Close Server: KOPWWW05 | Not logged in


Old School Patient Confidentiality

Long before HIPAA was enacted, every state had enacted statutes to codify the physician-patient privilege.

A New Jersey provider of psychological and psychiatric services filed lawsuits against some of its patients because the patients have not paid their bills.  The lawsuits included the names of the patients, and the fact that the patients received mental health services in documents available to the general public.  Some of the patients were minors so the names of their parents were also included in the lawsuits.

At least one patient filed a compliant with the Department of Health and Human Services (HHS) Office of Civil Rights, which is responsible for enforcing the Health Insurance Portability and Accountability Act (HIPAA) privacy provisions.  However, the OCR could not take action against the New Jersey provider because it is not a "covered entity" for purposes of HIPAA.  Evidently, the New Jersey provider does not submit claims electronically.

Some reports of this incident expressed frustration that HIPAA and the OCR do not do enough to protect patient privacy.  How quickly we forget that patient information was confidential for thousands of years before HIPAA and the OCR came along.  In fact, the confidentiality of patient information has been recognized by common law at least as far back as Hippocrates and the Hippocratic Oath.  Long before HIPAA was enacted, every state had enacted statutes to codify the physician-patient privilege.  While there is no federal law that recognized the physician-patient privilege, the federal rules of evidence specify that the principles of common law are to be applied in federal courts.

Mental health and psychiatric records are also included in the class of super-confidential patient information.  Patient records that may invoke some type of stigma, or result in some attribute being associated with a patient are usually super-confidential.  Records involving sexually transmitted diseases, and substance abuse treatment  are a prime examples of super-confidential records.  In fact, there is a federal law protecting the confidentiality of substance abuse treatment records that predates HIPAA by 50 years.

The fact that super-confidential patient information was included in the publically available portions of a court file probably required several failures along the way.  We can presume that the New Jersey provider had some type of arrangement to provide services for compensation to its patients even if it was an oral agreement.  The New Jersey provider has a right to be paid for the services provided pursuant to that agreement.  When the patients refused to pay for the services, the New Jersey provider was allowed to seek legal help to enforce the agreement.  The New Jersey provider would be required to advise its attorney of the individual patients to sue, and the unpaid claims for each identified patient.  So far so good, but things must have taken a turn for the worse from this point forward.  

While the attorney would need to identify the patient and the claims in the lawsuit, the attorney is required to redact the confidential information in the parts of the court file available to the general public.  Additionally, most courts require the attorney filing a document to certify that the document being filed does not contain any confidential information, or that the attorney has redacted all the confidential information.  So the attorney should have eliminated all unnecessary information and redacted any necessary information that was confidential.  Additionally, most clerks of court also review documents to make sure the documents are in order before the documents are filed, so the clerk of court that processed these lawsuits may have at least had an opportunity to review and reject the documents.

It is hard to believe that confidential patient information of any kind made it all the way into the publically available portion of a court record.  The fact that "super-confidential" psychiatric and mental health records made it all the way into a court document available to the general public is shocking.  This disclosure of confidential patient information is wrong on numerous levels, but this disclosure it is not a failure of HIPAA and OCR.  The physician-patient privilege that has been in existence for 2,500 years was ignored by the New Jersey provider and its attorney resulting in the wrongful disclosure of patient information.

Michael L. Smith, JD, RRT is board certified in health law by The Florida Bar and practices at The Health Law Firm in Altamonte Springs, Fla.  This article is for general information only and is not a substitute for formal legal advice.

Legally Speaking Archives


Email: *

Email, first name, comment and security code are required fields; all other fields are optional. With the exception of email, any information you provide will be displayed with your comment.

First * Last
Title Field Facility
City State

Comments: *
To prevent comment spam, please type the code you see below into the code field before submitting your comment. If you cannot read the numbers in the below image, reload the page to generate a new one.

Enter the security code below: *

Fields marked with an * are required.


Back to Top

© 2017 ADVANCE Healthcare, an Elite CE company