Docs should honor patient privacy
LOS ANGELES – A ruling made by the California Supreme Court in June may be binding only in that state but it has implications for doctors across the country.
In a unanimous decision, the California Supreme Court reversed an appellate court ruling that had concluded that the federal Fair Credit Reporting Act (FCRA) preempted California’s Confidentiality Act. The reversal reinstated a damage suit brought by Robert Brown against a debt collection agency run by Stewart Mortensen.
In an attempt to collect $600 on behalf of Brown’s dentist for a procedure Brown said he never had, Mortensen repeatedly and without authorization disclosed Brown’s and his family’s (including Brown’s minor children) private medical records and other information, such as Social Security numbers and dates of birth, to credit reporting agencies such as Experian, Equifax and Trans Union.
Brown sued, claiming, among other things, that Mortensen violated the state’s Confidentiality Act when Mortensen disclosed his and his family’s private information without authorization to credit agencies. Brown also sued his dentist, but only the claims against Mortensen were taken up by the state supreme court.
While the case places the responsibility on the shoulders of the debt collector, the California Supreme Court’s ruling on Brown v. Mortensen opens the door to Californian patients to sue not just debt collectors, but doctors and any others who disclose their private medical information by saying the state’s Confidentiality Act, which allows patients to sue, is not preempted by federal debt collections statutes.
The California Supreme Court ruling is more about preserving states’ authority to legislate privacy, said Arielle Cohen, a lawyer with the National Consumer Law Center, which filed arguments for Brown, but it is also a wake up call to physicians to abide by privacy laws strictly.
“I think the message for healthcare providers is, if you’re careful about confidential information, you should be fine,” she said. “Don’t get crazy when you’re trying to collect from somebody and (throw) their prescription information around. There are more appropriate ways to do that.”
Cohen doesn’t think doctors are at greater risk for litigation due to the ruling but Mark Swearingen, a lawyer with healthcare-focused law firm Hall, Render, Killian, Heath & Lyman, sees that possibility.
“Healthcare providers have to recognize that under certain circumstances they can be held liable for the actions of their service providers and subcontractors,” Swearingen said. If a service provider, such as a collection agency, is acting as a doctor’s agent, there’s a greater likelihood the doctor can be held legally responsible for the actions of the service provider.
Given the liability risk involved, Swearingen recommends doctors only provide the minimum amount of information necessary and to carefully select and monitor their contractors.
This case noted that private information about minors was revealed to credit agencies. Doctors should “think twice” about reporting private information about minors, said Tena Friery, research director, Privacy Rights Clearinghouse. The revelation of such information may damage minors by exposing them to identity theft, among other things.
For more on policy and legislation, see bit.ly/hfn-policy