Saturday, July 12, 2008
Did state violate federal HIPAA regulations with leak of medical marijuana info?
by Larry Geller
It appears from the story, Medical marijuana list released, in today’s Advertiser, that the state Department of Public Safety has failed to protect patients’ private medical information. What safeguards were in place and did they meet the requirements of the federal law in the first place?
This should be the subject of an investigation. It’s not just a casual lapse, it may be a federal offense for each patient involved.
All the more reason, I might add, to move administration of this program from the Department of Public Safety, which is widely distrusted, to the Department of Health. In addition to other good reasons raised by advocates, the DOH understands the federal laws surrounding medical privacy.
PSD has the same darn access to the deputy attorney general that oversees HIPAA as DOH does. All they had to do was pick up the stinkin' phone. This was a stupid screw up by some public information officer or someone like that who assumed he/she knew all and didnt bother to stop to ask. This employees singular stupidity does not justify moving the program to DOH.
If a public information officer had access to confidential medical information, that alone could be a violation of medical privacy laws.
I'm not an attorney, and I sure wish one would take a look at this.