Two executives at Shasta Regional Medical Center, owned by Prime Healthcare Services, are facing severe criticism after sharing a patient's medical chart with news outlets. The incident, in addition to drawing fire, has brought up questions about whether the practice was legal or ethical.
Hospital CEO Randall Hempling and Chief Medical Officer Dr. Marcia McCampbell revealed the full chart of Darlene Courtois to her hometown newspaper, Redding Record Searchlight, as well as medical exam results to the Los Angeles Times, according to LA Times columnist Michael Hiltzik. The patient's daughter, Julie Schmitz, said the hospital executives didn't have permission to disclose that information.
Prime Healthcare, owner of 14 California hospitals, has been under federal and state investigation of alleged billing fraud to Medicare and Medi-Cal (the state Medicaid program), although the hospital operator has said it is unaware of an FBI investigation. News outlet California Watch last month reported that Shasta Regional billed Medicare for treating patient Courtois with kwashiorkor--a severe form of malnutrition that provides greater reimbursement--although Courtois told California Watch that she wasn't treated for malnutrition and is overweight.
In response, the hospital execs shared the medical chart with the Redding Record Searchlight, arguing that the patient implicitly waived her privacy because she had shared some of her records with another news organization.
"As far as we're concerned, the patient gave that permission when she gave her records to California Watch and was quoted on the record," the hospital CEO told the LA Times columnist. "That waived her privacy."
In addition to dealing with a billing fraud investigation, Prime Healthcare is at the center of a medical privacy violation that could fuel an additional investigation, according to experts, who say there's no such thing as an implied authorization by a patient for disclosure of personal records.
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), federal law protects "information your doctors, nurses, and other health care providers put in your medical record," according to the Department of Health & Human Services (HHS) website. Healthcare providers, plans and clearing houses called "covered entities" must "reasonably limit uses and disclosures to the minimum necessary to accomplish their intended purpose," "must have contracts in place with their contractors ... and safeguard it appropriately," as well as "must have procedures in place to limit who can view and access your health information."
These covered entities cannot use or share information for marketing purposes, according to HHS.
"The behavior of Prime and Shasta Regional should provide rich fodder for investigations by state and federal agencies and by U.S. prosecutors in Sacramento," the columnist wrote. "...As for the rest of the bigwigs at Prime and Shasta, plainly they all need to be shipped to a reeducation camp in the rules of patient confidentiality. If, that is, they can stay out of jail."
For more information:
- read the LA Times column
- here's the California Watch article
- read the Business Insider article
- check out the HIPAA website
FBI probes Prime Healthcare for alleged upcoding, watchdog reports
Prime hospital allegedly bills at six times state rate for heart failure
Prime sues Kaiser, SEIU against alleged monopoly scheme
Hospital faces $8.1M suit for inflated malnutrition rates, gaming reimbursements