Vanderbilt University Medical Center is being accused of violating the privacy of its transgender clinic patients by turning their records over to Tennsessee’s attorney general
this is likely a HIPAA violation. The thing conservatives crowed about back during vaccine requirements for jobs (and were entirely wrong about being related to HIPAA). The hospital would explicitly require patients to approve providing the records to the government. The government is a covered entity in HIPAA.
HIPAA explicitly allows the release of records for law enforcement investigations. However, the plaintiffs will argue this was a malicious case and done without warrants.
Permitted disclosure must meet certain requirements. The amount of PHI provided must be the minimum amount possible to meet the required activity. Nothing here seems to meet the requirement provided. Tbh, auditing/billing isn’t even listed as a permitted disclosure.
Edit: I take it back. Supported fraud programs is a permitted disclosure. However, it needs to be the minimum amount of PHI disclosed to meet that goal.
Yeah, it really might be. This should be making the sending of the entire batch of documents illegal, unless they all signed a void at the very start that their info would be sent if requested regardless.
this is likely a HIPAA violation. The thing conservatives crowed about back during vaccine requirements for jobs (and were entirely wrong about being related to HIPAA). The hospital would explicitly require patients to approve providing the records to the government. The government is a covered entity in HIPAA.
HIPAA explicitly allows the release of records for law enforcement investigations. However, the plaintiffs will argue this was a malicious case and done without warrants.
Permitted disclosure must meet certain requirements. The amount of PHI provided must be the minimum amount possible to meet the required activity. Nothing here seems to meet the requirement provided. Tbh, auditing/billing isn’t even listed as a permitted disclosure.
Edit: I take it back. Supported fraud programs is a permitted disclosure. However, it needs to be the minimum amount of PHI disclosed to meet that goal.
Yeah, it really might be. This should be making the sending of the entire batch of documents illegal, unless they all signed a void at the very start that their info would be sent if requested regardless.
Still, this is fucked up.