February 10, 2014 – Updated February 11, 2014
Federal complaint alleges St. Rose Hospitals violated patient privacy
By STEVEN SLIVKA
LAS VEGAS REVIEW-JOURNAL
Dignity Health, the owner of St. Rose Dominican Hospitals, is facing a federal complaint alleging it violated patient privacy by using patient records as leverage in a contract dispute.
According to a Monday announcement from the Nevada Health Services Coalition, Dignity Health used patient records to contact those with coalition member plans after agreements between the two agencies fell through in January, something it contends violates the Health Insurance Portability and Accountability Act, or HIPAA. The complaint was filed with the U.S. Department of Health and Human Services Office of Civil Rights.
The complaint contends St. Rose contacted former patients in an attempt to persuade them to take action with their health plans favorable to St. Rose. The complaint also said that St. Rose claimed their actions were simply to be “informative.”
“It’s our position that patient data collected in the course of medical treatment should not be used to lobby or gain leverage in contract negotiations,” said Christine Carafelli, executive director of the coalition.
The Nevada Health Services Coalition is a nonprofit entity that negotiates hospital contracts for discounted health care service rates for 19 member group organizations, totaling approximately 230,000 Nevada residents.
A spokesperson for St. Rose said they would issue a statement on Tuesday.
The segment has now completed. It was hosted by Dave Becker of KNPR.
local organization of union, casino and local government health funds
who bargain together for maximum
leverage, participated, as did a hospital VP.
The coalition is accusing the St. Rose hospital group (a division of
Dignity Health) of using patient records to contact patients to urge
them to lobby for the hospital in contract negotiations.
I was asked for an opinion on the acceptability of access to patient information in an organization’s EHR systems (including PHI such as name, address and other contact information) for purposes of soliciting the patients to lobby the insurers on behalf of the healthcare organization for better terms.
My opinion was clear, which I summarize as follows:
2. The HIPAA privacy rule and its exceptions (viewable at http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/, section under “Permitted Uses and Disclosures“) would preclude the use of patient’s private and protected information in an EHR for selective solicitation for lobbying on behalf of the hospital;
3. Who accessed the patient information, and exactly what they accessed, is not clear, and an electronic audit trail needs to be disclosed as to these issues;
5. The hospital could have accomplished such goals transparently, safely, and without access to private health information, by putting an ad on the radio (or newspaper etc.), or mailing a general newsletter such as I often receive from area hospitals, even hospitals where I was never a patient.
amount of soothing, deflecting executive language and shifting of the
discussion can change that, and a full disclosure accounting would be
(I note the HIPAA privacy rules do not state “For informational purposes only. Use patient information however you want if you trust your employees and you think the risk is low..“)
The segment audio is online here: http://www.knpr.org/son/archive/detail2.cfm?SegmentID=10939
Feb. 14, 2014 Addendum:
A thought experiment demonstrates just how far from propriety, in my opinion, this affair is:
If a hospital can use confidential information in this manner, to enlist patients as de facto lobbyists regarding an insurer, then why could not a hospital use other data – e.g., patients’ disease burden, smoking status or even sexual orientation to ask them to lobby, say, a politician to gain some advantage, such as certificate-of-need approval for expansion, or anti-competitive legislation? Or, to ask patients to participate in political activities for/against some politician or group that might hold views or conduct activities favorable/unfavorable to the hospital’s interests?