By Erin Sherbert
By Erin Sherbert
By Leif Haven
By Erin Sherbert
By Chris Roberts
By Kate Conger
By Brian Rinker
By Rachel Swan
Don't worry; we'll protect yours:While we share your interest in protecting the privacy of medical information, Peter Byrne's recent article was unfortunately filled with errors and misinformation about both the federal Health Insurance Portability and Accountability Act (HIPAA) and what our office is doing to implement it ["Big Doctor Is Watching," May 28].
Rather than reducing protections for individuals' health information as the article claims, HIPAA creates a high national privacy standard for the first time in the United States. Moreover, this standard is a floor rather than a ceiling. Thus, the public gains the benefit of whichever combination of state law and HIPAA that provides the most protection of health information.
My office is working and consulting with consumer groups and privacy advocates keeping California in the forefront of protecting privacy. The bill referred to in the article, Senate Bill 583, is intended to raise state law standards in areas where HIPAA is stronger. The version of the bill mentioned in the story simply does not exist.
Perhaps the greatest inaccuracy in the article is its implication that HIPAA creates new authority for law enforcement to gain access to a person's records by simply flashing a badge. Not true. Furthermore, the article does not acknowledge either the steps that a plain reading of the privacy regulation require law enforcement to go through to access information in a case, or the severity of the penalties for violation, with the worst offenders facing 10 years in prison and a $250,000 fine.
The right to privacy is precious and must be guarded with vigilance. However, in mischaracterizing HIPAA, your article does a disservice to the public's understanding of the impact of HIPAA and how to use it to further the goal of privacy protection.
Burt R. Cohen
California Office of HIPAA Implementation (CalOHI)
Peter Byrne replies: Cohen says it is not true that a law enforcement official may obtain a medical record by "flashing a badge." Experts quoted to that effect in my article included Paul S. Appelbaum, outgoing president of the American Psychiatric Association and a leading authority on HIPAA, and Robert Gellman, an attorney who helped draft HIPAA. They based their assertion on two provisions in HIPAA.
One authorizes law enforcement officials to simply ask a doctor or an HMO for medical data without obtaining a subpoena. A related provision authorizes doctors and HMOs to hand over medical records to law enforcement upon a verbal request if they can verify that the disclosure "is to a public official or a person acting on behalf of the public official. If the request is made in person, presentation of an agency identification badge, or other official credentials, or other proof of government status [is sufficient verification]."
Cohen says SB 583 "is intended to raise state [privacy] law standards in areas where HIPAA is stronger. The version of the bill mentioned in the story simply does not exist." One of the legal experts quoted in my story, Professor Richard Turkington of Villanova University Law School, a nationally respected expert on this aspect of HIPAA, found that SB 583 "nullifies" strong privacy protections in California's constitution and statutes because it contains the following loopholes: 1) State agencies may disclose personal information "to a governmental entity when required by state or federal law," including HIPAA, or 2) "disclosure is to a law enforcement or regulatory agency [engaged in] an investigation of an unlawful activity."
In other words, SB 583 allows HIPAA to trump more protective California law by allowing state officials to turn over medical records without a court order. According to these experts, the CalOHI authors of SB 583 had an opportunity to reverse HIPAA's deletion of the strong privacy protections enshrined in the Fourth Amendment to the U.S. Constitution but declined to do this. The state legislative counsel agreed that SB 583 needs to be rewritten in this light.
It is interesting that Cohen is willing to talk about SB 583 now. When I asked his office to respond to these critiques, I was informed that CalOHI "does not comment on pending legislation." Nor would Cohen comment on whether state officials must honor verbal requests for medical records from law enforcement or national intelligence officials.
Kudos:Peter Byrne deserves an award for this outstanding story. Pulitzer, Polk, you name it. Tell me where to send in my nomination.
Does your writer know the difference?: Matt Smith's May 21 column "SFO My God" names me in two places, one correctly, and the other incorrectly. I write to demand a retraction of the second, incorrect and potentially libelous statement.
The public records of the city, including Board of Supervisors' legislation and budget analyst's report, do reflect I provided legal advice to the city in about 1997 in connection with the creation of the city's private, for-profit corporation named SFO Enterprises Inc. I simply performed my responsibilities as deputy city attorney. Mr. Smith has that part right.
Subsequently in the article, Mr. Smith states:
"By Martin, Costas, and Rosales' own logic, therefore, the blending of taxpayer and SFO Enterprises money exposed San Francisco to potentially massive liability from the corporation's operations in Tegucigalpa, home of the world's most dangerous airport."