The Health Insurance Portability and Accountability Act, commonly known as HIPAA, is intended to protect the privacy of patients’ healthcare information, and levies heavy fines to anyone who discusses confidential patient information in public. HIPAA compliance is a must for everyone in the US medical community.
BUT what if you’re a medical professional who suspects Medicaid or Medicare fraud? Can you discuss those suspicions with an attorney without violating HIPAA? Here are some of the facts you need to protect yourself, but please note that you shouldn’t rely on this writing as legal advice. It’s always advisable to speak with a False Claims Act law firm before making any decisions or taking any actions about something this important.
What is HIPAA?
The Health Insurance Portability and Accountability Act, or HIPAA, is a 1996 law designed to protect patients’ privacy. HIPAA sets out the legal obligations of healthcare professionals to protect patients’ medical and health records.
For example, the simple act of discussing someone’s case in public, even with only vague references as to the patient’s identity, may constitute a HIPAA violation.
HIPAA also requires that healthcare institutions keep patient information confidential, and controls access to that information. Healthcare institutions must protect patient privacy, and anyone who violates HIPAA is subject to hefty fines.
Understanding Protected Health Information (PHI)
HIPAA defines protected health information (PHI) as any record containing individually identifiable health information, including patient names, dates of birth, addresses, social security numbers, health information, treatment information, and health insurance information.
PHI contains the most intimate details of patients’ medical health. PHI includes patient medical histories, diagnosis, treatment, test results, x-rays, and billing information.
What Does HIPAA Protect?
To protect patient privacy and medical information, HIPAA governs the uses and disclosure of patient information. HIPAA covers all kinds of patient information, including doctor-patient communications, prescriptions, and medical records.
HIPAA applies to three kinds of entities:
- •Health plans, including HMOs, private and public health insurance plans;
- •Public and private healthcare processors, including billing and repricing companies; and
- •Health care providers
HIPAA governs who is allowed to view PHI. For example, your doctor, other healthcare providers, and your insurance companies are all permitted access to certain designated PHI. But insurance companies, employers, and law enforcement are generally restricted from accessing PHI. In certain circumstances, a patient’s access to their own information is restricted.
Discussing Systemic Medicare/Medicaid Fraud Under HIPAA
Medicare fraud and Medicaid fraud are serious problems in the United States. Violations are subject to significant civil penalties and, in some circumstances, can be prosecuted as a crime. Anyone who commits fraud on these government programs is subject to hefty fines and even jail time.
If you suspect Medicare fraud or Medicaid fraud, does discussing your suspicions with an attorney violate HIPAA? Although there are always caveats (see below), the short answer is no. HIPAA contains a Whistleblower Exception (45 CFR § 164.502(j)), which allows a person who has legitimate access to PHI to share that information with an attorney or the authorities if he or she: believes in good faith that [a hospital or other provider] has engaged in conduct that is unlawful or otherwise violates professional or clinical standards, or that the care, services, or conditions provided by the [healthcare provider] potentially endangers one or more patients, workers, or the public.
HIPAA is concerned with “individually identifiable health information.” Consequently, whistleblowers can ensure compliance if they use “de-identification,” which protects them from many potential penalties under the law.
Important Caveats to the HIPAA Whistleblower Exception
Under 45 CFR § 164.502(j), whistleblowers can share PHI with only a limited range of people or entities:
- •a health oversight agency or public health authority authorized by law to investigate or otherwise oversee the relevant conduct or conditions of the covered entity;
- •an appropriate health care accreditation organization;
- •an attorney retained by or on behalf of the workforce member or business associate; or
- •law enforcement, if related to a crime of which you yourself were a victim.
This limitation is to prevent information leakage to the public through rumors and unsubstantiated claims. The burden of proof will be on the whistleblower to prove the veracity of their claims.
Why Consult With A Whistleblower Attorney First?
If you’re thinking about blowing the whistle on Medicare fraud or Medicaid fraud, it’s essential to consult with an attorney first. A skilled False Claims Act attorney will provide you with confidential legal advice, meaning neither your employer nor anyone else will have access to what you discuss. They can help you determine the best way to share your information and can help you evaluate whether your information actually does reveal a violation of law.
If you have information about Medicare fraud or Medicaid fraud, you may be able to bring a lawsuit under the False Claims Act (FCA) by working with a whistleblower law firm. If you’re successful you can recover money for the government and earn a substantial reward. An experienced FCA attorney can help guide your whistleblower lawsuit to maximize the chances of a successful conclusion.
If you suspect Medicare or Medicaid fraud, be aware that HIPAA governs how and with whom you can share that information. If you believe that you have genuine claims, it’s essential to consult with an experienced qui tam attorney.
Note: this article is for general information purposes only and should not be relied upon as legal advice. Consult with an experienced attorney before taking any of the actions described herein. Nothing in this article may be construed as creating an attorney-client relationship.
Guest Blogger: Kat Sarmiento
Free Confidential Consultation
Fill out the form below and our team will reach out to you.