Email

Attorney General Todd Rokita holds IU Health accountable for patient privacy and HIPAA violations

Todd Rokita
From Indiana Attorney General <[email protected]>
Subject Attorney General Todd Rokita holds IU Health accountable for patient privacy and HIPAA violations
Date September 15, 2023 4:22 PM
  Links have been removed from this email. Learn more in the FAQ.
  Links have been removed from this email. Learn more in the FAQ.
State of Indiana Attorney General - News Release

*Attorney General Todd Rokita holds IU Health accountable for patient privacy and HIPAA violations*?

?

Attorney General Todd Rokita filed a lawsuit on behalf of the people of Indiana against IU Health and IU Healthcare Associates for their failure to properly report, review, and enforce HIPAA and Indiana law violations. ?

?

?We will continue to uphold and protect Hoosier patients? medical privacy,? Attorney General Rokita said. ?Trust is the foundation of the patient-doctor relationship. Without trust, we don?t have reliable, honest healthcare.??

?

This issue was first brought to the office's attention in 2022 when a 10-year-old rape victim and her mother went to an IU hospital for an abortion, as a result of the rape and abuse the child endured.?

?

After the abortion, while the mother and daughter were still at the hospital for recovery and observation, they were greeted with a front-page news story in the Indianapolis Star, which described the 10-year-old's case in great detail. This article went public, and the story became worldwide household news after the doctor spoke to a reporter at a political rally.?

?

The 10-year-old's treatment was a very private and sensitive matter, as was the rape and abuse she suffered that resulted in her pregnancy. Neither the little girl nor her mother gave the doctor authorization to speak to the media about their case.??

?

Rather than protecting the patient, IU Health chose to protect the doctor, and itself. ?

?

On July 15, 2022, hospital administrators emailed statements to multiple media outlets informing them that they had conducted a review and ?found the doctor in compliance with privacy laws.???

?

On May 25, 2023, the Indiana Medical Licensing Board conducted a hearing and determined that the doctor violated HIPAA by improperly disclosing patient information and for improperly de-identifying patient information, and the doctor violated the Indiana patient confidentiality rule by failing to get patient permission prior to disclosing any information.???

?

The following day, IU Health issued a public statement in which it disagreed with the Medical Licensing Board?s determination once again claiming the doctor did not violate privacy laws.???

?

By publicly contradicting the Medical Licensing Board and contending the doctor?s actions were ?in compliance with privacy laws,? IU Health has caused confusion among its 36,000-member workforce regarding what conduct is permitted not only under HIPAA privacy laws and the Indiana Patient Confidentiality rule, and as a result, as Indiana?s largest health network, they created an environment that threatens the privacy of its Indiana patients.???

?

Subsequent to the Medical License Board hearing, the office discovered numerous instances where IU Health has sanctioned non-physician employees with termination for far less egregious patient privacy violations but has failed to implement or enforce similar privacy policies or sanctions for its physicians.?

?

?Doctors and all health care professionals should be able to rely on their employers and patients should be able to trust their doctors,? Attorney General Rokita said. ?When a hospital or other healthcare provider makes your private medical information public, that trust is decimated. As a result, the quality, delivery, and sustainability of our healthcare is significantly weakened.??

?

The lawsuit consists of the following seven counts against IU Health:??

?


* Failure to implement or follow administrative, technical, and physical safeguards to protect the privacy of protected information??
* Failure to document disclosures of personal health information???
* Failure to implement or apply and document sanctions??
* Failure to appropriately train its workforce???
* Failure to notify patients of breach??
* Failure to mitigate harm????
* Violations of Indiana?s Deceptive Consumer Sales Act??

?

The complaint is listed below.

?

A headshot of?Attorney General Rokita is available for download [ [link removed] ].

###

?

?

?

?


* Filed Complaint.pdf [ [link removed] ]

SUBSCRIBER SERVICES:
Manage Preferences [ [link removed] ]??|??Delete Profile [ [link removed] ]??|??Help [ [link removed] ]

________________________________________________________________________

This email was sent to [email protected] using GovDelivery Communications Cloud on behalf of: Indiana Attorney General ? Indiana Government Center South,?302 W. Washington St., 5th Floor ??Indianapolis, IN 46204 ??317-232-6201 GovDelivery logo [ [link removed] ]
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;}
Screenshot of the email generated on import

Message Analysis

The Archive of Political Emails is a project of Defending Democracy Together Institute. Please email [email protected] with any questions.