After four years of legal proceeding for Susan Jordan, The Court of Appeals of Virginia ruled that the University of Virginia Medical Center (Medical Center) could not fire her for obtaining her ill ex-husband’s medical records, after he was diagnosed with cancer.
On April 23, 2014, Susan Jordan was fired for looking at her ex-husband Kurt’s medical records “without authorization”. Both Jordan’s were employed at the Medical Center, and were registered nurses. Susan was an employee for six years with a “spotless personnel record and nothing but positive performance evaluations,” according to an appeal memo. Despite their divorce, they maintained a “very close and trusting relationship,” and that’s why he executed legal documents to have her act as his agent in 2012. He completed the Medical Center’s authorization form, for her to have the full authority to gain access to his medical records, along with a durable power of attorney and an advanced medical directive.
Four times after a clinical visit between December 2013 and February 2014, Kurt, weak, with tremors and having difficulty seeing, asked for her help in understanding lab results, according to court documents. At least two of these times, Susan’s supervisor was present and approved the access.
On February 2, 2016, after the appeal made by the Medical Center, The Court of Appeals of Virginia upheld the March 24, 2015 ruling of all three independent reviewers which found that Susan was unfairly fired.
Fast forward to February 25, 2016, when Director of the Office for Civil Rights, Jocelyn Samuels stated in the press release, “at the Office for Civil Rights (OCR), we believe strongly that every individual should be able to easily exercise their right to access their health information, allowing them to be fully engaged in their care and empowered to make the health care decisions that are right for them. The HIPAA Privacy Rule has always provided individuals with the right to access and receive a copy of their health information from their providers, hospitals, and health insurance plans. But this right has not always been well-understood, and far too often individuals face obstacles accessing their health information, even from entities required to comply with HIPAA.”
“Furthermore, the right to have information sent directly to a third party empowers individuals to send their information wherever they want it to go – for example, to another health care provider, a friend or family member, researchers, or even a consumer tool such as a personal health record or mobile health app,” says Director Samuels.
Would the outcome had been different given the new guidance by the OCR?
Would the Medical Center have continued their legal battle regarding the firing of Susan Jordan?
Unfortunately, Kurt Jordan will never know, he passed away on January 30, 2015.
Judith Lindsay, CHP and CEO of JAL Consult tackles all the elements of HIPAA compliance puzzle. Successfully assisting organizations to make sense of it all by implementing the correct policies and procedures that are reasonable and appropriate for their entity. Judith provides consulting, training and is available for speaking engagements. To read more about the world of compliance subscribed to JAL’s insightful newsletter at www.jalconsultantsaz.com OR follow JAL on Twitter @ judithconsult
Personal Information Collected Online
•Personal Information means personally identifiable information such as information provided via forms, surveys, applications or other online fields including name, postal or email addresses, telephone, fax or mobile numbers, or account numbers.
•Before or at the time of collecting personal information, JAL will identify the purposes for which the information is being collected.
•JAL will collect and use personal information solely for the purpose of fulfilling specific contracted engagements or for other compatible purposes, unless consent is obtained from the company and/or individual concerned or as required by law.
•JAL will retain personal information as long as necessary for the fulfillment of a specific contract or for a specific purpose.
•JAL will collect personal information as deemed lawful and where appropriate with the knowledge and/or the consent of the individual or company.
•Personal data should be relevant to the extent of necessary purposes and should be accurate, complete and up-to-date.
•JAL will protect personal information by reasonable safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
•JAL will make readily available to customer’s information about our policies and practices relating to the management of personal information. Terms and Conditions
JAL is committed to conducting our business in accordance with these principals in order to ensure that the confidentially of personal information is protected and maintained. By accessing this website, you are agreeing and bounded by these Website Terms and Conditions of Use, all applicable laws and regulations. If you do not agree with these Terms and Conditions, you are prohibited from using or accessing this website. The materials contained in this Web Site are protected by all applicable copyright and trade mark laws.
Our Online Notices are subject to change. Please review it periodically. If we make changes, we will revise the “Last Updated” date at the top of this Notice. Any changes will become effective the date the revised Notice is posted on the Site.