- The Washington Times - Thursday, August 26, 2004

Federal health care privacy rules were designed to guard against the disclosure of information found in patient records that were leaked from the D.C. fire department, the head of the federal Office of Civil Rights said yesterday.

Richard M. Campanelli, director of the Office of Civil Rights, declined to discuss the specifics of the D.C. fire department case because he is not privy to any of its details.

But Mr. Campanelli said the Health Insurance Portability and Accountability Act (HIPAA) was enacted to safeguard information such as patients’ names, addresses, Social Security numbers, diagnoses and treatments.

The leaked patient records — some of which have been obtained by The Washington Times — include such information about seven patients recently treated by firefighter-medics.

“If a covered entity has information, then it must protect that information and adopt reasonable safeguards to secure a patient’s privacy,” said Mr. Campanelli, whose agency enforces HIPAA rules.

Fire Chief Adrian H. Thompson, who also possesses copies of the leaked patient records, met yesterday with the fire department’s HIPAA officer and the city’s HIPAA officer, but the group reached no conclusion on whether a violation occurred.

“Certainly there will be an investigation,” said fire department spokesman Alan Etter. “What they’re trying to do now is to determine by whom and what elements will be involved. What they need to find out is if there is a violation, who’s responsible and what do you do about it.”

The city’s HIPAA office — which is under Neil O. Albert, deputy mayor for children, youth, families and elders — could not be reached for comment late yesterday.

Mr. Campanelli said his office primarily investigates cases after a complaint has been filed. He said he was not familiar with reports in The Times about the leaked records, but added that a complaint usually has been filed once a case has been publicized.

“Anyone can submit a complaint alleging a violation of the privacy rule. When we get information, we pursue it,” he said. “We do also have the authority to undertake a review on our own, when that is appropriate.”

Mr. Campanelli said determinations about initiating investigations are made on a case-by-case basis.

Violators of the privacy laws can face civil fines from $100 to $250,000 and criminal penalties of up to 10 years in prison. Mr. Campanelli said criminal violations occur when someone “knowingly obtains or discloses information in violation of the rule.”

He said HIPAA has provisions for whistleblowers who disclose information, but only when the persons make reports to an entity that is provided for in the law, such as a health oversight agency or public health authority authorized by law to investigate such claims.

The leaked patient records detail recent instances of what evaluators say has been substandard care administered by firefighter-medics, who have become the linchpin for a restructuring of the fire and EMS staff. The restructuring, which began in 2002, relies heavily on firefighters trained as paramedics.

Dr. Fernando Daniels III was fired Friday from the post of EMS medical director. Dr. Daniels was not accused of leaking patient records, but he was held responsible as the EMS quality-assurance director.

Fire administrators said the leaked records were the tipping point in Chief Thompson’s decision to fire Dr. Daniels after months of disagreements about the future direction of emergency medical service delivery.

Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times is switching its third-party commenting system from Disqus to Spot.IM. You will need to either create an account with Spot.im or if you wish to use your Disqus account look under the Conversation for the link "Have a Disqus Account?". Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide