Young mans brain kept after autopsy.

For those coming into this late and having to suffer through all the hot air, allow me to give you a summary.

Summary of Incident: Kid gets killed in an accident. Law requires an autopsy. Coroner wants to examine the brain, so he removes it. The body is returned to the family, but they were unaware of the brain being retained. The coroner saves up brains until he has enough (six) to justify the brain examiner to make the trip. High school kids take a field trip to the morgue. The labeled jar with the brain is seen in a cabinet. Kids recognize the name, and it gets back to the family. Family sues for the body parts being mishandled. Court says the body parts weren't mishandled but the failure to notify was a mistake.

Skeptic Ginger claims that the kids seeing the labeled jar was a "serious breech [sic] of confidentiality."

Confidentiality: I have presented numerous citations showing that in some states, autopsy records are not confidential at all. They are a matter of public record. In some states the autopsy records are confidential, but the death certificates are not. Still other states hold both confidential for a period of time (50 years, for example). Therefore, it is by no means automatic that the information is confidential.

Furthermore, a state mandated autopsy like in this case is a matter of public record. In other words it is public information that John Doe is having an autopsy conducted by the state. The only information revealed in this incident is that the kid had an autopsy conducted. That's not confidential information.

I provided several citations showing that information contained in public records, especially government required public records, is expressly not considered Personal Health Information. Thus the fact that the kid got an autopsy is not covered.

Breach: HIPAA specifically exempts what they call incidental disclosure. The requirement is that medical professionals take reasonable precautions. They recognize that some information is more sensitive than other information. For example, HIV status, drug use, and domestic violence related information is considered much more sensitive than (say) somebody's weight.

What this means, for example, is that it's not a breach if while you're standing on the scale at the doctor's office that another patient sees how much you weigh. It's not a breach if you're seen entering an x-ray room or carrying a specimen cup back from the bathroom. It's not a breach for the doctor's office to call out your name in the waiting room.

In this case the jar was kept in a cabinet awaiting examination. Students going on a tour saw it, just like "civilians" see information every single day in morgues, hospitals, and medical offices around the world. It's an incidental disclosure, and in this case, the information is not sensitive (the kid is getting an autopsy), and it's not even confidential since it's a matter of public record.

Serious: Even if it could be established that the information was confidential (fat chance), it's not particularly sensitive information. The breach was incidental disclosure. There was nothing "serious" about this event at all.

The Court: The court didn't discuss confidentiality or privacy. It only discussed the right of sepulchur, which is the right for the survivors to control how the remains are handled. The court said that the morgue has the right to do their job. There was no issue of confidentiality brought up in the case. Similarly, nowhere in the press has anyone even discussed confidentiality as being a problem. Only Skeptic Ginger is carrying this torch.

Conclusion: This is nothing more than a desperate attempt to defend an unsupportable claim.
 
Schrodinger's Cat said:
You can't really apply the rules the apply to HIV confidentiality to health care as a whole. HIV is a specially protected category that requires more confidentiality than other diagnoses. I don't know what the rules are because I don't work in HIV care, but I know they are different.
Click to expand...
I wasn't applying rules, I was discussing concepts.

The concept of how you come to know the information, in the course of performing your job or not.
The concept of confidentiality law applying to some things but professional ethics applies in a much broader scope.

If you are not harmed, you cannot sue. That doesn't mean a physician doesn't have an obligation to maintain confidentiality.

Schrodinger's Cat said:
I work at a cancer hospital, and people's records are identified by name, not a coded number alone. Any person who even comes across the patient's chart, lab work, pathology, etc by happenstance, even if they do not need to see it, will be able to see the patient has for example sarcoma, and who they are, because it is clearly labeled with their name and DOB.
Click to expand...
All the people you refer to have a reason to be there. You are assuming 'need to know' only applies to needing to specifically use the information.

What do you think would happen if a chart was left open within view of visitors and a family member read something that was visible, but which the patient had specifically said not to disclose to a family member? Would it just be a confidentiality breach if the family member saw it? Or would it be a breach because the chart was left open in plain view?

Ever get in trouble talking at the nurses' station about a patient too loudly when visitors or other patients could hear you? Think that does or does not violate patient confidentiality?

The idea the high school kids were in a forensics club could mean a court would rule they had a need to know. But because a club is not a class and a high school club may not be considered a bonafide forensics program, I don't think it is clear how a court would rule on this matter. But I can say that a confidentiality breach occurred, people were damaged. So either the morgue was at fault, the students, or both. Because the court did not address this we don't know how they would have ruled. The court only ruled the brain was not on public display. One can assume that is all the attorneys for the plaintiff argued since that is all the judge addressed.

HIPAA Protected Health Information.
The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)."12

“Individually identifiable health information” is information, including demographic data, that relates to:

the individual’s past, present or future physical or mental health or condition,
the provision of health care to the individual, or
the past, present, or future payment for the provision of health care to the individual,
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual.13 Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).
Click to expand...
A brain in a jar with patient identifiers on the jar label would be covered.

Schrodinger's Cat said:
Now certainly, I can't LOOK in a patient's chart and go through their records if I have no legitimate professional reason to. But merely the fact that I saw the chart with the patient's name and DOB in the sarcoma clinic is enough to tell me this patient has sarcoma (or at the very least, has a history of or high risk of sarcoma). And if I were to see a labeled scan or specimen outside of a particular clinic, like in a lab, this may not reveal their exact diagnosis, but I know they are patient at our cancer hospital.
Click to expand...
Again, you are referring to an employee of a facility that has a reason to be where the information was visible, not a member of the public.

In the past as a visitor, I might see a name on a chart in a rack, but now facilities have moved those chart racks out of view of visitors and patients. You should ask your outpatient clinics if they don't indeed have a policy of asking for patients in the waiting room by first name only. Despite UY being unaware of this change in medical care in the US, it is a reality.

Schrodinger's Cat said:
It sounds to me like you work in a very specified area (HIV) with very specified rules regarding the labeling of patient information and specimens with identifying information (such as their name), and are under the impression these rules apply universally in healthcare, but they don't.
Click to expand...
I provide consulting, education and medical services related to occupational infectious disease, and I'm an infection control consultant at a psych hospital that also has detox services. I have been in private practice doing this for over 20 years. I'm an advanced practice nurse certified in family practice, infection control and occupational health. I own my own business. So, no, my experience isn't as some limited HIV technician.

Schrodinger's Cat said:
Also, we have high school interns who come in and do a few hours a week in the summer.
Click to expand...
I mentioned both the Candy Striper programs as well as the EMS/fire Explorers as examples of underage persons who would be allowed to see confidential information. These programs are recognized as bonafide teaching settings. A high school forensics 'club' is in a gray area.

I also mentioned that certified lifeguards can be underage and have access to confidential medical information.


Schrodinger's Cat said:
I don't really understand why you seem to think that hospitals concern themselves with making sure no one at the hospital (including 13 year old candy stripers) ever finds out if someone they know is being or has been treated there. If you live in the same town/city as the hospital you work in, stuff like that happens all the time. You just can't go around then telling people, "Hey, guess who has this disease and is being treated at the hospital where I work?"
Click to expand...
You have been misled by UncaYimmy's straw man claims here. I've never made the claims you describe here. I recommend you read people's original posts rather than someone else's misstatement of that position.

The reaction of the students to seeing their friend's brain in a jar in the morgue is the issue here. Common sense would say someone should have anticipated such an event when the students were allowed into the morgue. This is not my sole opinion. I posted an expert's opinion in post #46:
Dr. Cyril H. Wecht, a forensic pathologist and attorney who reviews cases like these but is not involved in the Shipley case, says the medical examiner was right to take out the brain for investigation but was wrong to openly display Shipley's name on it.
"You're talking about a matter of sensitivity and common sense," Wecht says. "Certainly if you're going to have student visitors, then you should not have names and numbers available to see."
Click to expand...
Why people in this thread who have extremely limited expertise in this area think they know what they know in spite of people with significant expertise disagreeing with them is interesting to say the least. But that is what we have here.

Schrodinger's Cat said:
Again, my guess is that perhaps this works this way for *you* because you work with AIDS, which is a highly sensitive and specially protected diagnosis. But that's not the way healthcare works as a general rule. Specimens, charts, etc are typically labeled with name and date of birth, and are in places where they can be seen by plenty of people who do not actually work with the patient and need to know that information.
Click to expand...
And your guess would be very very wrong.
 
UncaYimmy said:
...Skeptic Ginger claims that the kids seeing the labeled jar was a "serious breech [sic] of confidentiality."
Click to expand...
Is there a point to posting a typo for the second time that I corrected seconds after posting? Is this an attempt to imply I'm ignorant? A personal attack?


UncaYimmy said:
...Conclusion: This is nothing more than a desperate attempt to defend an unsupportable claim.
Click to expand...
Desperate? That's hilarious. My posts speak for themselves.
 
Incidental Disclosure
http://hipaa.bsd.uchicago.edu/incidental_disc.html
While reasonable precautions should be used to avoid sharing patient information with those not involved in the patient's care, it is possible that minor amounts of patient information may be disclosed to people near where patient care is delivered or being coordinated. This is referred to as an incidental disclosure.
Click to expand...


Yeh, but what's minor? It's not "highly confidential" that's for sure!
http://hipaa.bsd.uchicago.edu/incidental_disc.html
Conversations discussing PHI should be conducted in a private area or room, especially when discussions involve highly confidential information (i.e. Mental Illness or Developmental Disability, HIV/AIDS Testing or Treatment, Communicable Diseases, Venereal Disease(s), Substance (i.e. alcohol, drugs) Abuse, Abuse of an Adult with a Disability, Sexual Assault, Child Abuse and Neglect, Genetic Testing, Artificial Insemination, and Domestic Violence).
Click to expand...


So what is Personal Health Information?
http://www.med.umich.edu/quality/toolkit/npp.htm
Personal health information or “PHI” (also called “protected health information”), is current, past or future information created or received by the University through its health care providers, health plans and contractors. It relates to the physical or mental condition of a patient or plan member, the provision of health care to that person, or payment for the provision of health care to that person. The term PHI does not generally include publicly available information, or information available or reported in a summarized or grouped manner.
Click to expand...


California Law Says
http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html
e) For purposes of this section, "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (2) Driver's license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (f) For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
Click to expand...


Is the fact that this kid was getting an autopsy protected?
http://www.uihealthcare.com/depts/hipaa/qanda.html#b
Can staff still call out the names of patients in the waiting rooms?
Yes. The rule explicitly permits certain incidental disclosures that occur as a by-product of an otherwise permitted disclosure after UI Hospitals and Clinics has applied reasonable and appropriate safeguards.
Click to expand...
 
Skeptic Ginger said:
Is there a point to posting a typo for the second time that I corrected seconds after posting? Is this an attempt to imply I'm ignorant? A personal attack?
Click to expand...
See the quote below. The post was indeed edited 5 minutes after it was posted, but the spelling mistake remains. I am quoting your exact words and following the proper custom of indicating that it was the author, not me, who used the incorrect spelling. As for it being a personal attack, please stop personalizing the discussion. If you believe my post was a breach of the Membership Agreement, report it. Otherwise, just address the argument.

http://www.internationalskeptics.com/forums/showthread.php?postid=6493080#post6493080
Body parts kept or not, that is one serious breech of medical confidentiality.
Click to expand...


Desperate? That's hilarious. My posts speak for themselves.
Click to expand...
I agree. Your posts speak for themselves.
Edited by jhunter1163: 
Edited for civility.
 
Last edited by a moderator:
Schrodinger's Cat said:
You can't really apply the rules the apply to HIV confidentiality to health care as a whole. HIV is a specially protected category that requires more confidentiality than other diagnoses. I don't know what the rules are because I don't work in HIV care, but I know they are different.

I work at a cancer hospital, and people's records are identified by name, not a coded number alone. Any person who even comes across the patient's chart, lab work, pathology, etc by happenstance, even if they do not need to see it, will be able to see the patient has for example sarcoma, and who they are, because it is clearly labeled with their name and DOB. Also, our administration people work off of computer work lists which lists huge numbers of patients with their diagnoses. ANYONE who has access to our computer systems can see this information, and does, whether they are looking for it or not, because when you pull up a work list, it lists ALL the patients being seen in the various clinic. As clinics are identified by the diagnosis they treat (leukemia clinic, melanoma clinic, etc) you will automatically know your patient's diagnosis just by what clinic they are scheduled for. People typically work by alpha split. So if your job is to get referrals, you'll work last names A-D. But the work list you print out will list ALL patients with pending referrals, even those outside your alpha split which you won't be touching personally.

We work at one of the top hospitals in the world, and they are very concerned with being HIPPA compliant. But in our HIPPA training, what we were told is that we just can't share this information from outside people. Not that we have to keep the the patient's names hidden from any kind of documentation or specinmens in the hospital so that no one except people directly involved with the patient would know they exist.

So for example, once I was going through faxes in our office and I came across a fax sent to another employee, for a patient who I was not working with. This fax was an authorization from an insurance, and it clearly listed the patient's name, address, cancer diagnosis, etc. I recognized the patient's name as being a very close friend of my parents. It is not a HIPPA violation for me to have seen this piece of paper even though I personally am not working with this patient. It would only be a HIPPA violation if I had then called my parents or anyone else (who were aware of the patient's diagnosis), "Hey Mom and Dad, did you know so and so is being treated here at Dana Farber?"

I should also say that I have worked at several other hospitals, which are also top hospitals, we're talking some of the top ranked in the country, and have entire departments that exist to make sure we are HIPPA compliant...and I have never worked somewhere where patients' lab work, charts, or anything else was identified ONLY by their medical record number or a coding number. They have always been identified by name and date of birth, which is clearly labeled on the scans/slide/chart etc that can be seen by anyone in the hospital who is in that area and happens to catch a glance.

Now certainly, I can't LOOK in a patient's chart and go through their records if I have no legitimate professional reason to. But merely the fact that I saw the chart with the patient's name and DOB in the sarcoma clinic is enough to tell me this patient has sarcoma (or at the very least, has a history of or high risk of sarcoma). And if I were to see a labeled scan or specimen outside of a particular clinic, like in a lab, this may not reveal their exact diagnosis, but I know they are patient at our cancer hospital.

It sounds to me like you work in a very specified area (HIV) with very specified rules regarding the labeling of patient information and specimens with identifying information (such as their name), and are under the impression these rules apply universally in healthcare, but they don't.

Also, we have high school interns who come in and do a few hours a week in the summer. This also has been true at other major hospitals I have worked at. They are in the same situation as the rest of us - they are able to see patient information all the time, because they are constantly around charts and specimens and computer systems and other things which have people's names on them. They are just counseled beforehand, like the regular employees are, what the rules of HIPPA are and that they cannot share any information with anyone. They are not prevented from seeing patients' names and diagnoses just because they are 16 years old.

I also was a candy striper starting at age 13, and I volunteered in the surgical unit. Mostly they had me going through and organizing their charts and medical records. So at 13 years old, I had full access to a wide array of patient information. And in this case, I had to read some of their charts' specific information because my task was to organize their records. So not only did I know their names and diagnoses, I knew a lot of other personal stuff about this. I was counseled on HIPPA, as were all the other kids. No one ever prevented me from seeing patient information because I was a kid. Also, because I worked in a surgical unit, I got to see all sorts of specimens that were sent from the surgical department to the pathology lab. These were labeled with the patient's name and date of birth. Furthermore, this was in a small county hospital, so not only was it possible that I would come across someone I knew, it was likely, and it in fact did happen several times.


Though I don't know enough about this case to know if the teens in this particular instance were counseled on HIPPA.

I don't really understand why you seem to think that hospitals concern themselves with making sure no one at the hospital (including 13 year old candy stripers) ever finds out if someone they know is being or has been treated there. If you live in the same town/city as the hospital you work in, stuff like that happens all the time. You just can't go around then telling people, "Hey, guess who has this disease and is being treated at the hospital where I work?"

Again, my guess is that perhaps this works this way for *you* because you work with AIDS, which is a highly sensitive and specially protected diagnosis. But that's not the way healthcare works as a general rule. Specimens, charts, etc are typically labeled with name and date of birth, and are in places where they can be seen by plenty of people who do not actually work with the patient and need to know that information.
Click to expand...

Thanks for the post. It's nice to finally have input in this thread from a qualified medical professional.
 
It would seem to me that once a person is dead, there is no confidentiality issue whatsoever.
 
qayak said:
It would seem to me that once a person is dead, there is no confidentiality issue whatsoever.
Click to expand...

As I posted above, there is. The fact that they are dead is not confidential. The autopsy in some states is confidential as is sometimes the death certificate. Beyond that death doesn't release medical professionals from HIPAA requirements, but there are guidelines about doctors responding to coroner requests.
 
UncaYimmy said:
As I posted above, there is. The fact that they are dead is not confidential. The autopsy in some states is confidential as is sometimes the death certificate. Beyond that death doesn't release medical professionals from HIPAA requirements, but there are guidelines about doctors responding to coroner requests.
Click to expand...
None of which applies to a the confidential information that a person's brain is in a jar in a morgue.
 
Skeptic Ginger said:
None of which applies to a the confidential information that a person's brain is in a jar in a morgue.
Click to expand...

In a state where autopsies are made public, it most certainly applies. To the best of my knowledge in all states it's a matter of public record that a person is getting an autopsy when it's required by law, such as in this case. Thus there's nothing particularly confidential about a brain being in a jar just like it's not particularly confidential that the chest is gonna be cracked open or the major organs removed and weighed.

Edited by jhunter1163: 
Edited for civility.
 
Last edited by a moderator:
UncaYimmy said:
As I posted above, there is. The fact that they are dead is not confidential. The autopsy in some states is confidential as is sometimes the death certificate. Beyond that death doesn't release medical professionals from HIPAA requirements, but there are guidelines about doctors responding to coroner requests.
Click to expand...

This has to do with a doctor, and novelist, who wrote a story in 2007 about the death of a Canadian soldier in Afghanistan in 2006.

http://www.canada.com/vancouversun/news/story.html?id=cb2948de-4cfd-4808-9529-c639f5c1b801

He was being investigated for breach od confidentiality laws but:

But after a patient's death, it's unclear whether patient confidentiality exists, said Dr. Jeff Blackmer. "That's not specifically addressed by our code of ethics, and it's still controversial," he said.
Click to expand...

The outcome:

Cleared by the military court because he had the soldier's mother's authorization but censured by the B.C. College of Physicians.

http://www.cbc.ca/canada/british-columbia/story/2009/01/27/bc-canada-afghan-doctor.html
 
UncaYimmy said:
In a state where autopsies are made public, it most certainly applies. To the best of my knowledge in all states it's a matter of public record that a person is getting an autopsy when it's required by law, such as in this case. Thus there's nothing particularly confidential about a brain being in a jar just like it's not particularly confidential that the chest is gonna be cracked open or the major organs removed and weighed.
Click to expand...

This is correct. It's like shooting fish in a barrel, isn't it?

Edited by jhunter1163: 
Removed quoted content.
 
Last edited by a moderator:
Skeptic Ginger said:
None of which applies to a the confidential information that a person's brain is in a jar in a morgue.
Click to expand...

I reject your claim because it is based on nothing more than your expertise in the medical field. I find your claim of expertise to be dubious at best considering that you thought a DNA test was in order to verify that an aborted sheep with a distorted face was not a human-sheep hybrid. I reject your expert opinion considering that you thought women were physically incapable of having an orgasm while being raped. These are egregious errors that laypeople wouldn't even make. Thus your unsubstantiated claims do nothing to advance the discussion.
 
UY, you can reject all you want. You've posted claims based on no qualifications, you've ignored the AMA paper and DR Wecht's opinion and you just don't know what you are talking about. Resorting to ridicule and ad homs certainly suggests you are beginning to see just how wrong you are here. Not that I expect you to ever admit it.


You proclaimed to me, "You thought that medical offices couldn't call out names in the waiting room.
* You seemingly knew nothing about incidental disclosure in HIPAA.". That error on your part, IMO, comes from the fact you only have a lay person's basic understanding of professional confidentiality.

HIPAA & Calling Out Full Names In Waiting Rooms
Every covered entitiy (CE) has a different environment and different patient care circumstances, and the HHS specifically has expressed more than once that the purpose of HIPAA is not to unnecessarily inhibit patient care.

To address HIPAA requirements, and to help cover your organization whenever full names are called out for all to hear, hopefully your lawyer, or whomever your privacy officer is within your organization, has documented why your clinic or hospital has determined that it is a reasonable activity to call out full names in violation of the HIPAA requirement to protect the full identities of patients. Such documentation will help in the event some of your patients submit a complaint to the Department of Health and Human Services (HHS) about HIPAA non-compliance.
Click to expand...


Then there is your argument from ignorance that because information is public someplace else it is not subject to confidentiality laws. That is also incorrect, as I have tried to explain to you a number of times here. In essence you are trying to argue that because something sounds logical to you, that is all you need, you must be correct. But you lack the knowledge and keep ignoring the fact that confidential information is based on where/how you learn about it, not who else knows it. That's professional confidentiality 101.

Some CEs have argued that the HIPAA allowance to include a patient's full name within a facility directory allows the name to also be called out in a room with other individuals. However, listing a name in a directory and calling out a full name in a room of people, and then seeing the individual who responds to the name and allowing the others in the room to now identify the person by name and by site is a much different matter.
Click to expand...

A further discussion of 'advanced' professional confidentiality:
a patient's name is defined as one of the types of protected health information (PHI) under HIPAA. HIPAA addresses restricting access to PHI, and so also to the full name. § 164.502 Uses and disclosures of protected health information: general rules covers the ways in which PHI may and may not be disclosed. With regard to full names being called in waiting rooms, I've spoken with multiple lawyers and compliance officers who reference the following passage:

(b) Standard: Minimum necessary
(1) Minimum necessary applies. When using or disclosing protected health information or when requesting protected health information from another covered entity, a covered entity must make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.
Click to expand...
In other words, if you can show that you need to use a last name in a waiting room, like you have 5 Marys sitting there, you can use the last name. But if you cannot show you need an exception to the rule, it is not automatically considered the 'incidental' information you mistakenly think it is.

This is one of those issues we learn from networking and experience. A lay person reading HIPAA could easily make the mistake of thinking they know what is and isn't 'incidental' information just based on logic. But those of us with experience and network communication with colleagues have learned the last name being called out in a waiting room is not incidental. And if you are going to call out last names, you need a better reason than it was incidental. What is incidental is the mail person seeing the name on the return address of a bill, and a lab tech seeing names on specimens whom the person is not running any tests on.

Sign in sheets that have full names on them can be seen as incidental but need to stop asking questions like, "reason for visit".
Calling out the pts name in the waiting room...HIPPA?
The Privacy Rules require physicians to use appropriate administrative, technical, and security safeguards to protect the privacy of protected health information — including oral communications. ...

Sign in sheets:
To the extent these activities result in other people learning a patient's name or other information, the disclosure would be considered "incidental" to the physician's treatment of the patient, and therefore acceptable under HIPAA. Physicians should take appropriate precautions to limit the amount of information that might be incidentally disclosed in this manner. For example, physicians should not ask patients to list "reason for visit" on a sign-in sheet. With respect to placing charts outside of an examination room or the patient's hospital room while the patient is waiting to see the physician, the physician should take precautions such as turning the front of the chart towards the wall so others do not have the opportunity to read the front page while walking past the room.
Click to expand...

According to you, Unca, logic would suggest if one can see the full name on the sign in sheet, then calling out the name in the clinic waiting room or having the name show on the chart outside the room is already public knowledge so it's not a breach of confidentiality.

But that is a false assumption, and logical or not, it is not how medical confidentiality is determined and it is not how the law is interpreted. If the clinic can show a reason they need to call out a last name, then they can. But it is not an automatic assumption and the majority of clinics and EDs have quit using patient last names in their waiting rooms.



Getting back to the name on the brain jar, the lawyers for the deceased's parents did not make the argument the morgue violated the "minimum standard" of HIPAA regarding confidentiality:
AMA HIPPA FAQs
The Privacy Rules require a physician to make reasonable efforts to limit the amount of protected health information that the physician uses or discloses to the minimum amount that is necessary to accomplish the purpose of the use or disclosure.
Click to expand...

We know the lawyers did not make the argument because the the judge did not address it in his ruling.

As I said, the judge might have ruled the name on the jar was incidental information as far as forensic club student visitors seeing it went. But the idea there is no duty to keep the fact a dead teen's brain is in a jar in a morgue confidential is wrong. If the jar had been visible from a window and a passerby saw it, that would have been "on public display" that the judge ruled did not happen. How can that matter if there was no duty of confidentiality? How would a brain in a jar be "mishandled" by being visible through a window to the outside if confidentiality was not the main issue?

Go re-read the appellate judge's ruling and you'll see public display was the issue the judge addressed. 'Public' as in the confidentiality aspect, not 'mishandling' like playing catch with the jar, or leaving it unattended on a table in the lobby.
 
qayak said:
This has to do with a doctor, and novelist, who wrote a story in 2007 about the death of a Canadian soldier in Afghanistan in 2006.

http://www.canada.com/vancouversun/news/story.html?id=cb2948de-4cfd-4808-9529-c639f5c1b801

He was being investigated for breach od confidentiality laws but:

The outcome:
Cleared by the military court because he had the soldier's mother's authorization but censured by the B.C. College of Physicians.

http://www.cbc.ca/canada/british-columbia/story/2009/01/27/bc-canada-afghan-doctor.html
Click to expand...
Your links, qayak, are relevant, but as it pertains to the case here, the links are referring to Canadian law, not US law. Nonetheless, it is interesting to see what other countries do to handle confidentiality after death.
 
qayak said:
It would seem to me that once a person is dead, there is no confidentiality issue whatsoever.
Click to expand...
Also from the AMA HIPAA FAQ page:
The privacy protections HIPAA affords are not limited durationally, therefore the medical record of a deceased patient is subject to all restraints on disclosure that are applicable to the record of a living patient. Typically a patient's "authorization" would be required to release the record. When authorization is unavailable, however, HIPAA permits disclosure of medical records in two scenarios.
Click to expand...
 
UncaYimmy said:
Quote:
http://www.uihealthcare.com/depts/hipaa/qanda.html#b
Can staff still call out the names of patients in the waiting rooms?
Yes. The rule explicitly permits certain incidental disclosures that occur as a by-product of an otherwise permitted disclosure after UI Hospitals and Clinics has applied reasonable and appropriate safeguards.
Click to expand...
Your citation on the waiting room names is 4 years old and mine is from last year. Your's has a short paragraph and mine has a full discussion of the concept of the "minimum information" standard, and "incidental"

Your source is valid as far as it goes, but mine is a detailed opinion from an industry expert:
REBECCA HEROLD'S BIO:
Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog.
Click to expand...


The rest of your sources provide no more than definitions which have already been posted. Anyone can read a definition. That doesn't mean the full understanding of the terminology is contained in a brief definition. That's what I mean by the difference between a lay person's understanding of something and the more in depth understanding that comes from years of education and experience.
 
You must log in or register to reply here.

Back
Top Bottom