OT: Rape, Counseling and Medical Privacy
First off, I acknowledge the sensitivty of this subject, I hope everyone else can as well. This is a hot button issue, and a seeming ugly loophole that should be publicized.
A January lawsuit against the University of Oregon resulted in Oregon's general counsel accessing therapy and counseling records of the victim (Plantiff) from their counseling center to help defend the university. While this seems against the very nature of privacy laws, it brought to light that FERPA, not HIPAA governs privacy of students using university counseling records and it appears to be legal.
One more level of problems about Sexual Assualt annd the way it is handled at different levels. The people needing the most help seem to have another obstacle to face when seeking that help. The writers take is simple; Loophole that needs closing, and any victim should seek third party help, not university counseling.
http://chronicle.com/article/Raped-on-Campus-Don-t-Trust/228093/
Apparently, the university cited FERPA to pull these records. Then used FERPA as a reason to not disclose their own records when it got out.
1) This is a very relevant and important topic.
2) PLEASE everyone behave and allow it to be a relevant and important conversation.
Now that the stupid, hopefully-unnecessary warning is out of the way, I disagree with Oregon's interpretation of the FERPA exception in this case. They weren't disclosing the records. They were using them for internal prep, and did not disclose them to the opposing party.
At very least, the patient should be made aware of this during the intake process. I would have objected had I known that my university doctor was not being held to the same rules as my non-university doctor. This seems unbelievable or possibly misinterpreted.
but in most cases, I have to imagine that a patient/victim is having a lot of things going on at the time to really absorb the information a doctor is giving them. The patient really needs an advocate with them, someone they trust, when the doctor or any other medical staff members are talking to them.
And one of the points in the article is that the counselors are some of the victims biggest supporters. It seems that they were unaware of this loophole themselves and are up in arms against this interpratation.
I find it hard to believe that a doctor can in good conscience support something which is not in the best intrest of their patient as this appears to be. There seems to be a link that it is only because of the lawsuit against the University that this was able to be done which further clouds the waters.
I thought it was common knowledge that unless you're talking to a doctor, a priest, your spouse, or a lawyer, your communication was not protected.
Also, my personal belief is that the "campus judicial process" should not come anywhere near rape cases. There needs to be a movement to encourage victims to call the police and go to a hospital immediately after they're assaulted. Preserve any and all physical evidence and have professionals investigate the case.
Oh... no. Not at all. A volunteer working at a hospital is bound by the same HIPAA law as a doctor. I train everyone from housekeeping to nurses to the officer level on HIPAA. It's federally required for anyone in healthcare.
This is a Covered Entity, son. We play by Covered Entity rules.
post below is absolutely correct. This whole situation is disgusting and Oregon should be ashamed of themselves.
Hopefully some good will come of this mess in the form of legislative action.
She was talking to a doctor. She was talking to a doctor, and this would be covered under "doctor-patient confidentiality" under normal circumstances.
with HIPAA or FERPA but not all states recognize the therapist-patient privilege. It might also depend on whether the therpist is an MD/DO or a PhD. I'm not sure about the rape shield laws in Oregon or if that holds once a suit has been filed.
I'm surprised by the fact this is legal in any way. I work with HIPAA law, and healthcare data management. Nothing supercedes HIPAA law at our health system. We have extremely detailed policies and procedures that deal with how we handle our medical records.
If anything, this should expose a rather large loophole in medical confidentiality that needs to be patched asap. I am shocked that HIPAA law does not apply in this case. The University of Oregon is defending itself against a non-malpractice suit by hijacking PHI. That's indefensible. Heads should roll.
Obviously there are more important people who think otherwise, but for lack of a better word - this situation is total bullshit. Oregon just pushed their way up the fuck you list to nestle somewhere between ND and Penn State.
Does HIPAA cover therapists and/or counselors? It was my understanding that it only covered actual doctors. The guy that gives you pills, as opposed to the one you talk to.
I mean... HIPAA law covers dentists, physical therapists, lab workers, psychologists, pharmacies, and any contractors that could be reasonably expected to come into contact with medical records. That could even extend to the company that services a hospital's Xerox machines.
I had no idea the scope of the law was that broad.
I'll be happy to answer any banking and/or finance questions you may have in the future.
How do I make having kids cheaper? Do I have to feed them every day, or can I just alternate?
is fine. But I think it's more fun to add a level of competition to dinner time.
Make only enough food for one kid and have them fight for it. To make it fair you give the younger/weaker kids a weapon to use.
Having grandparents that feel guilty about the crap job they did raising their own kids helps too. See, they're getting old, and they're afraid of going to hell when they die. They'll buy tons of diapers and baby clothes to buy their way on the good list.
if you don't work, you don't eat. teach them how to plant, harvest, milk, slaughter and butcher the livestock and you can cut down on a lot of food bills. sell the extra and you make your grocery costs a veritable profit center.
A few years ago, when I worked at a small hospital in LA, some lower level workers got in huge (like, lawyers and police and here's a security guard to escort you out now that you've been fired huge) trouble for accessing hundreds of celebrity records at UCLA. This naturally got our attention at my humble employment, but we already had pretty thorough procedures in place so long as they were followed.
And it was important to follow them, because when you work admitting at a hospital in LA for long enough you are likely to encounter the occasional celebrity. And I did, but with two exceptions (who weren't patients and were not directly associated with patients) I still don't even tell my wife who they were.
I think what you guys are missing is that HIPAA doesnt prevent someone from defiending themselves and in this case the Dr = the University. It appears to me that the HIPAA didnt come into play because the University said in essence "we're being sued and the person with the information on the case works for us - they are not independent."
If a Dr is sued for malpractice they are allowed to introduce patient records - the patient through their litigation creates the hole in the HiPAA protection. How is this situation any different?
Correct, but this is not malpractice. This is mal-we-are-a-shitty-university-that-may-have-obfuscated-a-rape. There was no contention with the medical treatment.
I'm not defending the University but I dont think it matters here. I too deal in HiPAA a lot at work and I know that lititgation, almost any litigation, means the medical records get introduced as part of the defense.
I think the key thing is your statement "may have obfuscated a rape". Or they may not have. And in defending themselves they are asking for the records from one other their employees - not a third party. That is not unreasonable IMO.
And its a very narrow exception. Here, this would be like suing a county because inadequate security at one of their buildings led to you being raped, and them looking at your psychiatrists' notes afterwards.
There is no way this kind of disclosure would fly under HIPAA.
The malpractice analogy only works if the young woman complains about the quality of the services themselves.
You also spelled "HIPAA" correctly, putting you "one up" on an otherwise well-thought and well-executed OP.
Funny story there (as funny as a HIPAA story could be, I guess)...
I reworked our HIPAA Orientation booklet about a year ago. I spelled HIPAA correctly approximately 86,000 times in said booklet. I also spelled it "HIPPA" on the cover. I didn't catch it until after the next orientation group went through. So yeah... I felt pretty stupid. In my defense, we have document control at our facility, and it came back approved...
Fixed
Both Psychologists and Psychiatrists are covered under HIPAA, and often Psychiatrists notes (not medical records) are protected, sometimes even more stringently.
Yep. Mental Health/Chem Dep services have an entire layer of confidentiality attached to them that doesn't exist anywhere else.
Those are the only two sets of records that are explicitly not allowed to be sent to our state repository.
HIPAA covers everyone at a health care provider, insurer/health plan, health care clearing house, and health care service provider who receives Protected Health Information. That includes the person at the front desk, the janitor cleaning the hospital, the IT guy working on the computer systems, etc.
It's just that apparently (and I didn't know this) FERPA covers some ground that HIPAA would normally cover when the school itself is providing services.
you are basically correct although the janitor is not really covered. HIPPA covers anyone that might have access to the medical record such as billers, data entry personnel, nurses, secretaries, doctors, therapists, nurses aids etc. It states the patient must give written permission to release any personal health info including seemingly insignificant details such as whether you were at a docs office on a certain date or not. Providers cannot release these details even to a spouse without written permission. As a health care provider if you release info or that info is accessed without the written permission you can be sued for med-mal. The onus of protecting this info is on the doc or clinic or hospital whomever domiciles the records. In med-mal the plaintiff patient signs a records release to the various providers giving permission to release the records to the lawyers so it's a little different situation.
My guess is that the person involved in this case had signed a release of some sort as a condition of her employment. I am speculating about that as I don't know the details of the Oregon case.
I can clearly see both sides of this arguement. On one hand the University must defend itself and they are accessing the records of one of their employees in doing so. On the otther - the person seeking counseling would have no reasonable way of knowing in advance that they are are talking to a representative of the group they might someday be seeking damages from when they seek the needed counseling. To me at least there is no clear right or wrong answer here.
I think I understand now why Solomon suggested cutting the baby in half.
It appears that this interpretation completely violates the intent of HIPAA and particularly with regard to sensitive info such as this. Using this data in this way justified for the purpose of "judging the effectiveness of government investments in education" seems like an incredible stretch. Generally it is my understanding that requests for FOI in cases involving rape can be refused by law enforcement so this release of info by a university seems to defy logic. But then we know that logical and legal are not always the same. Would be interested in a legal viewpoint on this.
"so this release of info by a university seems to defy logic"
Technically it wasn't "released", but rather shared with a different part of the University.
SHERPA
is that it provides no remedy for the aggrieved party. the victim who has had their records improperly accessed can't sue or enforce the law. they can contact the relevant gov't agency but i'm pretty sure that suits under HIPPA are very rare relative to the number of incidences of improper records disclosure.
This disclosure is incredibly disturbing. Given the rising cost relative to earnings of attending college in the US, student health clinics are the only reasonable option for many on campus. If someone goes through a horrible incident like this or are traumatized enough to seek medical assistance for any other reason, it's horrifying to think that the university would try to subvert their welfare.
Michigan has been making a huge push lately for students to take better advantage of on campus mental health resources and several student groups have sprung up within the last year to serve as support networks for students seeking counselling. I hope that this news doesn't make students that need help reconsider getting it.
Horrible situation, all around.
Honestly this is just one more reason why universities shouldn't be adjudicating felony accusations. They aren't equipped for it, there's too much conflict of interest (in ways that can hose both accuser and accused), and they generally do a lousy job of it. Now this comes up, and it's clear that even the laws aren't equipped properly for universities to handle this. Something serious enough to be a crime should be an issue for the police and courts, and no one else. If universities want to offer counseling, or temporarily separate accuser from accused while the justice system works it out, fine, but anything else is going to create way too many sad cases like this.
Skirting no polo, the OCR has really overreached in demanding that universities handle these issues internally.
If I get assaulted by another tenant at my apartment complex, I don't expect the landlord to adjudicate the dispute.
Sent from MGoBlog HD for iPhone & iPad
There has been ample opportunity for you to express this opinion on this Board and presumably you did. This shouldn't be that thread, however.
It directly relates to this situation, and the OCR also enforces HIPAA law. So I'm guessing a more appropriate time would not surface on these boards.
Relates directly to the issue at hand. Without the expectation that universities handle sexual assault cases internally, the victim in this case doesn't sue the school and Oregon has no reason to go digging in her private counseling records. This only happens because Oregon is being expected to be both her health provider and her legal protector from assault, creating the conflicting interests.
Sent from MGoBlog HD for iPhone & iPad
started to feel obligated to take on these roles of investigation, evidence collection, adjudication, etc.?
I'm just not familiar with the chronology of historical events (i.e. acts of violent crime on campus) that would have led university officials, or even their donors or tax-paying public, to believe that institutions designed for educating people must now take on such broad and deep roles for which they are woefully unqualified and understaffed.
I liken it to re-assigning federal IRS investigators to start plowing the roads of New England in the winter time, while those previous roadgrader drivers are re-assigned to start investigating income tax fraud and prepare predictive analytics of future fraudulent activities. That's dumb.
Title IX. That and the White House pushing this issue a couple of years ago.
Yes. OCR has recently (current administration) pushed hard on an interpretation of Title IX that requires every institution to adjudicate sexual assault accusations, and sets certain standards for punishments and standards of evidence. Look up the 2011 "Dear Colleague" letter for more information.
Notably to this blog, it was this letter that caused Michigan to reopen the case against Gibbons (which had originally been closed in 2009).
Sent from MGoBlog HD for iPhone & iPad
I'll defer to others on the board as to whether Oregon CAN do this, but the fact that they DID do it is an abomination. I hope members of the media point this out.
There should be a disclaimer in every U of M counseling center / clinic until this loophole is closed. Privacy is the foundation of medicine and medical societies need to be made aware of this nonsense.
And the University of Oregon are incredible tools for taking advantage of this, irrespective of its legality.
counseling and workplace health services has the same loopholes. They don't care about your health they just want access to your records.
I find it interesting that the author didn't bother to ask the question, or go down the road of inquiry at all, of whether the University violated state privacy laws. Remember, federal law sets the floor; states can always adopt a more stringent standard. A very cursory glance indicates that Oregon law has a much more limited disclosure / internal sharing standard (which does not appear to allow for the sharing that occurred in this situation).