HIPAA Intertwines with Myriad Aspects of Practice

HIPAA Intertwines with Myriad Aspects of Practice
Like

Share this post

Choose a social network to share with, or copy the URL to share elsewhere

This is a representation of how your post may appear on social media. The actual post will vary between social networks

The Health Insurance Portability and Accountability Act (HIPAA) is one of many laws/regulations pharmacies must comport with. Failing to do so can result in extraordinary fines, termination by an employer, even suspension or revocation of licensure, and long-lasting career damage. Practicing according to HIPAA standards, though, is not just to protect yourself legally, but it is the right thing to do by way of patient care, particularly through the ethical tenets of beneficence and patient autonomy. HIPAA extends to many aspects of practice, not just the obvious and overt maintenance of confidentiality preventing you from discussing patient protected information with others not involved in the patient's treatment.

Oliva reviews some issues that operate at the intersection of privacy law, Fourth Amendment doctrine, and public health realities triggered by the U.S.  drug overdose epidemic.Reputable reporting sources and public health scholars frame the ongoing American overdose crisis as a prescription drug overdose problem attributable to the overprescribing of opioid analgesics. The author claims that this narrative runs counter to epidemiological data, which indicate that the majority of American overdose deaths are now a result of illicit drug use and not prescription drug abuse. However, this has sparked the rapid rise of law enforcement and regulatory surveillance of prescribers and patients in the form of state prescription drug monitoring program (PDMP) databases. State PDMPs, which maintain and analyze significant data concerning every dispensed prescription, collect a wealth of patient protected health information (PHI). The author states that PDMPs are largely criminal and regulatory law enforcement tools dressed up in public health. Under the guise of rogue prescriber, pill mill, and doctor shopper crack downs, the Drug Enforcement Administration (DEA) has made it a routine practice to self-issue administrative subpoenas to conduct sweeps of the swarms of sensitive protected health data stored in state PDMP databases. This widespread law enforcement prescribing surveillance tactic, which reveals highly personal health information, including, among other things, patients’ contraceptive histories, gender transition decisions, and HIV diagnoses, raises serious constitutional privacy concerns. The Supreme Court’s recent Fourth Amendment decision, Carpenter v. United States, however, may limit law enforcement’s ability to continue to access troves of electronically stored patient prescribing-related PHI in the custody of a state regulatory agency without a court order supported by probable cause. The authors highlight that pertinent pre-Carpenter precedent requires the DEA to obtain a Fourth Amendment warrant to conduct sweeps of state PDMP databases searching patient protected health information and that courts are even more likely to rule that warrantless DEA searches of sensitive and frequently revealing health care data run afoul of the Fourth Amendment in the post-Carpenter world. Simply stated, PDMP protected health information is entitled to Fourth Amendment warrant protection.

This court case mainly pertains to PDMP programs, but there are takeaways here for pharmacists and pharmacy managers. First, HIPAA is a powerful, strongly enforced Federal law that in court cases trumps other regulations when the two seem might be at odds in particular cases. Second, patient right to privacy, then, is absolutely paramount. Third, while pharmacy managers cannot know the result of every court case, there are various sources, particularly good continuing education updates, that keep them abreast of legal trends that dictate practice. Finally, pharmacy managers should have knowledge of epidemiological data and be able to reflect and look at all sides of complicated health care issues.

Additional information about Compliance with Regulations and Regulatory Bodies and Risk Management in Contemporary Pharmacy R Practice can be found in Pharmacy Management: Essentials for All Practice Settings, 5e. If you or your institution subscribes to AccessPharmacy, use or create your MyAccess Profile to sign-in to Pharmacy Management: Essentials for All Practice Settings, 5e. If your institution does not provide access, ask your medical librarian about subscribing.

1Oliva JD. Prescription drug policing: The right to protected information privacy pre- and post-Carpenter. WVU College of Law Research Paper No. 2018-005. Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3225000&download=yes

Create a Free MyAccess Profile

AccessMedicine Network is the place to keep up on new releases for the Access products, get short form didactic content, read up on practice impacting highlights, and watch video featuring authors of your favorite books in medicine. Create a MyAccess profile and follow our contributors to stay informed via email updates.

Go to the profile of Shane Desselle
over 3 years ago

Is there anything going on at your workplace that you need to check on to ensure compliance with HIPAA?