YOU ARE HERE: LAT HomeCollections
(Page 2 of 2)

Her case shows why healthcare privacy laws exist

January 04, 2012|Michael Hiltzik

"As far as we're concerned, the patient gave that permission when she gave her records to California Watch and was quoted on the record," Hempling told me. "That waived her privacy."

Patient privacy experts disagree. Under the law, there's no such thing as an implied authorization by a patient for disclosure of personal records, said Linda Ackerman, a San Francisco expert in privacy law.

The office of civil rights of the U.S. Department of Health and Human Services, which enforces HIPAA, put it this way: "There is no 'waiver' that would apply to the release of a chart or medical record to the media without an individual's written authorization."

Several experts told me it doesn't matter if the hospital was trying to contradict misinformation provided by a patient (even if that's what Courtois did, which is debatable). Under the law, patients themselves can divulge anything they wish about their medical conditions and their treatment by a hospital. But a hospital's obligation is to keep its mouth shut. A desire to deflect bad PR is not an excuse. Even if they think they're in the right, the law says healthcare providers have to suffer in silence, the experts say.

Anthony Wright, executive director of the statewide patient advocacy group Health Access California, also mentioned the "chilling precedent" of a hospital company exposing a patient's personal information just because she criticized the company in public. Indeed, the lesson of the Courtois case is clear: Give an interview about your experience at a Prime-owned hospital, and don't be surprised if the hospital responds by exposing the most private details of your medical history to the world.

By talking to California Watch "my mom was trying to do the right thing and stand up for Medicare," Schmitz says. "Does that mean her life is an open book?"

Most HIPAA and CMIA cases involve sloppy handling of patient information. Often they result from the theft of a laptop filled with private data, or chart-snooping by low-level employees (such as the snooping into celebrity charts at UCLA that inspired the state law and got the university slapped with a federal penalty of $865,000).

No expert I reached could think of a case in which hospital executives deliberately made a patient's chart public without written authorization, which suggests that this case is prime for investigation. "This is really out of the norm," says Mark Savage, a senior attorney at Consumers Union in San Francisco.

HIPAA rules have been drummed into the heads of medical practitioners so deeply that it's hard to find a doctor today who doesn't walk on eggshells where patient privacy is concerned. But rules don't seem to have sunk in at Prime Healthcare. A corporate spokesman even emailed me an internal memo Hempling prepared bearing all sorts of details of Courtois' condition and treatment. Yet the spokesman, Edward Barrera, insists Prime and Shasta "have acted in accordance with HIPAA and state law at all times."

The behavior of Prime and Shasta Regional should provide rich fodder for investigations by state and federal agencies and by U.S. prosecutors in Sacramento, who cover Shasta County. Dr. McCampbell holds a California medical license issued in 2005, and it would be worthwhile for the state medical board to look into her participation in this matter and determine whether it meets the standards of professional conduct required of a California licensee.

As for the rest of the bigwigs at Prime and Shasta, plainly they all need to be shipped to a reeducation camp in the rules of patient confidentiality. If, that is, they can stay out of jail.

Michael Hiltzik's column appears Sundays and Wednesdays. His latest book is "The New Deal: A Modern History." Reach him at, read past columns at, check out and follow @latimeshiltzik on Twitter.

Los Angeles Times Articles