Indiana AG Sues Hospital System for Patient Privacy and HIPPA Violations

Jane Nguyen
By Jane Nguyen
September 18, 2023USshare
Indiana AG Sues Hospital System for Patient Privacy and HIPPA Violations
Indiana Attorney General Todd Rokita speaks in Schererville, Ind., on Nov. 8, 2022. (Darron Cummings/AP Photo)

Indiana Attorney General Todd Rokita filed a federal lawsuit Sept. 15 against the state’s largest hospital system, claiming it violated patient privacy laws when a doctor publicly shared the story of an Ohio girl who traveled to Indiana for an abortion.

The lawsuit (pdf) filed in Indianapolis federal court alleges Indiana University Health and IU Healthcare Associates violated HIPAA, the federal Health Insurance Portability and Accountability Act, and a state law after a physician made headlines by sharing the story of a 10-year-old patient’s abortion a year ago.

Rokita’s lawsuit is the latest attempt to seek disciplinary legal action against Dr. Caitlin Bernard. It seeks to prohibit further privacy violations and aims to require IU Health to implement “an appropriate sanctions policy” in the future.

After the U.S. Supreme Court overturned Roe v. Wade last summer, the case received national attention and became a focal point in the ongoing abortion debate.

Rokita, a Republican, is stridently anti-abortion and Indiana was the first state to approve abortion restrictions after the court’s decision. Following legal conflicts, the near-total abortion ban recently became effective in the state.

The lawsuit’s main claim is that neither the 10-year-old girl nor her mother gave the doctor authorization to communicate to the media about their case.

“Rather than protecting the patient, the hospital chose to protect the doctor, and itself,” the lawsuit stated.

Rokita argues that by publicly contradicting the licensing board and maintaining that Dr. Bernard’s actions were “in compliance with privacy laws,” IU Health has “caused confusion” among its 36,000 employees regarding what conduct is permitted under federal HIPPA privacy laws and the Indiana patient confidentiality law.

The lawsuit consists of seven counts against IU Health:

  1. Failure to implement or follow administrative, technical and physical safeguards to protect the privacy of protected information
  2. Failure to document disclosures of personal health information
  3. Failure to implement or apply and document sanctions
  4. Failure to appropriately train its workforce
  5. Failure to notify patients of breach
  6. Failure to mitigate harm
  7. Violations of Indiana’s Deceptive Consumer Sales Act.

“We will continue to uphold and protect Hoosier patients’ medical privacy,” Rokita said in a statement. “Trust is the foundation of the patient-doctor relationship. Without trust, we don’t have reliable, honest healthcare.”

Indiana’s medical licensing board reprimanded Bernard in May, saying she didn’t abide by privacy laws by talking publicly about the girl’s treatment. It was far short of the medical license suspension that Rokita’s office sought.

The board’s decision received widespread criticism from medical groups and others who called it a move to intimidate doctors.

Hospital system officials have argued that Bernard didn’t violate privacy laws.

“We do not agree with the board’s decision regarding patient privacy regulations and stand by the HIPAA risk assessment,” the hospital system said in a public statement. “We believe Dr. Bernard was compliant with privacy laws.”

In response to the lawsuit, IU Health said in a statement to the Indiana Capital Chronicle that the hospital “hold(s) ourselves accountable every day for providing quality healthcare and securing privacy for our patients.”

“We continue to be disappointed the Indiana Attorney General’s office persists in putting the state’s limited resources toward this matter,” the statement said. “We will respond directly to the AG’s office on the filing.”

In July, a 28-year-old man was sentenced to life in prison for the 10-year-old’s molestation.

The Associated Press contributed to this report.

From The Epoch Times

ntd newsletter icon
Sign up for NTD Daily
What you need to know, summarized in one email.
Stay informed with accurate news you can trust.
By registering for the newsletter, you agree to the Privacy Policy.