HIPAA Violation
#2
Privacy Rule
The HIPAA Privacy Rule regulates the use and disclosure of protected health information (PHI) by "covered entities." These entities include health care clearinghouses, health insurers, employer-sponsored health plans, and medical providers. Upon request, covered entities must disclose PHI to an individual within 30 days. Entities mentioned earlier must provide and disclose PHI as required by law enforcement for the investigation of suspected child abuse.
The HIPAA Privacy Rule regulates the use and disclosure of protected health information (PHI) by "covered entities." These entities include health care clearinghouses, health insurers, employer-sponsored health plans, and medical providers. Upon request, covered entities must disclose PHI to an individual within 30 days. Entities mentioned earlier must provide and disclose PHI as required by law enforcement for the investigation of suspected child abuse.
- Covered entities may disclose PHI to law enforcement if requested to do so by court orders, court-ordered warrants, subpoenas, and administrative requests.
- A covered entity may reveal PHI to facilitate treatment, payment, or health care operations without a patient's written authorization.
- Any other disclosures of PHI require the covered entity to obtain prior written authorization.
- When a covered entity discloses PHI, it must make a reasonable effort to share only the minimum necessary information.
- The Privacy Rule gives individuals the right to demand that a covered entity correct any inaccurate PHI and take reasonable steps to ensure the confidentiality of communications with individuals.
- The Privacy Rule requires covered entities to notify individuals of PHI use, keep track of disclosures, and document privacy policies and procedures.
#5
Gets Weekends Off
Joined APC: Feb 2008
Posts: 19,273
Not entirely true. Airlines have and can request health data. I had Delta airlines release health information on me that they required after a return to work from surgery. They we're definitely in violation of the law.
#6
Law applies to health care providers, who generate or acquire your health info in their course of business.
DAL is not a healthcare provider, the only way they got your info is if YOU gave it to them. Not covered by HIPAA (might be some applicable state laws, more likely in CA than GA though).
Although if DAL was in the business of conducting FAA 1C medical exams with an in-house AME that might be different. But in this day and age anybody who even does that typically outsources to an actual healthcare provider (who could not share the info with any other party without your permission).
What did they do? Use the info to consult with the FAA?
#7
Gets Weekends Off
Joined APC: Feb 2008
Posts: 19,273
They probably were not.
Law applies to health care providers, who generate or acquire your health info in their course of business.
DAL is not a healthcare provider, the only way they got your info is if YOU gave it to them. Not covered by HIPAA (might be some applicable state laws, more likely in CA than GA though).
Although if DAL was in the business of conducting FAA 1C medical exams with an in-house AME that might be different. But in this day and age anybody who even does that typically outsources to an actual healthcare provider (who could not share the info with any other party without your permission).
What did they do? Use the info to consult with the FAA?
Law applies to health care providers, who generate or acquire your health info in their course of business.
DAL is not a healthcare provider, the only way they got your info is if YOU gave it to them. Not covered by HIPAA (might be some applicable state laws, more likely in CA than GA though).
Although if DAL was in the business of conducting FAA 1C medical exams with an in-house AME that might be different. But in this day and age anybody who even does that typically outsources to an actual healthcare provider (who could not share the info with any other party without your permission).
What did they do? Use the info to consult with the FAA?
I actually ended up with two different first class medicals from two different FAA sections. Not long after had the FAA show up and ask for credentials. I asked him which medical he wanted, my southern or northern medical! He was a bit perplexed!
#8
Disinterested Third Party
Joined APC: Jun 2012
Posts: 6,026
That does sound like a nightmare, but not a HIPAA issue.
It's also a violation of FAA procedure on seeral levels, and certainly an ethical lase on the part of grand old Delta.
Of course, you worked through an attorney, your union, and a medical consultation service?
It's also a violation of FAA procedure on seeral levels, and certainly an ethical lase on the part of grand old Delta.
Of course, you worked through an attorney, your union, and a medical consultation service?
#9
Gets Weekends Off
Joined APC: Feb 2008
Posts: 19,273
I worked through all 3. The attorney wanted to sue Delta and stated it was a Hippa issue. It gets more complex because I had to have the same surgery on my other ear later. Being bilateral blew everyone's mind. In the same day I got a letter removing me from disability because I could hold a class 1 medical and a letter denying my return to work from Delta's doctor. Fun times!
#10
I guess the legality would hinge on what a "health department" is.
If they just asses employees fitness for duty, OJI claims, etc then they might not be a "health care provider". Even doing an FAA 1C exam could likely fall under "assessment", not "care".
Also would depend on the conditions under which you disclosed the info to DL, if there wasn't an actual or implied authorization to share that info it could be a violation... maybe that's what the lawyer was getting after. Again, varies by state.
HIPAA is like the 1st amemndent... you have to understand what exactly it means, and it's not intuitive. I belabor this for the benefit of others who might read this.
If they just asses employees fitness for duty, OJI claims, etc then they might not be a "health care provider". Even doing an FAA 1C exam could likely fall under "assessment", not "care".
Also would depend on the conditions under which you disclosed the info to DL, if there wasn't an actual or implied authorization to share that info it could be a violation... maybe that's what the lawyer was getting after. Again, varies by state.
HIPAA is like the 1st amemndent... you have to understand what exactly it means, and it's not intuitive. I belabor this for the benefit of others who might read this.
Thread
Thread Starter
Forum
Replies
Last Post
kymiller0593
Flight Schools and Training
2
12-16-2013 04:45 PM