PAX Centurion - May / June 2015

Page 40 • PAX CENTURION • June/July 2015 617-989-BPPA (2772) Legal Notes: Nicholas Pollard, Esq. Sandulli Grace P.C., Counsel to Members of the Boston Police Patrolmen’s Association HIPAA: What it protects and what it doesn’t O nAugust 21, 1996, then-President Clinton signed the newly passed Health Insurance Portability andAccountabilityAct. InApril of 2003, the so-called “Privacy Rule” promulgated by the United States Department of Health and Human Services went into effect. Since then, the rule has bred confusion, giving rise to many common myths about what does and does not constitute a HIPAA violation. In theory, HIPAA’s Privacy Rule regulates the disclo- sure of individually identifiable “personal health information” from disclosure from entities covered by the Rule. “Personal health information” is any informa- tion that is created or received by a covered entity that relates to 1) past, present, or future physical or mental health conditions of an individual, 2) the past, present, or future provision of healthcare to an indi- vidual, or 3) the past, present, or future payment for the provision of healthcare to an individual. Covered entities are healthcare provid- ers, healthcare clearing houses, and health plans; it is important to note that employers are not covered entities. Given how broad, unwieldy, and convoluted HIPAA is, miscon- ceptions have understandably arisen as to what constitutes a disclo- sure under HIPAA’s Privacy Rule. A common myth is that any health information is covered by the Privacy Rule; in fact only individually identifiable personal health information is protected. Individually identifiable personal health information is any personal health infor- mation that either identifies the individual or provides enough infor- mation such that there is a reasonable basis that the information can be used to identify the individual. Information that cannot be used to identify you is not protected under HIPAA. Among the most common HIPAA myths is the belief that HIPAA prohibits an employer from asking about the details of an employee’s illness when s/he takes a sick day. HIPAA does not prohibit an employer from asking that question; it does however, prohibit an employer from obtaining personal health information maintained by a covered entity without authorization . This means that if you disclose health information to your employer, your employer has not violated HIPAA by asking for it or receiving it, since the disclosure was authorized. On the other hand, if your employer asks your doctor for health information and your doctor provides it, both have committed HIPAA viola- tions because the disclosure was not authorized. Frequently, when em- ployees believe that their HIPAA rights have been violated, they believe that a lawsuit is the proper means of redress. Unfortunately, this too is inaccurate. HIPAA does not afford individuals a private right of action for unauthorized disclosures of personal health information. Fortunately, there is an avenue for redress if your health information is compromised, as HIPAA permits enforcement by state attorneys general.  As a result, StateAGs can bring suit against the individual responsible for the disclosure on behalf of the victim of the disclosure and get damages for that person in the amount of $100 per violation. Unfortunately, the Privacy Rule provides employees with far less protection than they may think, but being informed as to your rights under the Rule is crucial. Ask the Union Lawyer! T his is the first edition of “Ask the Union Lawyer!”We are hoping to make this a regular column where I can respond to your questions and give my perspectives on various issues that may affect you – the BPPA member. The Union Lawyer is Jen- nifer Rubin, a partner at Sandulli Grace, P.C., your union law firm. Please send questions and requests to jrubin@sandulligrace.com . Starting next month, after I get questions and requests from mem- bers, I will pick two or three that may be interesting and/or relevant to you and print them with answers. Please let me know in your email to me whether it is fine to print your name or would like to be kept anonymous. Rubin Reflection of the Day: A n officer recently asked me if I thought it was okay for him to post a selfie of himself in uniform at a car show on his Face- book account. I did not ask whether anyone else was in this selfie photo, what kind of car show he was at, or to look at the photo my- self. The answer is ALWAYS NO. If you have to ask – just don’t do it. But what if it’s just an innocent picture you ask and you just want to make sure you don’t get into trouble since you’re in uniform? I don’t know how to make myself more clear. If you have to ask me (or anyone) whether I/he/she thinks it would be okay to post a picture, the answer is always going to be NO. In fact – here’s some advice. If you’re in uniform – DON’T POST IT. Talk to your union reps – they are there to help you. Email me your thoughts and questions. And no – I won’t be answering every single email. If I like what you have to say or think your question will help others – I’ll print them. That is all for now. By Jennifer Rubin, Esq., Sandulli Grace, P.C.