top of page


  • Writer's pictureRobinson Law Office PLLC

Privacy Takes A Backseat To Whistleblowing Under HIPAA

Updated: Feb 20, 2018

The Health Insurance Portability and Accountability Act allows whistleblowers, who are usually employees or business associates of a covered entity, to take the very information HIPAA aims to protect and disclose it to private lawyers, without first exhausting internal reporting options, and often with the intention to bring highly lucrative qui tam lawsuits. This exception conflicts with HIPAA's stated goals of protecting patients and presents a serious risk to patient privacy. HIPAA should be amended to require that employees and others first exhaust all internal reporting options

There is no dispute about the importance of protecting patient information and health care providers are spending significant portions of their precious resources to comply with the rigorous requirements of HIPAA. But there is one group that has received a pass when it comes to protecting patient privacy  employees of covered entities who believe that their employer has engaged in unlawful conduct and want to give patient information to private lawyers. The lack of limitations on the use of patient information in this context creates far more harm than it is worth.

Remind Me Again: HIPAA Basics

HIPAA establishes federal standards to protect the privacy of patients’ protected health information (PHI) maintained by covered entities. It establishes standards for the security of electronic PHI, including administrative, technical and physical security safeguards for covered entities and their business associates to assure the integrity, availability and confidentiality of electronic PHI.

The disclosure of PHI in violation of HIPAA can result in significant penalties for the responsible party, whether that party is a covered entity (e.g., a hospital) or a business associate (e.g., a vendor). In recent years, the government has doubled down on its efforts to enforce HIPAA, bringing over 25,000 actions by requiring changes in privacy practices and corrective actions by, or providing technical assistance to HIPAA-covered entities and their business associates. The Office for Civil Rights (the agency with jurisdiction to enforce HIPAA) has investigated complaints against national pharmacy chains, major medical centers, group health plans, hospital systems and doctors’ offices, with settlements totaling $72,929,182. See, "Enforcement Highlights." 


Recent Posts

See All

Termination of Parental Rights in Florida

Courts and legislatures across the country recognize that parents play an extremely important role in the life of their children. Children who grow up without the presence of one or both parents may r

Employment Law | Whistle-Blower Protections Reduced

By Meagan Bainbridge, Weintraub, Tobin, Chediak, Coleman, Grodin Law Corporation On February 21, 2018, in Digital Realty Trust, Inc. v. Somers, the United States Supreme Court significantly reduced th


bottom of page