Prince's Death: A Lesson in HIPAA Violations?

On April 21, 2016, our social media feeds, newscasts, and radio broadcasts were inundated with the announcement that the musical legend Prince was found dead. Just as quickly as this news broke, reports also began to surface stating that Prince had received emergency medical treatment for a drug overdose six days prior. The source of this information has not been revealed, yet if Prince's protected health information (PHI) was provided to the media by a hospital employee, it would constitute a breach of the HIPAA Privacy Rule. The hospital in question could face violations according to HIPAA legislation. The Department of Health and Human Services (HHS) has previously offered guidance on how the media must be handled with regards to disclosure of PHI. The main takeaway? Unless PHI is being used for treatment, payment, or health care operations, a written authorization must be obtained from the individual or the individual's representative before it can be disclosed. This also means that the media is not to be allowed into areas of the facility where PHI may be accessible in any form, including written, electronic, or oral, unless patients have signed an authorization allowing them to be present. It is acceptable, however, for media to be present in public areas of hospital, such as waiting areas and entrances/exits. Limited amounts of PHI may be disclosed to the media in special circumstances, such as when trying to identify a patient or locate the patient's family. Additionally, health care providers may inform the media of a patient's location and condition, as long as medical details are not included. According to the HHS, film crews can be used for training videos and public relations, but proper business associate agreements must be in place if PHI will be accessible. This requires the crew to safeguard any PHI that is used during the course of filming or creating the piece. Patient authorizations are still needed if any PHI is included. Though a sad event, the passing of Prince is a great reminder that, regardless of circumstance or celebrity, health care providers must always remain vigilant about their duty to protect patients' PHI.