Sunday, August 21, 2011

Hospital Balances Patient Privacy Rights and Victim's Rights

I am interested in your reaction to a thought provoking article on the conflict between patient privacy and law enforcement written by Amanda Milkovits.

What are your thoughts? I summarized the key points in this blog and am especially interested in the reaction of health and law professionals from states where patient privacy regulations go beyond HIPAA.
A Rhode Island hospital rejected a court order for the medical records of a woman whose husband was charged with murdering her.
The hospital's SVP for medical affairs says the hospital wants to work with the police, but by breaking confidentiality “we break the law.” What seems like a simple question, he says, can put the hospital in an impossible situation if the person has requested confidentiality.
In another case, the hospital rejected a request for a murder victim's medical records even though it included signed releases from the man’s father and adult son.
While HIPAA allows the release of this sort of information to law enforcement, Rhode Island’s Health Care Confidentiality Law, is more restrictive.

Rhode Island requires health-care providers to provide information to law enforcement about specific kinds of cases - such as the abuse of children — but otherwise; the consent of the patient or family is needed to release any information.
"There’s patients’ rights and victims’ rights, and we’re trying to exercise all of their rights." - Providence Rhode Island Police Major.
Police could seek a warrant to secure the information from the hospital, says Andy Horwitz, president of the Rhode Island Criminal Defense Lawyers Association and associate dean of academic affairs at Roger Williams University.

“Yeah, we could subpoena everybody to the grand jury, but that takes time,” a Providence Police Major said in response. “If I’m outside the ER and I want to get a description [of a suspect] from the victim, just to talk to the victim, or get information if the victim can’t talk themselves that will help solve the crime –– this is the balancing act."

The hospital has recently agreed to share the identities of patients with violent injuries. It has also provided the police with contact information for the senior on-call administrator and the personal cell-phone number of the SVP for medical affairs.

What are your thoughts on this conflict? Feel free to share anonymously in the comments by clicking on the "comments" link below.

Learn about a medical records abuse detection service that proactively identifies patient data privacy abuse, even by authorized users - with no hardware and no on-site software.
(a) Providence police, hospitals at odds in medical privacy debate - The Providence Journal, August 21, 2011


Anonymous said...

Makes sense to me. I work in a system with facilities in every state and U.S. Territory. Some states have a far more restrictive standard than the "floor" provided by the Privacy Rule. As the prosecutor noted, the records may still be available but the process takes time. So...if the records are deemed materially important to the investigation,RI should begin pursuing the course of action that can bring the records into the correct forum.

Anonymous said...

This is total nonsense. The privacy of medical records should only be for the protection of living persons from anyone not performing an official and authorized function of the state. The reasons for privacy of medical records should essentially be to protect the associated individual(s) from discrimination, harassment, embarrassment, loss of livelihood, etc... from persons obtaining such records for unofficial and unauthorized purposes and for whose release could reasonably be expected to cause these harms. The greater good of the public outweighs the real or imagined (mostly the later) privacy concerns of the individual. This is not to say that the state should not do their due-diligence to protect release of medical information, obtained for official and authorized purposes, from those not involved in the execution of those duties. If release of somebody's private medical information can help to convict another of a crime, and it serves the public at large in doing so, then state officials should not be inhibited from obtaining such information (through a search warrant of course) and any judge who prevents the release should be held accountable for any further harm caused by disallowing such release.

Alan Norquist - CEO of Veriphyr - Gartner "Cool Vendor" for 2011 said...

Interesting comments about privacy of deceased. This blog about post-death medical privacy may be of interest.

"Deceased Patient Records - What is Appropriate Access?" -

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at