Today, the importance of privacy of medical records has never been greater, nor have the risks of invasion of your rights. Conversion of paper to electronic records means more people can access information, or illegally obtain it. In particular, our concern is the release of medical records though court cases. We’ll discuss your rights to protection, and legal recourse.
In West Virginia, a man went to a hospital. At some point during his treatment, a psychological examination took place. Someone working at the hospital with full access to his records, who was also a friend of his estranged wife turned over the records of his care to the ex-wife and her lawyer. Naturally, he sued the hospital. Shockingly, the hospital argued in court that because the Health Insurance Portability and Accountability Act (HIPAA) has no legal provisions for penalty of violations, the state courts had no jurisdiction. Fortunately, the justices of the West Virginia Supreme Court of Appeals are all to wise to such legal maneuvers and upheld the lower court’s decision to impose penalties.
Another case, also in West Virginia, which is becoming the nation’s champion of patient rights in legal cases, an individual struck in an auto accident was required to turn over her medical records in the discovery process to an insurer. The insurer was not a named party in the lawsuit, but needed the records for two purposes. First, to evaluate the claim; and second to ensure that the plaintiff was not listed in national databases of people who file habitual insurance claims.
The judge in the local court, on hearing a petition from plaintiff’s counsel, granted a protective order, compelling the insurer to return or destroy records in its possession after a period of five years, which is the retention period set under West Virginia statute. The insurer sued the judge in an effort to send a loud message to judges around the nation that they don’t want to be held back by judicial control of their business.
Shortly after, the same judge issued another protective order in a different case. Following in the path set by the first case, another insurer sued the same judge. In both cases, the West Virginia Supreme Court of Appeals upheld the lower courts right to protect the privacy rights of the individual over the needs of any insurer. Some may say this was just a good ol’ boys effort to protect a fellow judge. Not so.
The West Virginia Supreme Court of Appeals has been on the cutting edge of this issue, invariably seeking to protect the rights of citizens against the wishes of businesses of any nature. In all, three cases were heard by the court, resulting in a petition by the two insurers to the United States Supreme Court for a writ of certiorari.
The United States Supreme Court wisely determined that they would not grant the petition, leaving the West Virginia Supreme Court’s rulings intact.
Many most interesting facts came to light in these hearings, which still leaves the rights of citizens in jeopardy. For example, despite the decision of the West Virginia courts, the insurers are regulated primarily in their state of domicile. In both cases, Illinois. The record retention period for these medical records is longer than in West Virginia. So, despite the protective orders, insurers may transfer the records electronically to the databases maintained in Illinois, outside the reach of the West Virginia courts and may keep them for as long as the Illinois retention requirement, or longer.
Another tidbit that has escaped the purview of the American media is that insurers handling the records are not limited to their own retention, but often provide the records to independent third party companies for evaluation. This may include doctors, claims adjusters (not employees), or other specialist contractors. There is no accountability to the patient, whether plaintiff or defendant, about where their records are going, despite the restrictive language of the protective order.
Insurers are also counting on the ‘forgetfulness’ factor. Even if a protective order is granted, they’re hoping people will just forget the end period of the order, and ignore the compliance or non-compliance of the insurer. Likely, they’re correct.
The insurers have a right to information about any claimant, solely for the purposes of evaluating the validity of the claim and to prevent insurance fraud. That said, the format of the information does not have to be full or partial medical records. Candidly, if someone’s involved in an accident of any kind, their entire medical history is not relevant, nor even important. An individual who was walking down the street and hit by construction material falling from a building site shouldn’t have to release their history of gall stones five years ago, because that condition could never have impacted or caused the incident or mitigated its outcome.
There is a reasonable alternative.
Insurers should accept a medical fact file, prepared by counsel, providing relevant information that deals solely with the post-accident medical condition of the individual, and any mitigating conditions such as blindness, drug addiction, deafness, etc. Attorneys should also enable insurers to examine, in discovery, without release, the patient’s records, under strict supervision, without opportunity to photograph, scan or retain any of the records of any patient. Doctors should be prohibited from release of the records and only permitted to release to any insurer, other than a health insurance carrier for their patient, a summary, of conditions, and any bills for medical care.
A national standard for record retention should be established by the Congress, as well as a required purge of existing databases and records. The case of the gentleman in that West Virginia hospital clearly shows that despite the best intentions, medical records can very easily be inappropriately released.
Additionally, in civil or criminal cases, in the discovery process, insurers should be required to provide to counsel the names, addresses, phone numbers and other information for anyone in the employ or service of the insurer in evaluating the claim. This is particularly important because many of the individuals providing services to the insurers place the records on laptops, tablets, PDAs, or smartphones, carrying them about with them all over. There’s nothing to stop some smart hacker from downloading the information and then releasing them or using them for purposes of blackmail, intimidation or other illegal purposes.
Lastly, criminal and civil penalties should be established enabling lawyers to prosecute cases where the insurers, or their agents, or anyone else, violates the privacy of an individual’s medical records. Keeping in mind that the records belong solely to the individual, not the doctor, lawyers or insurers, it seems only proper and fair that there is some protection and recourse for that material. The federal perjury laws should also be applied to any false statements made about the release of records.
The risks inherent in excessive access to your medical records are gargantuan in nature. Everything from your home ownership, car insurance, even your marriage and family life are at risk. The information can easily be misused or used against you in unscrupulous ways by those intent on doing harm. We urge everyone to demand legislation be enacted to strongly protect your rights to privacy of medical data and records.