HIPPA and Whistleblower Cases
Most people in the healthcare industry know that documents covered by HIPAA must be treated with utmost secrecy and care. Protecting patient privacy is a big deal. Thus, questions frequently arise when a healthcare worker wants to blow the whistle on fraud. Can he or she use HIPAA protected documents to support their claims?
The short answer is yes, with certain qualifications. The government wants to encourage people who know about fraud to come forward and report it. Therefore, the government has enacted a specific HIPAA exception for whistleblowers.
HIPPA Exceptions for Whistleblowers
Specifically, 45 C.F.R. 64.502 is entitled “Uses and Disclosure of Protected Health Information: General Rules.” Subsection J of that section allows “Disclosures by Whistleblowers,” provided the following conditions are met:
- The whistleblower must believe in good faith that the employer has engaged in conduct that is unlawful or otherwise violates professional or clinical standards, or that care, services, or conditions provided by the covered entity potentially endanger one or more patients, workers or the public;
- The disclosure can only be made to (1) a “health oversight agency,” or (2) an attorney hired by the whistleblower for the purpose of determining the whistleblower’s legal options.
This means a good faith whistleblower can take and use HIPAA protected documents, so long as he or she follows the above rules.
Not only is the taking of HIPAA protected documents allowed by federal rules and regulations, but many times a whistleblower’s case cannot survive without them. This is because courts apply very stringent pleading rules to whistleblower claims and often require the whistleblower to identify specific false claims submitted to the government. Some courts even require the whistleblower to identify specific patients (usually identified by initials only), the dates those patients were treated, and the dates the false claims associated with those patients were submitted to Medicare. As a practical matter, whistleblowers can rarely identify specific patients unless they have used HIPAA protected documents to build their case.
Note, however, that the care and handling of HIPAA protected documents is extremely sensitive. Although federal regulations allow whistleblowers to use these documents, most employers also have confidentiality agreements or policies in place that prohibit employees from taking any documents off the premises, HIPAA protected or otherwise. To the extent these policies prevent whistleblowers from reporting fraud, most courts have declared such policies to be void and unenforceable, but there are many nuances to the cases that have been decided.
If you think you have a potential whistleblower claim, you should consult an attorney knowledgeable with qui tam whistleblower cases, particularly with healthcare fraud cases, before taking or copying any documents at your workplace. Contact one of our lawyers for a free and confidential consultation.