Visitor Question

Is this an unauthorized release of medical information?

Submitted By: Robert (Maryland)

My wife is a federal employee that recently succumbed to a bought of depression, anxiety and panic episodes. A medical assessment was deemed necessary. My wife signed an “Authorization for disclosure of information” pursuant to the Privacy act of 1974. The authorization was for assessment by the Federal Occupational Health Services.

Unfortunately, the information did not go there. The data was transmitted to the Office of the Chief Medical Officer (OCMO) for TSA. There is a form to specifically authorize release to the OCMO, but it was not used.

The date of the authorization she signed was Sept. 26th 2014. She was approved for FMLA on Oct 9th 2014. On Nov 11th 2014 the OCMO deemed her “not medically qualified.” Documents considered in the review consisted of: Medical and Phychological Guidlines For TSA, data released by my health care provider, timecards for Jan 01st 2014 – Sep 28th 2014, and FMLA hours April – October 2014.

The question is, is this legal? Was the Medical Officer making the determination for my wife’s suitability valid without her written consent?

Disclaimer: Our response is not formal legal advice and does not create an attorney-client relationship. It is generic legal information based on the very limited information provided. Do not rely upon the information in our response, or anywhere else on this site, when deciding the proper course of a legal matter. Always get a personalized case review from a local attorney.


Dear Robert,

To be a violation of HIPAA, the unauthorized disclosure must have been made by a “covered entity.” A covered entity is defined by the Department of Health and Human Services as:

– Doctors – Clinics – Dentists – Chiropractors – Nursing Homes – Pharmacies – Health insurance companies – HMOs – Company health plans – Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs.

A violation of HIPAA occurs when unauthorized patient information is disseminated in an electronic form in connection with a transaction for which HHS has jurisdiction.

While you wife’s medical information may have been wrongfully disseminated, to be a violation of HIPAA, that dissemination must have been willful or the result of gross negligence.

For further information about HIPAA visit the Health and Human Services website

Learn more here: HIPAA Violations and Lawsuits

The above is general information. Laws change frequently, and across jurisdictions. You should get a personalized case evaluation from a licensed attorney.

Find a local attorney to give you a free case review here, or call 888-972-0892.

We wish you the best with your claim,


One comment on “Is this an unauthorized release of medical information?

  1. Natasha says:

    If I was seen in an emergency room and given a doctor’s excuse for work, is it legal for hospital personnel to share my diagnosis with my employer? I did not sign an authorization or release, and my employer was not financially responsible for the visit. Do I have any legal rights surrounding this matter?

Leave a Comment

Don’t ask a personal injury question here – comments are not reviewed by an attorney. Ask your question on this page. Required fields are marked *