provisions. The problem, though, is that the preemption language in HIPAA requires the covered entity to look to the more restrictive of state or federal law for each disclosure. In this fact pattern, Illinois state law was much more restrictive than HIPAA, and therefore, state law preempted HIPAA.
The HIPAA violation was through the preemption provision of the law. If the privacy rule in HIPAA had been applied to the request, the records should have been surrendered.
http://www.nysd.uscourts.gov/courtwe...C/04-01090.PDF
