Dr Jay Gordon, HIPAA violation? Really?

23 Apr

We’re back to the Huffington Post again and this time rather than Jenny McCarthy’s boyfriend, we’re talking about Jenny McCarthy’s son’s doctor Dr Jay Gordon.

He recently blogged about an LA Times piece by fellow medical man Dr Rahul Parikh. In his piece Parikh said:

One night, we admitted a 9-month-old girl who was having trouble breathing. She arrived with her parents — Mom in tears and Dad tense with worry. Her parents were movie stars from a Hollywood borough who…needed nothing. In a way, they had chosen “nothing” for their daughter from the time she was born — refusing all vaccines for her.

From this information alone Dr Gordon decided that Dr Parikh:

…commits ethics and HIPAA violations so egregious that the Medical Board must take him to task

Interesting, I thought as I read on…

Dr. Parikh is a well-published medical author and blogger and he speaks of a patient he saw as an intern in the year 2000 at Cedars-Sinai Medical Center. (His bio on many sites lets you know that year.) He identifies the parents, their unique profession and their child’s age and illness. This family can be identified by anyone who can use Google.

I was confused by now – Parikh hadn’t mentioned the year (in fact *Gordon himself* did!), he hadn’t identified the parents and as for their ‘unique profession’…how is being a movie star from Hollywood in any way unique? Surely Hollywood is full of movie stars? I mean, I’m a Brit so maybe I’m just buying into a cliché – are there really not many movie stars in Hollywood? And as for identifying the child’s age and illness – a 9 month old with a repository infection? Is that massively uncommon? I don’t think it is.

I stopped reading at that point as I have never been Dr Gordon’s biggest fan. He lacks the balls to tell Jenny McCarthy she’s wrong about there being anti-freeze in vaccines (silliness repeated by Jim Carrey yesterday) amongst other things. I was now more interested in this ‘ethics and HIPAA violation’.

False modesty aside I’m pretty good at digging at information on search engines and try as I could (and I really did try), based on the info in Parikh’s piece, I could not for the life of me identify who the movie stars were whos daughter was ill. I still can’t.

However, finding out what constitutes a HIPAA violation in terms of identifiable data was very much easier. I hit gold on my first search. According to the site ‘Lawyers and HIPAA‘ a violation occurs when health information is made public – here’s the paragraph on health information and its public release:

Individually identifiable health information is information that is a subset of health information, including demographic information collected from an individual, and:

(1) Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and

(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and

(i) That identifies the individual; or

(ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual.

I simply cannot see how Jay Gordon realistically believes that the information in Rahul Parikh’s LA Times piece meets that criteria.

Update: I see Autism News Beat has covered this also. In the comments Dr Gordon appears and says:

Good points. I’ve removed the nastier comments in the HuffPo piece. The Internet lends itself to false bravado and unpleasant ad hominem attacks [please see above 🙂 ] and I have to work on not being part of that problem.

I stand by my original unhappiness at the inaccurate proclamation of whooping cough

Yet when I return to Dr Gordon’s Huffington Post entry, I still see the references to HIPAA violations. Does Dr Gordon really believe that Dr Parikh’s article is full of HIPAA violations? Yes, I’m a Brit and no, I’m not a lawyer but my common sense tells me that Dr Gordon is playing with fire here. Lets hope for Dr Gordon’s sake that Dr Parikh is not going to sue for defamation. According to Autism News Beat that would be distinctly on the cards.

25 Responses to “Dr Jay Gordon, HIPAA violation? Really?”

  1. Sullivan April 23, 2009 at 20:39 #

    Dr. Parikh has discussed the non-HIPAA related claims made against him as well on his Salon.com blog

    http://tinyurl.com/parikh

  2. tmcstrom April 24, 2009 at 03:01 #

    Actually HIPAA is interpreted very strictly in the US and when it is followed properly it does not allow a medical person to discuss any aspect of your case with a third party without your consent.

    My children’s therapists have to have a signed consent form (because of HIPPA) before they can talk about any aspect of their case with any third party. For example, for our BSC to be able to talk to a outside speech therapist we had to sign a consent. The same for the our children’s doctor.

    They certainly would not be allowed to write an article for the local paper about them without our consent.

    So while there may not have been a strict violation of the letter of the law there was a clear violation of the intent. The intent is that a medical professional will not discuss or reveal details of your case without your consent.

    How would you feel if some publicly wrote about your child’s medical history even if they didn’t use xyr name? As I recall you were so upset when that happened that you stopped blogging for a while when that happened.

  3. Sullivan April 24, 2009 at 04:26 #

    tmcstrom

    I marked your comment for moderation. Your memory is incorrect and the statement you make based on that in inappropriate, in my opinion. I’ll let Kev decide.

  4. tmcstrom April 25, 2009 at 22:19 #

    Sullivan – I believe the statement is completely on point and appropriate. Kev is saying that publicly discussing the details of someone’s medical record is not a violation of HIPAA and not problematic. However his own actions in this regard show that this is clearly not the case.

    BTW – I would appreciate if you would remove the domain part from my e-mail address in your comment above – I signed into your site using my google under the impression that the user name would be displayed and not the full e-mail address. Since you included the full address in your response I have started getting spam at that address for the first time in years.

  5. Kev April 25, 2009 at 23:22 #

    TMCstrom – I am not saying its OK to publicly discuss the *details* of someones medical record. Doing so *would* be a HIPAA violation. Do you really think that what Dr Parikh wrote could be defined as ‘details’ and that they are enough to identify the patient?

    I’ve freed your comment and adjusted Sully’s comment.

    I didn’t stop blogging because someone discussed xyr medical history. That would be an odd thing for me to do as I had done so myself. I stopped because xe was vocally abused with comparisons to a monkey and because someone had assumed xyr name on their and others blog.

  6. tmcstrom April 26, 2009 at 01:20 #

    From the article –

    “at Cedars-Sinai Medical Center,”

    “admitted a 9-month-old girl who was having trouble breathing”

    “Her parents were movie stars from a Hollywood borough”

    “just how severe her respiratory failure was.”

    “we found out that in addition to being infected with RSV, this little girl had whooping cough”

    “Other tests showed that she had an RSV infection”

    “her doctor performed a spinal tap to make sure she didn’t have bacterial meningitis.”

    “being very sick and unvaccinated — had led this child to the edge of respiratory failure, confined her to the hospital for a week”

    So location of treatment, age, gender, hints about the parents’ identity, diagnosis, procedures performed, and length of time in the hospital don’t count as “details” of her medical records? If that doesn’t I would love to hear what you think would be considered details.

    This is a clear cut violation of privacy regardless of whether if violates the letter of the law.

  7. Kev April 26, 2009 at 07:09 #

    Are you asking me to repeat what I already b logged? No. I don’t think any of those facts lead you to an identification of who this child might be. And how can you violate privacy without knowing who someone is?

    If you *do* think there are enough clues to identify this child then be my guest – take a shot.

  8. dedj April 26, 2009 at 15:18 #

    It would be very hard to do a case vignette/study/exposition without indicating:

    why they were a case in the first place
    what made the case noticable
    the demographic (life-stage and developmental) status, if relevant (which it is)
    what assessments and treatments were used and why

    Cedars Sinai is a large hospital, offering emergency, primary and secondary care, with a large catchment area, in an area with high levels of Hollywood stars, and has a significant worldwide reputation throughout the clinical areas it covers.

    There are many Hollywood couples who have chosen Cedars-Sinai as the place to birth their children and as the place to go for emergency treatment. A simple google search gave me well over 30 different names and hollywood couples who have attended/ whose children have attended Cedars-Sinai within the last 2 years or so, often including what they attended for and for how long.

    There is nothing in Parikhs’ article that could be used to identify the client or the parents, unless you already knew that their daughter was ill in 2000 and went to Cedars. Parikh did not identify the year, or even provide that information on his own profile or blog.

    There are simply too many people who potentially fit the desription in the catchment area, any identifiction of the parents will come about because of deliberate and abnormal investigation by motivated parties – i.e. people using the information to a unreasonable extent.

    Without a doubt, if Parikh was reporting on a adverse vaccine reaction, the anti-vaxxors would be patting him on the back so thick and so fast, he’d need physio by the end of it.

  9. tmcstrom April 26, 2009 at 15:49 #

    Kev, you said “I am not saying its OK to publicly discuss the details of someones medical record. Doing so would be a HIPAA violation”

    I provided quotes from the article showing details being discussed.

    You responded with “No. I don’t think any of those facts lead you to an identification of who this child might be.”

    So which is it, identification or details? The author clearly provided details from the medical record but you apparently think that is OK as long as the person’s name isn’t used?

  10. Kev April 26, 2009 at 16:27 #

    The two cannot be separated. The issue is – are there enough details to provide identification. There clearly aren’t.

  11. dedj April 26, 2009 at 17:52 #

    “The author clearly provided details from the medical record but you apparently think that is OK as long as the person’s name isn’t used?”

    You’d be very hard pushed to find any professional, regulatory or government organisation that finds the mere sharing of details to be unethical.

    Such a restriction would make significant proportions of student learning, Continuing Professional Development as well as regulatory duties and management impossible to complete. Such organisations implicitly or explicitly have Codes or policies that allow for anonymised sharing of non-identifying information (as an aside, my supervisor is currenly in a POVA type situation, she can give out case details on a need to know basis, but cannot identify the client).

    As a side note, Kev mentioned ‘identfying information’ (actually he used the word ‘data’), he did not reduce this to a ‘Ok as long as no name is used’ situation. Kevs’ arguement over what constitutes ‘identifiable data’ is clearly broader than just use of names. Kev is also clearly talking about ‘details’ in terms of ‘identifiable data’ and has indeed stated this a number of times now. Quote mining and pedantry gets you nowhere here.

    This attempt at setting Kev up for a ‘Gotcha’ has been noted and will not be appreciated around these parts if it carries on.

  12. nt4i April 26, 2009 at 20:37 #

    I might not be a google-fu master but I can hold my own. Even trying to find a holywood couple giving birth to a female child sometime between April 1999 and March 2000 produces numerous possibilities. For anyone not already familiar with the case in some aspects its impossible to say who it refers to.

  13. tmcstrom April 26, 2009 at 22:50 #

    No, the issue is that a doctor discussed the details of the medical records without the consent of the person involved. There are enough details provided that someone with knowledge of a family’s history could identify the person.

    Furthermore it is likely the the disclosure went against the privacy policy of the medical center which is available http://www.csmc.edu/pdf/NoticeofPrivacyPracticesENG-OFFICIAL1-136942.pdf

    Anyone want to point out the section of the privacy policy that contains an exclusion for writing a public article containing details about a case without consent?

    Dedi you said “This attempt at setting Kev up for a ‘Gotcha’ has been noted and will not be appreciated around these parts if it carries on.”

    Oh give me a break. I did not set anyone up for a “gotcha” or cherry pick quotes. I took what he wrote and replied to it. You “can note” and “not appreciate” my comments to your hearts content.

    “You’d be very hard pushed to find any professional, regulatory or government organisation that finds the mere sharing of details to be unethical.”

    I assume that you know that a) the medical profession is different from most other professions in this regard and b) there is a very large difference between sharing information with others in the field and writing a published article.

  14. Kev April 26, 2009 at 23:22 #

    There are enough details provided that someone with knowledge of a family’s history could identify the person.

    I’ll call bullshit on that. Thats your opinion and you are indeed welcome to it. I’m guessing however since all the HIPAA threatening language has been removed from Dr Gordon’s post he saw it somewhat differently to you. Maybe he took legal advice from someone?

    As for the slightly adjusted ‘someone with a knowledge of the families history’ LOL. You started off by saying:

    HIPAA…does not allow a medical person to discuss any aspect of your case with a third party without your consent.

    Which is – as the terminology from HIPAA clearly states – bollocks. But its interesting that we’ve gone from that to now only people who _already knew_ the families history might guess their identity. If you really think that HIPAA forbids a doctor from discussing any aspect of a case then please – show me where it says that.

    The PDF you link to states:

    We are required by law to:
    maintain the privacy of medical information that identifies you

    The law they’re probably referring to is HIPAA. And here we are again.

  15. dedj April 27, 2009 at 00:12 #

    “I took what he wrote and replied to it”

    Incorrect. You replied to a singular sentence which – when taken in the context you presented it in – implied something different to the context Kev presented it in.

    If you did this by accident, then fine, but don’t pretend kev wasn’t talking about ‘identifiable data’ when he mentioned ‘details’. He has provided more than enough context for any reasonable observer to have a proper idea of what he meant.

    “I assume that you know that a) the medical profession is different from most other professions in this regard”

    They are fairly similar to the Nursing and Allied Health Professions. Information about a case can be shared with others for a number of reasons, as long as the information cannot be used to identify the patient, which can also be given if it’s a need-to-know best-interest basis.

    “There are enough details provided that someone with knowledge of a family’s history could identify the person”

    And such people could be reasonably expected to already know that the patient was in hospital at the time (remember it was Gordon – not Parikh – who provided time context) and could be reasonably expected to have assumed that she was receiving assessment and treatment.

    Unlike talking about a case in front of relatives or friends – who can be reasonably assumed to make the connection instantly and unfailingly – there’s no way to make the reasonable assumption that the few people in possession of the requsite family data would also be avid and unfailing readers of the LA Times health pages.

    I’m not sure where this discussion is going.

    “b) there is a very large difference between sharing information with others in the field and writing a published article.”

    Well, they can actually be the same thing, especially if they are journal articles. It is not unknown for Dr’s, nurses and AHP to use cases they have treated in CPD forums, symposiums etc. Most places allow their staff to do this.

  16. tmcstrom April 29, 2009 at 01:50 #

    Kev you said – “I’ll call bullshit on that. Thats your opinion and you are indeed welcome to it.”

    Age, gender, approximate date of birth, martial status of parents, profession of parents, location of residence. You don’t think that would be enough for someone who was determined to find out who the person was?

    “I’m guessing however since all the HIPAA threatening language has been removed from Dr Gordon’s post he saw it somewhat differently to you.”

    Actually I would guess that it could be because HIPAA doesn’t apply. The privacy portion of HIPAA did not take effect until 2003 – the incident that the Dr is describing took place earlier.

    “Which is – as the terminology from HIPAA clearly states – bollocks.”

    See http://en.wikipedia.org/wiki/HIPAA#The_Privacy_Rule

    PHI is any information held by a covered entity which concerns health status, provision of health care, or payment for health care that can be linked to an individual.[10] This is interpreted rather broadly and includes any part of an individual’s medical record or payment history.

    Or see http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html under the “What information is Protected” section –

    1. Information your doctors, nurses, and other health care providers put in your medical record
    2. Conversations your doctor has about your care or treatment with nurses and others
    3. Information about you in your health insurer’s computer system
    4. Billing information about you at your clinic
    5. Most other health information about you held by those who must follow this law

    The information disclosed under the article would clearly violate points 1 and 5.

    “The PDF you link to states:We are required by law to:
    maintain the privacy of medical information that identifies you
    The law they’re probably referring to is HIPAA. And here we are again.”

    Read the rest of the policy – it lays out how the hospital can or cannot use the information contained in your medical record. It does not contain an exception for discussing details in a press article.

    As the the requirements of the law, see the points above about what is actually covered under HIPAA according to the US Department of Health & Human Services. It isn’t what you seem to think.

    Dedj you wrote – “Incorrect. You replied to a singular sentence which – when taken in the context you presented it in – implied something different to the context Kev presented it in.”

    No, actually I took the exact meaning implied by what he wrote. Here is the text that I quoted from –

    “I am not saying its OK to publicly discuss the details of someones medical record. Doing so would be a HIPAA violation. Do you really think that what Dr Parikh wrote could be defined as ‘details’ and that they are enough to identify the patient?”

    I initially copied the first two sentences, not the singular sentence as you claim. As for the rest of the “context” that I left off there was one sentence and if you look at it you find two questions (see the word “and” in there) –

    Do you really think that what Dr Parikh wrote could be defined as ‘details’

    AND

    that they are enough to identify the patient

    I responded to the first part of the question – did Dr Parikh provide patient details and the answer is clearly yes.

    Hence you are incorrect in saying that I took a singular sentence, took anything out of context, or set Kev up for a “Gotcha”.

    “And such people could be reasonably expected to already know that the patient was in hospital at the time”

    That is irrelavant to the discussion about HIPAA. There is no exception for “they probably already knew”.

    “(remember it was Gordon – not Parikh – who provided time context)”

    This is false. Parikh provided enough context in his article – “As a second-year pediatric resident … That had happened a year earlier, when I was an intern at Cedars-Sinai Medical Center”. From public available information you can find out that he graduated from medical school in 1999 and received his license on June 27, 2001.

    “there’s no way to make the reasonable assumption that the few people in possession of the requsite family data would also be avid and unfailing readers of the LA Times health pages.”

    Again this is not relevant.

    “I’m not sure where this discussion is going.”

    The point was to attempt to answer the second part of Kev’s question about the details being enough to identify the patient. And my point was that for a very determined person or someone with a little bit of extra knowledge (like a coworker) it would not be hard to put the facts together and deduce who the patient was.

    “Well, they can actually be the same thing, especially if they are journal articles. It is not unknown for Dr’s, nurses and AHP to use cases they have treated in CPD forums, symposiums etc. Most places allow their staff to do this.”

    Do you think that any doctor is going to publish what amounts to a case report without the consent of the patient?

  17. dedj April 29, 2009 at 17:51 #

    “I initially copied the first two sentences, not the singular sentence as you claim.”

    But, when responding to kevs counter claim, you only copied the first sentence.

    Don’t try to pull the wool over someones eyes when you intial post is available on the same screen.

    You did not correctly represent Kev’s position in your qoutes of him.

    Case closed.

    “This is false”

    No it isn’t. The fact that outside parties are able to perform a unreasonable and unexpected level of research to backfill data into your statement, DOES NOT mean you are automatically in breach of confidenitality. It’s about the information you provide, and what can be done with it, if others take it upon themselves to seek out additional details and widely and publically publish them, then that is their responsibility.

    “Again this is not relevant.”

    Actually it is, if we’re going to claim a breach of confidentiality because someone, somewhere, who knows the family might be able to put 2 and 2 together. This is about reasonable expectations, not ‘what-if’s’. Very determined people acting unreasonably are a concern, but the concern is about their behaviour not anyone else’s.

    “Do you think that any doctor is going to publish what amounts to a case report without the consent of the patient”

    The issue is whether or not Parikh broke HIPAA. Confidentiality in case reports is usually covered by confidentiality agreements signed when starting treatment. It is not unknown for published case reports to contain no sign of privacy protection or confidentiality agreements.

  18. Doctor May 7, 2010 at 06:44 #

    It’s a very impressive blog post.Thanks

  19. Jendar August 20, 2010 at 03:35 #

    Dr Jay Gordon has lent his expertise to Kirstie Alleys Scientology Laced Diet Quackery becoming a Member of its Advisory Board.
    I noticed an anti-ADHD blog post while searching google. and came across the article and Dr Gordon on Kirsties site.

    does the guy spend all his time schmoozing Celebrities?.
    I noticed on a google book of his an endorsement by the Travoltas giving a glowing recommendation of the Good Doctor, I see they said hes is the physician to their children.
    I understand now why Jett Travolta didn’t have a chance in life.
    Knowing Scientology’s views on Autism and that of Dr Gordon.

    http://books.google.com/books?id=QGDNVxVmc3AC&pg=PA226&lpg=PA226&dq=dr+jay+gordon+++john+travolta&source=bl&ots=3QCBCRqrc8&sig=bUf6lnUq4nJPgJeLEbVn3oYeNL4&hl=en&ei=j8ZtTO64B4PMnAeinMHwBQ&sa=X&oi=book_result&ct=result&resnum=3&ved=0CBoQ6AEwAg#v=onepage&q=dr%20jay%20gordon%20%20%20john%20travolta&f=false

  20. adventure racing canada March 12, 2013 at 18:14 #

    Terrific article! This is the type of information that should
    be shared around the net. Disgrace on Google for now not positioning this submit
    higher! Come on over and consult with my web site .
    Thank you =)

  21. short health articles May 1, 2013 at 11:08 #

    Somebody essentially help to make significantly posts I’d state. That is the very first time I frequented your web page and to this point? I amazed with the analysis you made to create this particular publish extraordinary. Magnificent activity!

  22. Does this mean you should run out and date the first guy who asks you out.

    Sometimes, hurt feelings, anger and frustrations get in the
    way of love. When he actually wants to hear from you
    again, the results of your exboyfriend contact will be much more favorable.

Trackbacks/Pingbacks

  1. Topics about Hollywood-stars » Dr Jay Gordon, HIPAA violation? Really? - April 23, 2009

    […] The Hollywood Gossip put an intriguing blog post on Dr Jay Gordon, HIPAA violation? Really?Here’s a quick excerptWe’re back to the Huffington Post again and this time rather than Jenny McCarthy’s boyfriend, we’re talking about Jenny McCarthy’s son’s doctor Dr Jay Gordon. He recently blogged about an LA Times piece by fellow medical man Dr Rahul Parikh. In his piece Parikh said: One night, we admitted a 9-month-old girl who was having trouble breathing. She arrived with her parents—Mom in tears and Dad tense with worry. Her parents were movie stars from a Hollywood borough who…needed nothing. I […]

  2. Topics about Hollywood-stars » Autism Blog - Dr Jay Gordon, HIPAA violation? Really? « Left Brain … - April 24, 2009

    […] Kev placed an interesting blog post on Autism Blog – Dr Jay Gordon, HIPAA violation? Really? « Left Brain …Here’s a brief overviewSurely Hollywood is full of movie stars? I mean, I’m a Brit so maybe I’m just buying into a cliché – are there really not many movie stars in Hollywood? And as for identifying the child’s age and illness – a 9 month old with a … […]

  3. Research: Kirstie Alley's weight loss program Organic Liaison - Page 33 - Why We Protest | Activism Forum - June 15, 2010

    […] Jay Gordon, HIPAA violation? Really? Autism Blog – Dr Jay Gordon, HIPAA violation? Really? Dr. Jay Gordon – Flu Whisperer? Way of the Woo: Dr. Jay Gordon – Flu Whisperer? Orac gets comments: […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: