Can HIPAA or Other Laws Block the Release of Patient Names?

Pharmacy Times, May 2020, Volume 90, Issue 5

Plainti pharmacist seeks identities of customers in a pharmacy at the time a supervisor allegedly made defamatory statements.

ISSUE OF THE CASE

A pharmacist who used to work at a pharmacy chain is suing the former employer over alleged defamatory statements made by a supervisor and requested that the names of patients who might have overheard the comments be released. Is such a release permitted or prohibited by federal or state law?

FACTS OF THE CASE

A pharmacist was employed at a location of a national pharmacy chain in a southern state. She had had disputes with the firm about accommodations for various health conditions that the pharmacy chain ultimately granted. She then was asked to complete paperwork, obligatory for all pharmacists, related to conflicts of interest. She delayed making the submission, fearing retaliation.

Three months after the submission was requested, a supervisor visited the pharmacy. This resulted in what the court described as “a verbal confrontation, which included raised voices in the presence of customers and employees.”

The pharmacist refused to complete the paperwork that day, so she was relieved of her duties for the remainder of her shift and suspended with pay. Instead of departing, she began to make phone calls to corporate officials. The supervisor then informed her that she was being suspended without pay.

The court report of this matter states that “at some point during this interaction, plaintiff alleges that [the supervisor] said she was ‘unfit’ while directing her to leave the pharmacy.”

The pharmacist eventually departed. She filed a lawsuit against the firm and the supervisor alleging defamation, employment discrimination, and retaliation.

As part of the pretrial process, the attorney representing the plaintiff pharmacist requested the names of patients served at the pharmacy that day who might have heard or observed the heated exchange. The pharmacy chain refused to release that information, arguing that doing so would violate the federal Health Insurance Portability and Accountability Act (HIPAA). The plaintiff’s attorney went to court, and a federal magistrate judge issued an order directing the firm to turn over the requested information. The firm instead asked the US district court judge to overrule the magistrate. (A magistrate judge is appointed by US district court judges to assist them for a specified term, whereas a US district court judge is appointed for life by Congress and the president.)

THE RULING

The magistrate judge’s order to divulge the names be divulged was upheld. The court found exceptions to the expectation of privacy contained in HIPAA and an exception to state pharmacy law on the issue.

THE COURT’S REASONING

The court began with the notion from HIPAA that a health care provider may not disclose protected health information (PHI). However, the district court judge considering the appeal noted that the US Department of Health & Human Services has adopted regulations to implement the expectations of the legislation. One of those speci es that, if certain conditions are met, PHI may be disclosed without consent. For example, judicial proceedings in which a court has issued an order mandating release of the information qualify for this exception. Release also is permissible in response to a request made during the pretrial discovery process, when each side attempts to ascertain the strength and underpinnings of the opponent’s case by examining potential evidence and interviewing potential witnesses. With this latter situation, the PHI may be released if the requesting party offers satisfactory assurance that reasonable efforts were made to obtain a quali ed protective order that meets HIPAA’s expectations of maintaining con dentiality.

The district court judge found that the magistrate judge’s order provided a sufficient basis for sharing the requested information. Moreover, the attorney representing the plaintiff pharmacist had repeatedly agreed to provide qualified protection for the information. That agreement alone, in the judge’s view, allowed the pharmacy chain to release the information, even if the magistrate judge had not ordered it to do so. The result was that the information should be released, which would not run afoul of HIPAA.

The court also examined the relevant provisions in the state pharmacy regulations and statutes and found one stating that pharmacies are permitted to disclose patient information “if the law demands.” Thus, there was no barrier to release in either federal or state law.

Joseph L. Fink III, BSPharm, JD, DSc (Hon), FAPhA, is a professor of pharmacy law and policy and the Kentucky Pharmacists Association Endowed Professor of Leadership at the University of Kentucky College of Pharmacy in Lexington.