Is this an unauthorized release of medical information?
My wife is a federal employee that recently succumbed to a bought of depression, anxiety and panic episodes. A medical assessment was deemed necessary. My wife signed an "Authorization for disclosure of information" pursuant to the Privacy act of 1974. The authorization was for assessment by the Federal Occupational Health Services.
Unfortunately, the information did not go there. The data was transmitted to the Office of the Chief Medical Officer (OCMO) for TSA. There is a form to specifically authorize release to the OCMO, but it was not used.
The date of the authorization she signed was Sept. 26th 2014. She was approved for FMLA on Oct 9th 2014. On Nov 11th 2014 the OCMO deemed her "not medically qualified." Documents considered in the review consisted of: Medical and Phychological Guidlines For TSA, data released by my health care provider, timecards for Jan 01st 2014 - Sep 28th 2014, and FMLA hours April - October 2014.
The question is, is this legal? Was the Medical Officer making the determination for my wife's suitability valid without her written consent?
Information provided in our response is NOT formal legal advice. It is generic legal information based on the very limited information provided. Under no circumstances should the information in our response, or anywhere else on this site be relied upon when deciding the proper course of a legal matter. Our response does NOT create an attorney-client relationship. Always
get a formal case review
from a licensed attorney in your area.
ANSWER for "Is this an unauthorized release of medical information?":
To be a violation of HIPAA, the unauthorized disclosure must have been made by a "covered entity." A covered entity is defined by the Department of Health and Human Services as:
- Nursing Homes
- Health insurance companies
- Company health plans
- Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs.
A violation of HIPAA occurs when unauthorized patient information is disseminated in an electronic form in connection with a transaction for which HHS has jurisdiction.
While you wife’s medical information may have been wrongfully disseminated, to be a violation of HIPAA, that dissemination must have been willful or the result of gross negligence.
For further information about HIPAA visit the Health and Human Services website
The above is general information. Laws change frequently, and across jurisdictions. You should get a personalized case evaluation from an attorney licensed in your state. Find a local attorney to give you a free case review here, or call (888) 647-2490.
Best of luck,
P.S. Please help us out by sharing this site...