Slap: University Says It Sued Reporter to Protect Patients
The idea that the University of Kentucky would sue one of its own public radio reporters to block access to basic information about its children’s hospital seemed so hard to believe that I had to ask for clarity.
I sent Jay Blanton, the university’s executive director for public relations and marketing, a few questions, and he quickly replied.
The crux of the university’s argument is that it is in a legal pickle. Through this lens, the lawsuit the university filed against Brenna Angel, the reporter for WUKY who had requested records related to the university’s pediatric cardiac surgery program, is seen as the only option to protect patient privacy and to protect the hospital’s peer review process, which typically allows hospitals to assess the performance of medical staff without fear of public disclosure. Angel has since left WUKY and is now working as the assistant communications director for Lexington's mayor.
As I mentioned in my earlier post, the university is citing the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As the U.S. Office for Civil Rights explains on its website:
The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes. The Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information.
But in responding to me, the university also invoked the lesser-known (at least outside medical circles) Patient Safety and Quality Improvement Act of 2005 (PSQIA). The Office for Civil Rights writes:
PSQIA establishes a voluntary reporting system to enhance the data available to assess and resolve patient safety and health care quality issues. To encourage the reporting and analysis of medical errors, PSQIA provides Federal privilege and confidentiality protections for patient safety information called patient safety work product. Patient safety work product includes information collected and created during the reporting and analysis of patient safety events.
Keep those two explanations in mind when you read the answers Blanton provided to my questions below.
Q: Given that the attorney general has ruled that the records requested by WUKY should be made publicly available, under what legal authority is the university withholding the records?
A: We are appealing the opinion by the Attorney General’s office because we believe it is an incorrect interpretation of the law. In essence, the OAG argues that state open records law trumps federal protections for patients. We respectfully disagree and, as a result, are asking the courts to examine an important legal principle. More specifically, although we have turned over many documents, we have declined to turn over materials which, in our judgment, are protected by the federal Patient Safety and Quality Improvement Act ("PSQIA") or the federal Health Insurance Portability and Accountability Act ("HIPAA"). After the Attorney General declared that the Kentucky Open Records Act trumps HIPAA and dismissed our PSQIA arguments, the university filed an appeal in the Fayette Circuit Court to overturn the Attorney General’s decision. We did so for two reasons: First, we must preserve the federal “peer review” privilege established by the PSQIA. Health care professionals must be able to engage in candid self-critical examinations of past individual and system performance. If peer review materials are disclosed to the media and patients’ families, then no health care professional will be honest and forthcoming. Congress recognized this fact when it enacted the PSQIA and 40 other states have recognized the same principle. Second, we must protect the privacy of individual patients as required by HIPAA. If the media learn the dates of specific surgeries, then the media can determine the identity of individual patients. Similarly, where only small numbers of procedures are performed, revealing statistics regarding mortality can easily lead to the identification of patients.
Q: Why did the university file a lawsuit against Angel instead of filing a suit against WUKY?
A: The university’s conflict is not with Ms. Angel, but with the reasoning of the Office of the Attorney General. Ms. Angel was named as a party only because the statute provides that the Office of the Attorney General is not a party. In appealing the decision of the Office of the Attorney General, the university is seeking to protect the federal peer review privilege and the federal right to patient privacy.
Moreover, Ms. Angel sought the opinion from the OAG. The same legal counsel represents both the hospital and the radio station. Institutionally, both cannot be represented by the same counsel in the context of a legal proceeding.
As a result, Ms. Angel is named as a party only because of a statutory technicality. We are not seeking damages or injunctive relief from Ms. Angel. We provide legal representation to UK employees who are sued for damages or injunctive relief for actions within the scope of employment. Since there is no claim for damages or injunctive relief and since she is only a nominal party, there isn’t an issue regarding representation.
Q: Given that the Lexington Herald-Leader requested the same records as Angel, why did the university decide to not pursue a similar lawsuit against the newspaper?
A: The Herald-Leader, to the best of my knowledge, did not appeal our response to their open records request. Ms. Angel did, thus prompting the court action as we respectfully disagree with the opinion.
We did respond to the Herald, but they have not appealed our response. There is no legal action that could be taken.
Q: I know that the university has cited HIPAA as a reason for denying WUKY’s public records request. How, specifically, does releasing this information described in WUKY’s request violate federal HIPAA? That request included: 1) The date of the last surgery performed by Dr. Mark Plunkett. No patient information is requested. 2) The mortality rate of pediatric cardiothoracic surgery cases in 2010, 2011 and 2012.
A: In both cases you describe above, there are a relatively small number of patients involved (there are a number of procedures, potentially, but a small number of patients, some of whom had multiple procedures performed). Discussing specific dates or mortality rates could result in the disclosure of identities and health information protected by federal law.
I asked Blanton some follow-up questions, and he sent me a quite detailed legal justification for the university’s position, a justification that has broad ramifications for reporters and patient safety advocates. I will explore it in more depth in a future post.
Have your own ideas on the how federal law should apply in this case? Write askantidote@gmail.com or on Twitter @wheisel.
Photo by Brian Turner via Flickr
Here are more of Heisel's posts on the University of Kentucky court case:
Slap: University of Kentucky Sues Its Own Public Radio Reporter
Slap: University of Kentucky Has Threatened A Reporter Before
Slap: Kentucky Court Case Could Slam Door on Patient Safety Information
Slap: University Fighting Access to Patient Safety Records on All Fronts