A story today in the Dallas Morning News, "18 fall ill from tainted muffins" reported the names of faculty and employees of Lake Highlands High who went to the hospital after eating muffins probably laced with marijuana that had been delivered to the school. It also described the symptoms (nonstop laughter, increased heart rate, dizziness, etc.), and gave the age of the oldest, who is 86.
What struck me was a statement made by the hospital,
"The muffins might have had marijuana and Benadryl in them, and tests were being done, said Terry Long, Presbyterian’s director of nursing administration and emergency services. He said he would not be able to confirm what was in the baked goods because of privacy laws. "We are suspecting some kind of street drug or over-the-counter drug," Mr. Long said."
So, the hospital could talk about the specific conditions and symptoms of named patients, but could not "confirm" what was in the muffins "because of privacy laws"? Huh? Well, perhaps they obtained consent form the patients to release their names. Or, maybe the school provided the names and ages. But what’s up with the muffin privacy? They involved the FBI because food tampering could endanger the public.
Let’s see…I can’t think of anything in HIPAA that prevents hospitals from talking about the ingredients of tainted food that sends people to the hospital, as long as the individually identifiable health information (IIHI) is not discussed (e.g., it is de-identified)…muffin recipe ingredients, legal or not, are not included in the list of IIHI within the reg…
Wonder what the Texas Medical Practice Act, that is similar to HIPAA…but covers a wider range of businesses, says about this type of situation? I got frustrated after spending way too much time searching the Texas state site for the text of this law and not being able to find it.
If you are a CE, this would be a good example to discuss as part of your training and awareness efforts; particularly if you are a healthcare provider; what information would your organization release to the press in a situation such as this?
Technorati Tags
patient information
patient privacy
government
HIPAA
personal data protection
IT compliance
regulatory compliance
privacy