How can we know very little about a patient being treated for Ebola at Emory University in Atlanta, while reporting the details of the patient who died from the disease in Dallas? According to Michelle De Moody, Deputy Director for Consumer Privacy at the Center for Democracy and Technology, covered entities can let individuals know if they have been exposed to the disease through contact or shared space with an infected person.
Public health and the needs of exposed persons to know of a potential threat, can trump patient privacy rights under HIPAA. As a covered entity, the Dallas hospital could inform people who were exposed to the Ebola patient. HIPAA laws only apply to covered entities and their business associates. In the case where a hospital is acting within its rights and responsibilities according to HIPAA, a person who is not a covered entity would be receive the protected health information (PHI) of a patient. There is also nothing preventing this person from speaking openly about the circumstances.
Journal of Medical Ethics Blog: Ebola in the US: Privacy, public interest and the ethics of media reporting. 3 Oct. 14.
As Chief Compliance Officer, Kesha Boykin-Mclean brings over 20 years of experience in healthcare. Prior to joining VCS, Boykin-Mclean held a number of senior-level compliance roles, including managing and developing the compliance program for St. Francis Hospital in Connecticut. She was also the Division Ethics and Compliance Officer for the Hospital Corporation of America’s Gulf Coast Division where she was responsible for oversight of compliance programs for all hospitals within the division. Most recently, she served as an independent healthcare consultant, assisting hospitals with the planning and implementation of compliance programs.