Hipaa And Third Parties

[semicaregiver]

I have been reading all the posts regarding the raids and the issue regarding patient records and I am confused about the concept of confidentiality given the involvement of a not governmental/non-medical third party, i.e. dispensary. I have not been to any of the dispensaries so not having been exposed to their procedures so I am somewhat in the dark as to how things work.

 

I do not know how HIPAA rules work, but it would seem to me that if I gave my medical records to a third party they would no longer be protected under the rules that the MDCH has set up. All the MDCH rules I have seen posted seem to protect us from MDCH releasing our records or any one that they gave the records to releasing them. I do not see any wording that protects us from a third party releasing them, or in this case having them seized by leo.

 

As an example, say there is a pharmacy owner who is willing to turn a blind eye to a doctor that is writing an inordinate number of scripts for pain killers. I would expect that somewhere along the way the government might raid the pharmacy and take their records. And, they would probably raid the doctors office as well and take his records.

 

Has anyone explored how HIPAA works with regards to third parties?

[peanutbutter]

I have been reading all the posts regarding the raids and the issue regarding patient records and I am confused about the concept of confidentiality given the involvement of a not governmental/non-medical third party, i.e. dispensary. I have not been to any of the dispensaries so not having been exposed to their procedures so I am somewhat in the dark as to how things work.

 

I do not know how HIPAA rules work, but it would seem to me that if I gave my medical records to a third party they would no longer be protected under the rules that the MDCH has set up. All the MDCH rules I have seen posted seem to protect us from MDCH releasing our records or any one that they gave the records to releasing them. I do not see any wording that protects us from a third party releasing them, or in this case having them seized by leo.

 

As an example, say there is a pharmacy owner who is willing to turn a blind eye to a doctor that is writing an inordinate number of scripts for pain killers. I would expect that somewhere along the way the government might raid the pharmacy and take their records. And, they would probably raid the doctors office as well and take his records.

 

Has anyone explored how HIPAA works with regards to third parties?

 

You are mixing three or more issues at the same time.

 

1 HIPPA is federal law. There has been enough time that has passed that has allowed protections for law enforcement to avoid many criminal charges.

 

2. MDCH rules vs the medical marijuana law. Many times the MDCH will issue a statement that is in conflict with the law itself. Those statements are becoming more rare, but some still exist.

 

3. Third parties having protected records.

 

Our law forbids passing on information contained in the records of the MDCH. It does not forbid passing on the records themselves.

 

So then. On my application, I specify who my caregiver is. For an officer to tell someone "John D. is the caregiver for peanutbutter" is passing on that information.

 

That is a crime the officer is supposed to go to jail for.

 

The application and all information on the application is protected.

 

(h) The following confidentiality rules shall apply:

 

(1) Applications and supporting information submitted by qualifying patients, including information regarding their primary caregivers and physicians, are confidential.

 

(2) The department shall maintain a confidential list of the persons to whom the department has issued registry identification cards. Individual names and other identifying information on the list is confidential and is exempt from disclosure under the freedom of information act, 1976 PA 442, MCL 15.231 to 15.246.

 

(3) The department shall verify to law enforcement personnel whether a registry identification card is valid, without disclosing more information than is reasonably necessary to verify the authenticity of the registry identification card.

 

(4) A person, including an employee or official of the department or another state agency or local unit of government, who discloses confidential information in violation of this act is guilty of a misdemeanor, punishable by imprisonment for not more than 6 months, or a fine of not more than $1, 000.00, or both. Notwithstanding this provision, department employees may notify law enforcement about falsified or fraudulent information submitted to the department.

[bobandtorey]

http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html

 

 

hope this helps

[peanutbutter]

http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html

 

 

hope this helps

 

That would be federal law.

 

There is no such page for our state law.

[semicaregiver]

I guess it might work better to restate my question...

 

Is my info still confidential and protected by the MDCH rules if it "did not" come from a government official? Based on the two posts above I would assume the following:

 

1. the Federal Hipaa rules definitely do not provide any confidentiality if I give my records to a dispensary

2. under the state law a governmental agency is prohibited from giving out my info, but I see no protection granted to me if a "non-governmental" third party provides my records to governmental agency, i.e. leo. I could see the argument that leo, might be liable if they then distribute the info.

[peanutbutter]

I guess it might work better to restate my question...

 

Is my info still confidential and protected by the MDCH rules if it "did not" come from a government official? Based on the two posts above I would assume the following:

 

1. the Federal Hipaa rules definitely do not provide any confidentiality if I give my records to a dispensary

2. under the state law a governmental agency is prohibited from giving out my info, but I see no protection granted to me if a "non-governmental" third party provides my records to governmental agency, i.e. leo. I could see the argument that leo, might be liable if they then distribute the info.

 

It's not the records that are protected by our new law. It is the information that is contained in the records.

 

The law does not specify what the source of the information needs to be to be protected.

 

It only specifies that the information is protected.

 

The sheriff of Oakland County held a press conference to violate this law.

 

This law specifies that persons, not agencies, that violate this law go to jail.