A plaintiff residing in Allegheny County brought a lawsuit alleging that a pharmacist at his local Rite-Aid publicly disclosed that he is HIV-positive. The claim states that the pharmacist violated his privacy by “blurting out” that the medication was for his HIV near the pharmacy counter.
Claims of medical malpractice are typically brought after a patient is injured or killed due to negligent medical treatment by a healthcare practitioner. In this case no physical harm was incurred by the patient; however, it is asserted that the defendant breached (violated) his legal right to privacy causing emotional harm.
The anonymous plaintiff (“John Doe”) was filling a prescription at the pharmacy counter and there was some question raised regarding a patient co-pay amount. The pharmacist was said to have exclaimed, “this is the drug for your HIV” loudly enough to be overheard by other customers, which included the patient's brother. The claim seeks damages for violating his right to confidentiality that applies to personal medical information.
Pennsylvania's Confidentiality of HIV Act
Over the last several decades, federal legislators and many state lawmakers have addressed the privacy of personal medical data. Pennsylvania implemented the Confidentiality of HIV-Related Information Act #148 in 1988 that specifically prohibited disclosing information regarding an individual's HIV status without formal consent. In 2011 the provisions were amended to better reflect updated federal specifications on this law.
Related Federal Disclosure Laws
- Providers of medical care or social services may only disclose HIV-related information when the individual provides written consent
- These providers that maintain or have access to confidential information must establish a written protocol of data protection procedures
- Unauthorized disclosure is deemed a violation and is subject to penalties and liability for monetary damages in civil actions
- The Secretary of the Department of Health & Human Services has the authority to investigate complaints
- Individuals may also seek compensation for attorney fees and other expenses from those who violate confidentiality
Company policies state that their pharmacists will exercise their best judgment when discussing patient health information with their relatives or others that are specified as being active in tending to the patient's healthcare needs. This applies to those specified to pick up prescription medicine or other supplies on the patient's behalf. Rite Aid has contracts established with “Business Associates” who execute functions such as medical billing that have access to protected patient information. They define protected information as being that which names a patient's identity and data such as health-related conditions and services.
Prior HIPAA Privacy Violations
Several years ago Rite Aid paid a $1 million settlement to resolve alleged violations. They were accused of disposing materials that contained patient data in publically accessible containers. The company was ordered to revise their training procedures and operational standards to adequately protect critical patient data.
Health Insurance Portability & Accountability Act (HIPAA)
HIPAA was established in 1996 and outlined uniform standards regarding privacy requirements of confidential patient data. ProPublica, an independent, not-for-profit investigational organization, says that medical providers such as Walgreens, CVS and the U.S. Department of Veteran Affairs have all been the subject of reported violations. The U.S. Department of Health & Human Services is able to enforce HIPAA violations; however, the ProPublica report asserts the agency rarely takes disciplinary action.