Category Archives: Health care

Let’s Not Publish the Names of Terrorists and Mass Murderers

It has happened again, this time at the Washington Navy Yard.  Twelve Navy people killed by an insane man who showed all the signs of a psychotic individual prone to violence.  As one talking head psychiatrist said on CNN: “People like this are seeking attention.  It is part of their pathology.”

Earlier this year I published, “Let’s Not Publish the Names of Terrorists or Mass Murders.”  I did this because I knew that many of the mass murders—such as the man in Connecticut, the guy in Colorado last year, and now this man at the Navy Yard—are killing people to join the ranks of John Wilkes Booth, Lee Harvey Oswald, Son of Sam, etc.

Sadly, this issue remains painfully relevant.

These men lost their grip on reality and were/are insane. They didn’t commit such nightmarish acts for a first class ticket to the afterlife and a plethora of beautiful virgins; they are committing these horrific slaughters, in part, for the publicity.

In most locales, it is customary to have a Rape Shield Law. This shields the names of rape victims from the press. These Rape Shield Laws were found unconstitutional.  However, most newspapers and television stations do not report victims’ names, nor should they. I was relieved to see Time did not disclose that First Class Midshipman’s name who had to endure an Article 52 hearing, (ironically) at (now crime scene) Navy Yard two or three weeks ago.

Again, I want you to assist me in taking on a project for the avocation of a non-binding resolution from each state legislature and Congress that requests journalists and law enforcement agencies not to report the names of suspected or convicted mass murder or those who may have attempted the same.

I ask law enforcement to abide by these guidelines by not reporting the names of suspects or the convicted terrorist or mass murderer. I would ask the press not to publish names of suspects of these people or the names of those convicted.

I need assistance because I want Congress and all state legislatures to pass Joint Resolutions supporting this idea. Then no jihadist or person with a mental defect could be assured their name would be reported in the press, their families could live without retaliation for something not in their control, etc.

I would request this anonymity no matter whether the person was under arrest, on trial or convicted and sentenced.

Please remember the most recent ricin attack and the arrest of the first man in Mississippi His name was dragged through the mud for a week and then, finally and quietly, exonerated.

Another man is under arrest for the ricin attacks and tried by the press. In the first ricin poisonings, the FBI named a physician who had worked a Ft. Detrick; he was never arrested but suffered for six years until the FBI realized they royally screwed-up. There is a  new suspect in custody.

It then cost the government $6 million to pay the physician for the damage the government had caused to him, and money may help, but it will never undo the professional and personal harm he suffered.

We do not ask for a curtailment of First Amendment rights, just responsible journalism. Journalists; both in print and electronic media have abided by this code (usually) for rape victims.

It is imperative that the names of the suspects of those who shoot numerous innocent people and then commit suicide by cop or are under investigation and awaiting trial for doing these dastardly deeds do not get the publicity they may have sought.

After conviction, people guilty of mass killings should not be remembered. Their victims should be remembered.

Our society should shun the killers. Let’s not give them another fifteen minutes of fame when/if they are injected with lethal drugs.  Let’s just forget the names of the people who commit senseless acts of violence such as these.

An appropriate epitaph that could be reported on the news could easily be “The man convicted of the Boston Marathon bombing was put to death yesterday;” or, “The man found not-guilty by reason of insanity in the case of the Colorado Theater shootings died in custody yesterday of natural causes.”


Sharing PHI with Attorneys: Okay Under HIPAA?

The single largest group of healthcare whistle-blowers are healthcare personnel themselves, including, nurses, doctors, dentists, the various therapy professionals and billing professionals, who encounter fraud on the job.

The major question facing these healthcare professionals, is whether health care workers violate HIPAA by disclosing patient protected health information (“PHI”) when blowing the whistle?

First the obvious answer is, there is no need to disclose protected health information to whomever they are making the complaint.  Logically, it helps to work with knowledgeable legal counsel from an early stage in the process.

HIPAA privacy rules penalize only “covered entities” in the law which includes specified natural persons like doctors and nurses, who pass along PHI without patient authorization.  Natural persons, the living, breathing kind (not the Supreme Court kind of “corporate persons”) can be covered entities, but are not always.  A whistle-blower who is not a covered entity (or a non-medical business associate or attorney of a covered entity) is not subject to HIPAA rules.*

Second, for individuals who are covered entities, HIPAA rules provide disclosure “safe harbors” including the following:

  • A covered entity is not considered to have violated [HIPAA] if a member of its workforce or a business associate discloses protected health information, provided that:
    • The workforce member or business associate believes in good faith that the covered entity has engaged in conduct that is unlawful or otherwise violates professional or clinical standards, or that the care, services, or conditions provided by the covered entity potentially endangers one or more patients, workers, or the public; and
    • The disclosure is to:
      • A health oversight agency or public health authority authorized by law to investigate or otherwise oversee the relevant conduct or conditions of the covered entity or to an appropriate health care accreditation organization for the purpose of reporting the allegation of failure to meet professional standards or misconduct by the covered entity; or
      • An attorney retained by or on behalf of the workforce member or business associate for the purpose of determining the legal options of the workforce member or business associate with regard to the conduct described in paragraph (j)(1)(i)….

While it is possible that an individual relator could be a covered entity under HIPAA, HHS Reg. 164.502(j), specifically authorizes covered entities to share PHI (“protected healthcare information”) with their attorneys in whistle-blower cases.

HHS’ Covered Entity Charts and associated regulations state that natural persons can be covered entities if they “furnish, bill or receive payment for, health care in the normal course of business and (send) any covered transactions electronically.”   The question that doesn’t seem to be addressed anywhere is whether an individual employee of a healthcare provider provides healthcare “in the normal course of business” for purposes of the regulation.

For what it’s worth, I have never heard of a False Claims Act whistleblower being held in violation of HIPAA regulations for disclosing PHI to his or her attorneys or to law enforcement authorities, including the Office of Special Counsel or the Agency’s Office of Inspector General.   One way around the PHI-disclosure concerns is to redact PHI from medical billing records for use in court filings and disclosure statements provided to the Department of Justice.

It is important to keep in mind, however, that beyond HIPAA there are various hidden federal document-removal and document-sharing traps.  For example, it is becoming more common for employers to sue whistle-blowers for breach of confidentiality agreements in employment contracts or company policy manuals.  They may also sue for misappropriation of trade secrets.  Likewise, some state computer privacy laws make it a crime for employees to access company computers or databases without authorization. Each of these potential traps must be addressed on its own terms.

It is fair to say that would-be whistle-blowers are normally safest not attempting to access any company documents — in hard-copy or electronic format — which they are not authorized to access as part of their normal job responsibilities.  It is also important to obtain legal advice early the process to work through evidence-related issues on the front end.

In Brunotte v. Tangherlini, Civil Action No. 08-0587 (D.C.), the parties settled a Privacy Act case prior to trial. This case, in U.S. District Court for the District of Columbia, involved allegations that employees of the General Services Administration and its Office of Inspector General committed violations of the Privacy Act in an apparent attempt to interfere with a GSA employee starting a new job at the Government Printing Office. Under the settlement agreement, the government will pay $585,000 to resolve the claims.

The Brunotte case involved several allegations of violations of The Privacy Act, 5 U.S.C. §552a. This statute restricts how government agencies can collect, retain and disseminate information regarding individuals, including federal employees, and gives individuals the ability to sue the government in the cases where these restrictions are violated. Depending on the nature of the violation, remedies available can include money damages where “actual damages” have occurred (which includes relief such as back pay and out-of pocket expenses, but not emotional pain-and-suffering damages or the like), orders modifying the government records in question and reimbursement of attorneys’ fees and costs. In addition, some of the most serious violations of the Privacy Act are subject to criminal penalties.

In the Brunotte case, two of Brunotte’s claims were set for trial after the GSA’s attempts to have her claims dismissed on summary judgment were denied. The first claim alleged that GSA violated the Privacy Act when an agent of the GSA OIG contacted an agent of the GPO OIG to provide false negative information concerning Brunotte. The second claim alleged that GSA violated the Privacy Act by collecting information concerning Brunotte’s application to work at GPO without trying to get the information from Ms. Brunotte herself, as the Privacy Act requires.

Brunotte claimed that, as a result of these violations, GPO rescinded its job offer to her.

Under the January 29, 2013, settlement agreement, the government will pay $400,000 to Brunotte, plus an additional $185,000 in attorneys’ fees and costs.  Ms. Brunotte’s attorneys are Joe Kaplan and Andy Perlmutter.

This case serves as a reminder that government agencies may be just as careless in dealing with PHI as private employers.  Whether public or private employers must be careful in protecting private information concerning individuals, even if the individuals are federal employees  The Privacy Act can carry steep consequences when those restrictions are violated.

* HIPAA is not the only legal hazard for would-be whistle-blowers. State-level privacy laws also lurk.