Not All Sensitive Health Information is Protected Health Information Under HIPAA
Individual sensitive health information (ISHI) and the communication thereof may not constitute protected health information (PHI) that is regulated by HIPAA...
Ed note: This post originally appeared on Fox Rothschild’s HIPAA, HITECH & HIT Blog.
Recently our partner Keith R. McMurdy posted an entry on the Fox Rothschild Employee Benefits Legal Blog entitled “HIPAA Medical Privacy Matters: Court Permits ADA Claim to Proceed.” While the full text of the excellent blog posting can be found here, I thought that a specific HIPAA point in Keith’s posting was well worth emphasizing: individual sensitive health information (ISHI) and the communication thereof may not constitute protected health information (PHI) that is regulated by HIPAA.
As described in the blog posting, ISHI was provided by the father of a seriously sick child on behalf of and for the child in an e mail he sent to his employer’s CFO. The employer’s self-insured health plan apparently had received claims approximating $1,000,000 for treatment for the child who was covered under the plan.
Is The Future Of Law Distributed? Lessons From The Tech Adoption Curve
Keith points out,
Arguably, Myers’ [the father’s] e-mail did not implicate HIPAA medical privacy concerns because the [i]nformation provided voluntarily by the patient himself or herself (or in this case the parent of a minor patient) is not protected health information (PHI) under HIPAA. Further, because the CFO knew about the sick child, he was able to review the plan expenses and deduce that the higher costs were associated with that particular dependent. Even that was not in and of itself a violation of HIPAA medical privacy (assuming his role with the plan was part of the plan’s operation). So there is no indication that there was an improper use of PHI so as to create a privacy violation under HIPAA.
Among other things, the blog entry highlights the fact that the source of ISHI (in this case the parent of the child who sent the e mail to the CFO), and the circumstances under which the ISHI is shared (in this case by the father to the CFO of the plan sponsor), may materially impact whether the ISHI is PHI that is subject to regulation under HIPAA.
Sponsored
Navigating Financial Success by Avoiding Common Pitfalls and Maximizing Firm Performance
Early Adopters Of Legal AI Gaining Competitive Edge In Marketplace
Is The Future Of Law Distributed? Lessons From The Tech Adoption Curve
Early Adopters Of Legal AI Gaining Competitive Edge In Marketplace
“Fox Rothschild’s HIPAA, HITECH & HIT Blog is part of the LexBlog Network (LXBN). LXBN is the world’s largest network of professional blogs. With more than 8,000 authors, LXBN is the only media source featuring the latest lawyer-generated commentary on news and issues from around the globe.”
Sponsored
The Business Case For AI At Your Law Firm
