OT: Rape, Counseling and Medical Privacy

Submitted by Vivz on

First off, I acknowledge the sensitivty of this subject, I hope everyone else can as well. This is a hot button issue, and a seeming ugly loophole that should be publicized. 

A January lawsuit against the University of Oregon resulted in Oregon's general counsel accessing therapy and counseling records of the victim (Plantiff) from their counseling center to help defend the university. While this seems against the very nature of privacy laws, it brought to light that FERPA, not HIPAA governs privacy of students using university counseling records and it appears to be legal. 

One more level of problems about Sexual Assualt annd the way it is handled at different levels. The people needing the most help seem to have another obstacle to face when seeking that help. The writers take is simple; Loophole that needs closing, and any victim should seek third party help, not university counseling.

 

http://chronicle.com/article/Raped-on-Campus-Don-t-Trust/228093/

Sac Fly

March 3rd, 2015 at 4:10 PM ^

Apparently, the university cited FERPA to pull these records. Then used FERPA as a reason to not disclose their own records when it got out.

BiSB

March 3rd, 2015 at 4:10 PM ^

1) This is a very relevant and important topic.

2) PLEASE everyone behave and allow it to be a relevant and important conversation.

BiSB

March 3rd, 2015 at 4:11 PM ^

Now that the stupid, hopefully-unnecessary warning is out of the way, I disagree with Oregon's interpretation of the FERPA exception in this case. They weren't disclosing the records. They were using them for internal prep, and did not disclose them to the opposing party. 

LSA Aught One

March 3rd, 2015 at 4:11 PM ^

At very least, the patient should be made aware of this during the intake process. I would have objected had I known that my university doctor was not being held to the same rules as my non-university doctor. This seems unbelievable or possibly misinterpreted.

GoWings2008

March 3rd, 2015 at 4:14 PM ^

but in most cases, I have to imagine that a patient/victim is having a lot of things going on at the time to really absorb the information a doctor is giving them.  The patient really needs an advocate with them, someone they trust, when the doctor or any other medical staff members are talking to them.

Vivz

March 3rd, 2015 at 4:18 PM ^

And one of the points in the article is that the counselors are some of the victims biggest supporters. It seems that they were unaware of this loophole themselves and are up in arms against this interpratation. 

I find it hard to believe that a doctor can in good conscience support something which is not in the best intrest of their patient as this appears to be. There seems to be a link that it is only because of the lawsuit against the University that this was able to be done which further clouds the waters. 

The Mad Hatter

March 3rd, 2015 at 4:16 PM ^

I thought it was common knowledge that unless you're talking to a doctor, a priest, your spouse, or a lawyer, your communication was not protected.

Also, my personal belief is that the "campus judicial process" should not come anywhere near rape cases.  There needs to be a movement to encourage victims to call the police and go to a hospital immediately after they're assaulted.  Preserve any and all physical evidence and have professionals investigate the case.

1464

March 3rd, 2015 at 4:19 PM ^

Oh... no.  Not at all.  A volunteer working at a hospital is bound by the same HIPAA law as a doctor.  I train everyone from housekeeping to nurses to the officer level on HIPAA.  It's federally required for anyone in healthcare.

DCGrad

March 3rd, 2015 at 7:40 PM ^

with HIPAA or FERPA but not all states recognize the therapist-patient privilege. It might also depend on whether the therpist is an MD/DO or a PhD.  I'm not sure about the rape shield laws in Oregon or if that holds once a suit has been filed.

1464

March 3rd, 2015 at 4:17 PM ^

I'm surprised by the fact this is legal in any way.  I work with HIPAA law, and healthcare data management.  Nothing supercedes HIPAA law at our health system.  We have extremely detailed policies and procedures that deal with how we handle our medical records.

If anything, this should expose a rather large loophole in medical confidentiality that needs to be patched asap.  I am shocked that HIPAA law does not apply in this case.  The University of Oregon is defending itself against a non-malpractice suit by hijacking PHI.  That's indefensible.  Heads should roll.

Obviously there are more important people who think otherwise, but for lack of a better word - this situation is total bullshit.  Oregon just pushed their way up the fuck you list to nestle somewhere between ND and Penn State.

1464

March 3rd, 2015 at 4:25 PM ^

I mean... HIPAA law covers dentists, physical therapists, lab workers, psychologists, pharmacies, and any contractors that could be reasonably expected to come into contact with medical records.  That could even extend to the company that services a hospital's Xerox machines.

The Mad Hatter

March 3rd, 2015 at 4:42 PM ^

is fine.  But I think it's more fun to add a level of competition to dinner time.

Make only enough food for one kid and have them fight for it.  To make it fair you give the younger/weaker kids a weapon to use.

Having grandparents that feel guilty about the crap job they did raising their own kids helps too.  See, they're getting old, and they're afraid of going to hell when they die.  They'll buy tons of diapers and baby clothes to buy their way on the good list.

xtramelanin

March 3rd, 2015 at 7:13 PM ^

if you don't work, you don't eat.  teach them how to plant, harvest, milk, slaughter and butcher the livestock and you can cut down on a lot of food bills.  sell the extra and you make your grocery costs a veritable profit center. 

stephenrjking

March 3rd, 2015 at 6:35 PM ^

A few years ago, when I worked at a small hospital in LA, some lower level workers got in huge (like, lawyers and police and here's a security guard to escort you out now that you've been fired huge) trouble for accessing hundreds of celebrity records at UCLA. This naturally got our attention at my humble employment, but we already had pretty thorough procedures in place so long as they were followed.

And it was important to follow them, because when you work admitting at a hospital in LA for long enough you are likely to encounter the occasional celebrity. And I did, but with two exceptions (who weren't patients and were not directly associated with patients) I still don't even tell my wife who they were.

mGrowOld

March 3rd, 2015 at 4:34 PM ^

I think what you guys are missing is that HIPAA doesnt prevent someone from defiending themselves and in this case the Dr = the University.  It appears to me that the HIPAA didnt come into play because the University said in essence "we're being sued and the person with the information on the case works for us - they are not independent."

If a Dr is sued for malpractice they are allowed to introduce patient records - the patient through their litigation creates the hole in the HiPAA protection.   How is this situation any different?

 

mGrowOld

March 3rd, 2015 at 4:40 PM ^

I'm not defending the University but I dont think it matters here.  I too deal in HiPAA a lot at work and I know that lititgation, almost any litigation, means the medical records get introduced as part of the defense.

I think the key thing is your statement "may have obfuscated a rape".  Or they may not have.  And in defending themselves they are asking for the records from one other their employees - not a third party.  That is not unreasonable IMO.

BiSB

March 3rd, 2015 at 4:41 PM ^

And its a very narrow exception. Here, this would be like suing a county because inadequate security at one of their buildings led to you being raped, and them looking at your psychiatrists' notes afterwards.

There is no way this kind of disclosure would fly under HIPAA.

1464

March 3rd, 2015 at 4:57 PM ^

Funny story there (as funny as a HIPAA story could be, I guess)...

I reworked our HIPAA Orientation booklet about a year ago.  I spelled HIPAA correctly approximately 86,000 times in said booklet.  I also spelled it "HIPPA" on the cover.  I didn't catch it until after the next orientation group went through.  So yeah... I felt pretty stupid.  In my defense, we have document control at our facility, and it came back approved...

BiSB

March 3rd, 2015 at 4:26 PM ^

HIPAA covers everyone at a health care provider, insurer/health plan, health care clearing house, and health care service provider who receives Protected Health Information. That includes the person at the front desk, the janitor cleaning the hospital, the IT guy working on the computer systems, etc.

It's just that apparently (and I didn't know this) FERPA covers some ground that HIPAA would normally cover when the school itself is providing services.

west2

March 3rd, 2015 at 7:25 PM ^

you are basically correct although the janitor is not really covered. HIPPA covers anyone that might have access to the medical record such as billers, data entry personnel, nurses, secretaries, doctors, therapists, nurses aids etc.  It states the patient must give written permission to release any personal health info including seemingly insignificant details such as whether you were at a docs office on a certain date or not.  Providers cannot release these details even to a spouse without written permission.   As a health care provider if you release info or that info is accessed without the written permission you can be sued for med-mal.  The onus of protecting this info is on the doc or clinic or hospital whomever domiciles the records.  In med-mal the plaintiff patient signs a records release to the various providers giving permission to release the records to the lawyers so it's a little different situation. 

 My guess is that the person involved in this case had signed a release of some sort as a condition of her employment.  I am speculating about that as I don't know the details of the Oregon case. 

mGrowOld

March 3rd, 2015 at 4:23 PM ^

I can clearly see both sides of this arguement.  On one hand the University must defend itself and they are accessing the records of one of their employees in doing so.  On the otther - the person seeking counseling would have no reasonable way of knowing in advance that they are are talking to a representative of the group they might someday be seeking damages from when they seek the needed counseling.  To me at least there is no clear right or wrong answer here.

I think I understand now why Solomon suggested cutting the baby in half.

west2

March 3rd, 2015 at 4:33 PM ^

It appears that this interpretation completely violates the intent of HIPAA and particularly with regard to sensitive info such as this.  Using this data in this way justified for the purpose of "judging the effectiveness of government investments in education" seems like an incredible stretch.  Generally it is my understanding that requests for FOI in cases involving rape can be refused by law enforcement so this release of info by a university seems to defy logic.  But then we know that logical and legal are not always the same.  Would be interested in a legal viewpoint on this. 

xtramelanin

March 3rd, 2015 at 4:44 PM ^

is that it provides no remedy for the aggrieved party.  the victim who has had their records improperly accessed can't sue or enforce the law.   they can contact the relevant gov't agency but i'm pretty sure that suits under HIPPA are very rare relative to the number of incidences of improper records disclosure. 

Sports

March 3rd, 2015 at 4:47 PM ^

This disclosure is incredibly disturbing. Given the rising cost relative to earnings of attending college in the US, student health clinics are the only reasonable option for many on campus. If someone goes through a horrible incident like this or are traumatized enough to seek medical assistance for any other reason, it's horrifying to think that the university would try to subvert their welfare.

Michigan has been making a huge push lately for students to take better advantage of on campus mental health resources and several student groups have sprung up within the last year to serve as support networks for students seeking counselling. I hope that this news doesn't make students that need help reconsider getting it. 

Horrible situation, all around. 

gbdub

March 3rd, 2015 at 5:02 PM ^

Honestly this is just one more reason why universities shouldn't be adjudicating felony accusations. They aren't equipped for it, there's too much conflict of interest (in ways that can hose both accuser and accused), and they generally do a lousy job of it. Now this comes up, and it's clear that even the laws aren't equipped properly for universities to handle this. Something serious enough to be a crime should be an issue for the police and courts, and no one else. If universities want to offer counseling, or temporarily separate accuser from accused while the justice system works it out, fine, but anything else is going to create way too many sad cases like this.

Skirting no polo, the OCR has really overreached in demanding that universities handle these issues internally.

If I get assaulted by another tenant at my apartment complex, I don't expect the landlord to adjudicate the dispute.




Sent from MGoBlog HD for iPhone & iPad

1464

March 3rd, 2015 at 5:50 PM ^

It directly relates to this situation, and the OCR also enforces HIPAA law.  So I'm guessing a more appropriate time would not surface on these boards.

gbdub

March 3rd, 2015 at 8:24 PM ^

Relates directly to the issue at hand. Without the expectation that universities handle sexual assault cases internally, the victim in this case doesn't sue the school and Oregon has no reason to go digging in her private counseling records. This only happens because Oregon is being expected to be both her health provider and her legal protector from assault, creating the conflicting interests.




Sent from MGoBlog HD for iPhone & iPad

markusr2007

March 3rd, 2015 at 5:35 PM ^

started to feel obligated to take on these roles of investigation, evidence collection, adjudication, etc.?

I'm just not familiar with the chronology of historical events (i.e. acts of violent crime on campus) that would have led university officials, or even their donors or tax-paying public, to believe that institutions designed for educating people must now take on such broad and deep roles for which they are woefully unqualified and understaffed.  

I liken it to re-assigning federal IRS investigators to start plowing the roads of New England in the winter time, while those previous roadgrader drivers are re-assigned to start investigating income tax fraud and prepare predictive analytics of future fraudulent activities.  That's dumb. 

gbdub

March 3rd, 2015 at 8:14 PM ^

Yes. OCR has recently (current administration) pushed hard on an interpretation of Title IX that requires every institution to adjudicate sexual assault accusations, and sets certain standards for punishments and standards of evidence. Look up the 2011 "Dear Colleague" letter for more information.

Notably to this blog, it was this letter that caused Michigan to reopen the case against Gibbons (which had originally been closed in 2009).




Sent from MGoBlog HD for iPhone & iPad

Erik_in_Dayton

March 3rd, 2015 at 6:08 PM ^

I'll defer to others on the board as to whether Oregon CAN do this, but the fact that they DID do it is an abomination. I hope members of the media point this out.

ppToilet

March 3rd, 2015 at 6:42 PM ^

There should be a disclaimer in every U of M counseling center / clinic until this loophole is closed. Privacy is the foundation of medicine and medical societies need to be made aware of this nonsense.

And the University of Oregon are incredible tools for taking advantage of this, irrespective of its legality.

Clarence Beeks

March 3rd, 2015 at 8:45 PM ^

I find it interesting that the author didn't bother to ask the question, or go down the road of inquiry at all, of whether the University violated state privacy laws. Remember, federal law sets the floor; states can always adopt a more stringent standard. A very cursory glance indicates that Oregon law has a much more limited disclosure / internal sharing standard (which does not appear to allow for the sharing that occurred in this situation).