Indiana’s AG sues hospital system over patient privacy and HIPAA breaches.
Indiana Attorney General Files Lawsuit Against Hospital System for Violating Patient Privacy Laws
Indiana Attorney General Todd Rokita has taken legal action against the state’s largest hospital system, accusing it of breaching patient privacy laws. The lawsuit, filed in federal court, alleges that Indiana University Health and IU Healthcare Associates violated HIPAA and a state law when a doctor publicly shared the story of a 10-year-old girl who traveled to Indiana for an abortion.
The lawsuit, which you can read here, seeks to hold IU Health accountable for their actions and prevent further privacy violations. It also calls for the implementation of an appropriate sanctions policy to ensure patient confidentiality in the future.
This lawsuit is part of ongoing efforts to take disciplinary action against Dr. Caitlin Bernard. Attorney General Rokita aims to protect patient privacy and clarify the boundaries of acceptable conduct for healthcare professionals.
Since the U.S. Supreme Court’s decision to overturn Roe v. Wade, the case involving the 10-year-old girl has gained national attention and become a focal point in the ongoing abortion debate.
Attorney General Rokita, a staunch anti-abortion advocate, has been at the forefront of implementing abortion restrictions in Indiana. The recent near-total abortion ban in the state has faced legal challenges.
The crux of the lawsuit is that neither the young girl nor her mother authorized the doctor to share their case with the media.
“Instead of prioritizing patient privacy, the hospital chose to protect the doctor and itself,” the lawsuit states.
Rokita argues that IU Health’s defense of Dr. Bernard’s actions has caused confusion among its employees regarding the boundaries of patient privacy laws.
The lawsuit includes seven counts against IU Health:
- Failure to implement or follow administrative, technical, and physical safeguards to protect patient privacy
- Failure to document disclosures of personal health information
- Failure to implement or apply and document sanctions
- Failure to provide adequate training to its workforce
- Failure to notify patients of a privacy breach
- Failure to mitigate harm
- Violations of Indiana’s Deceptive Consumer Sales Act
“We will continue to prioritize and safeguard the medical privacy of Hoosier patients,” Rokita stated. “Trust is the cornerstone of the patient-doctor relationship, and without trust, we cannot ensure reliable and honest healthcare.”
In May, the Indiana medical licensing board reprimanded Dr. Bernard for violating privacy laws by discussing the girl’s treatment publicly. However, the reprimand fell short of the medical license suspension sought by Rokita’s office.
The board’s decision received widespread criticism from medical groups and others who viewed it as an attempt to intimidate doctors.
Hospital system officials maintain that Dr. Bernard did not breach privacy laws.
“We stand by the HIPAA risk assessment and disagree with the board’s decision regarding patient privacy regulations,” the hospital system stated. “We believe Dr. Bernard acted in compliance with privacy laws.”
In response to the lawsuit, IU Health issued a statement to the Indiana Capital Chronicle, emphasizing their commitment to providing quality healthcare and protecting patient privacy.
“We are disappointed that the Indiana Attorney General’s office continues to allocate limited resources to this matter,” the statement said. “We will address the filing directly with the AG’s office.”
In an unrelated development, a 28-year-old man was recently sentenced to life in prison for the molestation of the 10-year-old girl.
What are the consequences of failure to maintain a compliant sanctions policy regarding privacy violations?
To obtain valid authorizations for disclosures of personal health information
The lawsuit seeks monetary damages, restitution, and injunctive relief to ensure IU Health’s compliance with patient privacy laws. It also calls for a permanent injunction to prevent similar privacy breaches in the future.
Privacy is a fundamental right for all patients, and healthcare providers have a duty to protect this right. Violations of patient privacy laws erode trust in the healthcare system and impede patients’ ability to seek necessary care without fear of their personal information being publicly disclosed.
This lawsuit serves as a reminder to all healthcare professionals and institutions to prioritize patient privacy and strictly adhere to privacy laws and regulations. It underscores the importance of obtaining valid authorizations from patients before disclosing any personal health information.
Furthermore, this case highlights the need for appropriate training and education on patient privacy laws for all healthcare employees. The confusion among IU Health employees regarding the boundaries of patient privacy laws suggests a lack of understanding and awareness of their legal obligations. It is crucial for healthcare institutions to provide comprehensive training to their workforce to ensure compliance with privacy laws and protect patient confidentiality.
In conclusion, Indiana Attorney General Todd Rokita’s lawsuit against Indiana University Health and IU Healthcare Associates sends a strong message that patient privacy violations will not be tolerated. Healthcare providers must respect their patients’ privacy rights and take necessary steps to safeguard confidential information. Upholding patient privacy is not only a legal obligation but also essential for maintaining trust in the healthcare system and ensuring patients’ access to quality care.
" Conservative News Daily does not always share or support the views and opinions expressed here; they are just those of the writer."
Now loading...