The trusted source for
healthcare information and
Legal Review & Commentary
Jury awards $200,000 in Indiana invasion of privacy case
By Radha V. Bachman, Esq. Leilani Kicklighter, RN, ARM, MBA,
Buchanan, Ingersoll & Rooney, PC CHSP, CPHRM, LHRM
Tampa, FL The Kicklighter Group
News: A girl was admitted to a psychiatric facility after her parents found evidence of the girl having suicidal thoughts. The parents requested in writing that the hospital not send any records of the admission to the girl's school. A hospital therapist faxed a letter to the girl's school to an open fax machine where many school employees viewed the letter. Subsequent letters were sent. The girl and her parents sued the hospital alleging invasion of privacy. The jury found in favor of the girl and awarded $200,000.
Background: The parents of a 14-year-old girl found a note from their daughter that articulated suicidal thoughts and tendencies. Following a meeting with a school counselor in which the counselor referred the parents to a local adolescent psychiatric hospital, the parents decided to have the girl evaluated at the hospital.
A psychiatric nurse at the hospital determined that the girl needed to be admitted for treatment. At that time, the girl and her parents received assurances from the hospital that the girl's school would not be notified of the girl's condition and indicated the same on the hospital's confidentiality agreement. Living in a small town, the family was concerned that the girl would be subjected to ridicule in the community should the information be disseminated.
The day after admission, a hospital therapist, unaware of the confidentiality agreement signed by the girl's parents, faxed a letter to the high school counselor revealing the girl's status at the hospital and thanking the counselor for the "referral." The letter was faxed to an open fax machine that was available to all school staff and students working in the area. Evidence was presented that a number of teachers and administrators had viewed the fax and learned of the girl's hospitalization.
Upon returning to school following her treatment, the girl was informed that many people at the school, including students and teachers, knew of her hospitalization. The girl became distraught and was eventually readmitted to the hospital on suicide watch. During this time, another release of information form was signed that indicated that the school should not be notified of the repeat hospitalization. Once again, the hospital sent two letters to the school, both of which were satisfaction surveys sent by the hospital's CEO. After being released, the girl refused continued treatment from the hospital and moved to another city with her family seeking a fresh start.
The girl and her parents sued, claiming that the hospital had invaded her privacy by sending the facsimile to an open fax machine at the school. Given that the fax contained language such as "[t]hanks for the referral" and "thanks again," the plaintiffs argued that transmission of the fax was based on a desire for the hospital to gain repeat business from the school rather than done in the interest of the girl.
Initially, the trial court granted summary judgment in favor of the hospital, citing that the case fell under the state's medical malpractice act and the plaintiff had not followed the required procedures in instituting the claim. The Court of Appeals, however, held that reckless or negligent dissemination of confidential health information was not covered by the act and remanded the case back down to the trial court.
The hospital claimed that the girl had not suffered any damages as a result of the dissemination. In terms of mitigation of damages, the hospital also contended that the girl contributed to her damages by not returning for follow-up treatment. The girl prevailed on the invasion of privacy claim, and the jury valued her damages at $200,000. Due to the comparative fault rules, the award was offset by 45%, making the net verdict $110,000 for the girl.
What this means to you: The lesson here is simple: Two wrongs do not make a right. What part of no do you not understand, as in, "Do not, I forbid you, do not send or make contact with my child's school to acknowledge she has been hospitalized, not once, but twice. In writing and verbally, I tell you this."
Private health information (PHI) is confidential under most state's laws and the federally enacted Health Insurance Portability and Accountability Act of 1996, as amended (HIPAA), and release of treatment for psychiatric care requires a special release. This case involved an adolescent psychiatric hospital where the rules, regulations, and laws governing the release of medical information, especially treatment related to mental health, should be well known.
While emphasis on the protection of health care-related information always has been emphasized, with the enactment of HIPAA, the emphasis was broadened. Part of the emphasis includes appointment of a privacy officer, intense education of all employees, and periodic HIPAA rounds to further emphasize protection of medical information. There often are news stories highlighting the termination of employees who access a patient's medical record without the proper authorization.
All of this points to a larger question: With all this increased emphasis, visibility and education, how could someone make contact with an outside party to convey medical information that was not authorized, and in disregard of a written, specific request not to make contact with the minor patient's school?
This situation is disturbing and sad, primarily because it involves a minor who was suffering from underlying issues that formed the basis of her suicidal thoughts. The disclosure of her hospitalization created other social and potential mental health issues that necessitated a second admission. Further, this scenario is frustrating from the point of view of the therapist's failure to review the medical record, which contained the explicit written request not to contact the minor patient's school. One might question why we, as health care providers, document in the record if other health care providers do not read or heed what is written? As a result, the risk manager, as a part of the root-cause analysis of this event, might explore why it was not reviewed and how to better document such information to ensure that it will be honored. What makes it even more frustrating is that on the second admission, the same request was again made and ignored. One might question what corrective steps were taken in the interim between the first discharge and second admission (i.e., was the therapist interviewed, counseled, and disciplined in any way?).
The risk manager, working with the hospital's privacy officer, should review all policies and procedures regarding release of PHI, including what, how, and where faxes containing PHI can be sent. Faxes containing PHI should be sent only to those parties who have a reason to know, who are authorized to have access to the PHI, and when at all possible, should not be sent to open faxes.
The privacy officer and risk manger should collaborate in the development and delivery of an inservice program to senior management to reiterate and emphasize the ramifications of seemingly innocent communications that can breach confidentiality rules, in particular reference to the satisfaction survey sent by the CEO to the school. Patient satisfaction surveys should be sent only to patients or their legally authorized representative. Risk management and the privacy officer should review the marketing practices and material to be sure that patient-identifying information is not used.
This is a situation that lends itself to utilizing the disclosure process after the first admission/ discharge. A meeting with the parents and the patient to apologize and convey the steps being undertaken to guard against similar behavior in the future might have defused the situation and prevented the second breach. Absolutely after the second, repeat breach, a meeting to disclose and apologize should have taken place.
One asset a health care organization protects is its reputation. Reputation is a major factor that can affect patient, staff, and donation attrition. This scenario is newspaper fodder that can besmirch a psychiatric facility's reputation, especially when culture and society still do not understand mental illness and fully accept it as a medical illness. A black mark on a facility's reputation is a risk exposure that should be carefully considered by all health care facilities.
Case No. 53C06-0511-PL-2132, Circuit Court of Indiana, Tenth Judicial Circuit, Monroe County.