Whistleblower HIPPA Concerns
The Health Insurance Portability and Accountability Act (HIPAA) was enacted by congress in 1996, but the Privacy Rule, which protects individually identifiable health information, took effect in 2003. This mandate to keep individual health information confidential made HIPPA a household name in the healthcare community. Sometimes, potential whistleblowers do not come forward to divulge fraud to attorneys or the government, for fear violating HIPPA . Fortunately, HIPPA authorizes whistleblowers to divulge most of such information to private attorneys or the Government. 45 CFR sec. 164.502(j)(1) provides that an employee may disclose such individually identifiable information if the “workforcemember or business associate” [employee]:
… believes in good faith that the covered entity has engaged in conduct
that is unlawful or otherwise violates professional or clinical standards,
or that the care, services, or conditions provided by the covered entity potentially endangers one or more patients, workers, or the public; and
(ii) The disclosure is to:
(A) A health oversight agency or public health authority authorized by law
to investigate or otherwise oversee the relevant conduct or conditions of the covered entity or to an appropriate health care accreditation organization for the purpose of reporting the allegation of failure to meet professional standards or misconduct by the covered entity; or
(B) An attorney retained by or on behalf of the workforce member or business associate for the purpose of determining the legal options of the workforce member or business associate with regard to the conduct described in paragraph (j)(1)(i) of this section.