February 10, 2014 - Updated February 11, 2014
Federal complaint alleges St. Rose Hospitals violated patient privacy
By STEVEN SLIVKA
LAS VEGAS REVIEW-JOURNAL
Dignity Health, the owner of St. Rose Dominican Hospitals, is facing a federal complaint alleging it violated patient privacy by using patient records as leverage in a contract dispute.
According to a Monday announcement from the Nevada Health Services Coalition, Dignity Health used patient records to contact those with coalition member plans after agreements between the two agencies fell through in January, something it contends violates the Health Insurance Portability and Accountability Act, or HIPAA. The complaint was filed with the U.S. Department of Health and Human Services Office of Civil Rights.
The complaint contends St. Rose contacted former patients in an attempt to persuade them to take action with their health plans favorable to St. Rose. The complaint also said that St. Rose claimed their actions were simply to be “informative.”
“It’s our position that patient data collected in the course of medical treatment should not be used to lobby or gain leverage in contract negotiations,” said Christine Carafelli, executive director of the coalition.
The Nevada Health Services Coalition is a nonprofit entity that negotiates hospital contracts for discounted health care service rates for 19 member group organizations, totaling approximately 230,000 Nevada residents.
A spokesperson for St. Rose said they would issue a statement on Tuesday.
The coalition is accusing the St. Rose hospital group (a division of Dignity Health) of using patient records to contact patients to urge them to lobby for the hospital in contract negotiations.
2. The HIPAA privacy rule and its exceptions (viewable at http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/, section under "Permitted Uses and Disclosures") would preclude the use of patient's private and protected information in an EHR for selective solicitation for lobbying on behalf of the hospital;
No amount of soothing, deflecting executive language and shifting of the discussion can change that, and a full disclosure accounting would be proper.
(I note the HIPAA privacy rules do not state "For informational purposes only. Use patient information however you want if you trust your employees and you think the risk is low..")
The segment audio is online here: http://www.knpr.org/son/archive/detail2.cfm?SegmentID=10939
Feb. 14, 2014 Addendum:
A thought experiment demonstrates just how far from propriety, in my opinion, this affair is:
If a hospital can use confidential information in this manner, to enlist patients as de facto lobbyists regarding an insurer, then why could not a hospital use other data - e.g., patients' disease burden, smoking status or even sexual orientation to ask them to lobby, say, a politician to gain some advantage, such as certificate-of-need approval for expansion, or anti-competitive legislation? Or, to ask patients to participate in political activities for/against some politician or group that might hold views or conduct activities favorable/unfavorable to the hospital's interests?