[ Tuesday, August 17, 2004 ]
Texas Attorney General Update: Back in February I noted that the Texas AG had issues an opinion on HIPAA and the state Public Information Act ("PIA"). I also noted that the AG didn't really answer too many questions. HIPAA only applies to covered entities, but also applies to PHI that a non-covered state entity (like a cop) gets from a covered entity. Also, the PIA itself has exceptions for personal, private information. So, generally, there's some way to keep the information secret if it's more than something like the general observations of the first responder reaching the scene of the accident.
Now, the lack of clarity in AG Abbott's opinion has come back to haunt him. His proclamation that HIPAA is preempted by the PIA has led two separate state agencies to sue him over whether they are required to release information or required to keep it secret. The Texas Department of Mental Health and Mental Retardation and the Texas Department of Human Services have sued the AG, seeking some judicial clarification of the issue. It is unfortunate, since HIPAA and the PIA are actually much more alike than they are different, and generally can be interpreted in a compatible fashion.
That said, what the MHMR is trying to avoid disclosing is fairly ridiculous. A TV station wanted a breakdown of sexual assault charges by MHMR location. MHMR would give state-wide statistics, but not facility-by-facility information. Even though no information was sought on any individuals at any particular facility, MHMR feels that because the location of the facility is also the address of the residents at that facility, disclosing that information would be disclosing a part of the PHI of those residents. If that's the case, disclosing the location of the facilities in a state directory or any other fashion would be a HIPAA violation. That's preposterous. If the information requested doesn't relate to specific individuals, or is not tied to those individuals by anything more than the coincidence of the individual living at that facility, the disclosure isn't even PHI. HIPAA is hard enough; they shouldn't work so hard to make it harder.
Jeff [10:56 PM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template