By Kate Willet
Earlier this year, a Utah nurse, Alex Wubbels, was arrested for refusing to allow a law enforcement officer to draw blood from an unconscious patient. State and federal laws prohibited her from allowing a law enforcement officer to draw blood without a warrant or patient consent, but the officer proceeded to handcuff her for refusing to honor his request.
Alex Wubbels was correct about the patient privacy laws she cited to protect her patient, and has since reached a $500,000 settlement with Salt Lake City and the Utah University hospital where she was employed. The Salt Lake City police department fired the arresting officer.
Medical professionals may find themselves in stressful standoffs with law enforcement officers who want access to patient data that it may, in fact, be illegal for health care professionals to provide. It’s important for healthcare professionals to have a complete understanding of the laws that protect patient information under the Health Insurance Portability and Accountability Act (HIPAA) and how they apply to law enforcement.
Here’s a quick summary of the laws, but as always, it’s best to review them with your Compliance Officer. A HIPAA covered entity may disclose protected health information (PHI):
- with the individual’s signed authorization
- if it reasonably prevents a serious or imminent threat to the safety of the individual or the public
- if the health care provider reasonably believes it is evidence of a crime that occurred on the premises of the covered entity
- if it is alerting law enforcement of death and there is reason to believe the death occurred from criminal conduct
- when responding to an off-site medical emergency, as necessary to alert law enforcement to criminal activity
- when required by law to do so (such as in the case of gunshots or stab wounds)
- to comply with a court-ordered warrant or subpoena
- to respond for the purposes of locating a suspect (must be limited to basic demographic and health information)
- when the victim of a crime requests their information be shared with law enforcement
- if the victim is a child and the health care provider suspects child abuse
A more detailed description of the laws can be found here.