Confidentiality .. It's In The Law. So What Does It Do For Us?

[peanutbutter]

Uh, that's not a judicial act. So, yeah, no judicial immunity there.

 

Yep .. no immunity there. They are facing life in prison.

[peanutbutter]

Confidentiality within the Michigan Medical Marihuana Act.

 

The confidentiality section of the MMMA is located in section 6 (h).

 

A common mistake evolves when someone tries to apply HIPPA law to issues of confidentiality within the MMMA. These are two very different laws. HIPPA does not protect the identity of a medical marijuana caregiver. The MMMA does not protect dental records. There is an overlap of the two laws. Those overlaps are minimal. The differences are major.

 

There is very little medical information that is maintained in the MDCH data file. Nearly every item is identification in nature. Our law was not intended to provide anyone with a list of local medical marijuana patients and or caregivers to ANY employee or official of government.

 

There are several items, located in 6 (h) (1) and (2) that are placed within the protections of this section.

 

The nature of all of the items that the MMMA places the protection of confidentiality upon are informational. It is the information within the registry file at the MDCH in Lansing. This information is protected on it’s way toward that file, while in the file and proceeding from the file.

 

Any copy of the information that has made it’s way to, or is on it’s way to, the MDCH file is protected. For example, a patient retains a copy of the application in the event that the MDCH takes longer than twenty days. After the twenty days the retained copy of paperwork with it’s supporting information, serves the function of being a “temporary ID card” until the plastic arrives in the mail.

 

This retained copy is a mirror image of the collective information that will be or is within the master file at the MDCH.

 

It is the information that is protected and not just the literal piece of paper that is submitted:

 

(1) Applications and supporting information submitted by qualifying patients, including information regarding their primary caregivers and physicians, are confidential.

 

When considering the specific action that is forbidden of the MDCH to do with such records, it should be noted that it is the information that is forbidden from release via FOIA request. Clearly this is talking about the release of information and not the literal paper application.

 

Information is quickly passed from one person to the next in our information age.

 

The next paragraph places emphasis on every iota of information contained within the file that the MDCH keeps:

 

(2) The department shall maintain a confidential list of the persons to whom the department has issued registry identification cards. Individual names and other identifying information on the list is confidential and is exempt from disclosure under the freedom of information act, 1976 PA 442, MCL 15.231 to 15.246.

 

Even the names are given the protections of this section. Identifying information would include names, addresses, phone numbers, drivers license numbers, social security numbers etc.

 

Two different views that exist about this paragraph.

 

· This paragraph only forbids disclosure in response to a FOIA request.

 

· This paragraph forbids disclosure in any way INCLUDING a response to a FOIA request.

 

The second view seems to have been adapted by the MDCH in it’s rules.

 

Rule 333.121:

 

Rule 21. (1) Except as provided in subrules (2) and (3) of this rule, Michigan medical marijuana program information shall be confidential and not subject to disclosure in any form or manner. Program information includes, but is not limited to, all of the following:

 

a] Applications and supporting information submitted by qualifying patients.

 

b] Information related to a qualifying patient’s primary caregiver.

 

c] Names and other identifying information of registry identification cardholders.

 

d] Names and other identifying information of pending applicants and their primary caregivers.

 

(2) Names and other identifying information made confidential under subrule (1) of this rule may only be accessed or released to authorized employees of the department as necessary to perform official duties of the department pursuant to the act, including the production of any reports of non-identifying aggregate data or statistics.

 

(3)The department shall verify upon a request by law enforcement personnel whether a registry identification card is valid, without disclosing more information than is reasonably necessary to verify the authenticity of the registry identification card.

 

(4) The department may release information to other persons only upon receipt of a properly executed release of information signed by all individuals with legal authority to waive confidentiality regarding that information, whether a registered qualifying patient, a qualifying patient's parent or legal guardian, or a qualifying patient’s registered primary caregiver. The release of information shall specify what information the department is authorized to release and to whom.

 

(5) Violation of these confidentiality rules may subject an individual to the penalties provided for under section 6(h)(4) of the act.

 

There is a serious omission of doctors protections. They are mentioned in the law yet ignored in the rules. The identities of the doctors are an item protected under the law itself.

 

To whom the duty of confidentiality is owed.

 

Many have asserted that the patient may wave confidentiality of these records.

 

The MDCH rules in paragraph 4 indicate that several people are owed the confidentiality provided within the records that involve a patient: Each of those other people are required to sign waivers before one iota of information is to be released about the mmj patient. Not just simply a waiver from the patient, but every other person named in the patients record.

 

Persons targeted by paragraph section 6 (h) (4) of the law.

 

This paragraph contains a list of authorities.

 

"including an employee or official of the department or another state agency or local unit of government,"

 

The inclusion of “local units of government” supports the idea that this section of law applies to much more than what the MDCH, or it’s employees.

 

One popular interpretation is that this criminal disclosure can only take place by persons employed by the MDCH in response to a FOIA request. That would leave out employees of local units of government. Yet those employees of local units of government are on the list of possible offenders.

 

Again, the MDCH interpretation of the confidentiality section assumes the more conservative stance. That is that ANY disclosure of ANY information that identifies ANYONE may be a violation of criminal law.

 

So far, we’ve looked at:

 

(1) What information is confidential and is protected from disclosure

 

(2) Who is owed confidentiality and what is required to waive the protections

 

(3) Who may be arrested for violations under section 6 (h) (4) of the law.

 

More on “who may violate?”

 

Paragraph (4) starts out “A person, including an employee or official of the department or another state agency or local unit of government,”

 

This paragraph targets government officials and employees. Both state and local.

 

Any person that is an official or employee of government could attempt to claim immunity of some sort in a defense to this criminal charge.

 

While not discussed in the law itself, immunity from this section must be considered.

 

A judge might be protected from this criminal law by immunity for actions taken in a court of law. The immunity protections for the prosecuting attorney would be less that provided to the judge. The court clerk would have less protection than the pa and so on down the list.

 

The further that employee or official is removed from the judge, the less likely that the person would be successful in claiming immunities.

 

It is difficult to claim immunity from a law which targets that person.

 

The officer on the street would most likely not succeed in claiming immunity.

 

The clerk behind the desk at city hall would be even less protected.

 

Local governments are currently attempting to force patients and caregivers to register with those local units of government. The MDCH would never release the same information to such units of government.

 

Such local laws are an attempt to make an “end run” around the confidentiality section of our law. The local governments can not get the information directly from the MDCH. They are now attempting to gain the exact same information from the persons that are supposed to be protected.

 

Disclosure

 

 

 

What is forbidden disclosure?

 

Who may not disclose?

 

What may not be disclosed?

 

 

 

The criminal section (4) states that:

 

A person, including an employee or official of the department or another state agency or local unit of government, who discloses confidential information in violation of this act is guilty of a misdemeanor,

 

“in violation of this act” ..

 

There are two ways that this may be viewed.

 

(1) Disclosure in ways that are forbidden by the act.

 

(2) Disclosure in any way that is not allowed within the act.

 

Again, the MDCH has chosen to adapt the second, more conservative view.

 

It is not required that the disclosure be a public disclosure to trigger this section of law.

 

One single person can disclose something to another single person. It is not required for something to be published to have been disclosed.

 

Many would claim that disclosure could not take place within a department as long as the information remained within that department.

 

There is no provision in our mmj law to allow any intra office transmission of confidential information with the single exception of within the MDCH in the normal performance of their duties.

 

Each person working with this information inside of a local unit of government could possibly commit a crime when they perform their normal duties. Such as data entry into a local computer file that can be accessed by other persons.

 

Any local laws that are written to require registration of patients and caregivers have some sort of enforcement procedure. This would require that a local employee disclose confidential information to some sort of enforcement person. Which, in the end, would involve law enforcement.

 

The Michigan State Police have requested access to the information contained within the MDCH file. Every time such a request has been made, the MDCH has refused to allow access.

 

No single person has a greater ability to disclose this information than the MDCH has. The MDCH can not and will not disclose the information to law enforcement or local governments.

 

Forcing persons to violate confidentiality, by registering, might raise the issue to Federal levels.

 

42:USC 1985 Civil rights violation by someone acting under color of law.

 

No local law can force a person to either commit a state level crime or waive state given rights of protection.

 

Furthermore, since the MDCH views each person listed within a patients records as having their own, separate, protections, the patient or caregiver would be forced to divulge information, about other persons, which they do not have the ability to waive confidentiality.