COVID-19 Confidentiality and Your Right to Privacy

COVID-19 Confidentiality Privacy Right

A recent case before the Vermont Supreme Court in which an emergency room nurse revealed to police that an intoxicated woman she had treated intended to drive home, emphasizes the growing focus on the protection of patient data.

While the outcome of the case was not surprising–the nurse was found not at fault because she acted to prevent imminent harm–the fact that the case was heard at all was surprising.

Although neither HIPAA nor Vermont law provided grounds for pursuing the case, the Supreme Court iterated that “recognition of the privilege [doctor-patient] is necessary to ensure that the bond remains.”

Positioned as we are now in the rising grip of a pandemic in the guise of COVID-19, the right to patient privacy has already come into conflict with arguments for the public good.

In March, for example, the records of an elderly woman who had died of the virus were posted on a social media site before her family, who lived overseas, was even aware of her passing.

In a potentially much larger invasion of our medical privacy, it was reported that White House senior adviser Jared Kushner “had contacted a range of health and technology companies about creating a national coronavirus surveillance system,” and that, as of April 10, Apple and Google “had announced a joint effort to enable government contact-tracing via the Bluetooth technology on their devices.”

Privacy Is Your Right

While such tracing may seem like another case of preventing imminent harm, it raises questions of the unintended impact of such disclosures.

As the ACLU has pointed out, cell phone data is not accurate to the six-foot social distancing radius, but what it can disclose is the user’s proximity to establishments that might reveal religion, race, sexual orientation, or unrelated medical information.

But in the wake of COVID-19, Big Brother may not be the biggest threat to your medical privacy.

Studies show that the most common way protected patient information is revealed is through good old-fashion inattention or incompetence.

Too often, our medical status is inadvertently exposed by treating staff discussing cases in public spaces such as waiting rooms or elevators.

Medical files are left, at times, in public hallways or opened on desks where anyone passing by can read.

And in this digital age our most sensitive reports are sometimes emailed or faxed to the wrong parties, which is why using secure encrypted e-fax systems is a must for healthcare providers.

What you need to know is that the patient holds the right to the decision to disclose medical information.

In most cases, the doctor has no discretion to reveal your private medical information.

Doctors can disclose basic information concerning the date of a patient visit, but sensitive information is to be held in confidence between the treating staff and the patient.

You should also be aware that in most cases for information to be considered private the following criteria must be met:

  • only information pertinent to the treatment at hand is privileged;
  • communication with your physician must have been made in the expectation of privacy from your perspective;
  • the presence of a third party not involved in treatment (and this includes spouses or family members) negates the expectation of privacy.

You should also know that you are protected from an employer revealing your health information by the Americans with Disabilities Act, which asserts “employee medical information must be kept confidential and may only be shared in very limited circumstances.”

What to Do If Your Right to Privacy is Contravened

If you believe your patient privacy rights have been violated, you can begin the process by filing a complaint with the Health and Human Services’ Office for Civil Rights.

You must file the complaint within 180 days of the incident and provide the name of the offending individual or business as a well as the details of your complaint.

If you plan to go further, be aware that privacy laws vary from state to state so your first step should be to contact a lawyer who is versed in state statutes.

Evidence often comes in the form of witness depositions, written documents, records of transactions, and transcripts of digital interactions.

Be prepared to provide details of all interactions and parties involved from your perspective.

Offenses can also occur by omission, as in the case of a lack of policy for phone interactions with second parties, so it is a good idea to keep copies of all written materials provided by the health provider.

COVID-19 has created a space where individual rights have come into conflict with the desire to protect the common good and sometimes health providers overstep their bounds in trying to protect the public.

Don’t let yourself be victim to the unlawful release of your information.  Stay informed and take action if you feel it’s necessary.