Porn, Privacy, HIPAA – Redux

September 3, 2010 XBiz.com  

 The Privacy Rule allows medical providers, such as AIM, to disclose protected health information, without authorization, to a public health agency that are legally authorized to receive such reports for the purpose of preventing or controlling disease, injury, or disability. 

In February, the AIDS Healthcare Foundation took their fight against AIM and the adult industry to the authorities of the federal Office for Civil Rights, a federal agency under the U.S. Department of Health and Human Services that enforces HIPAA, the California Office of Health Information Integrity enforcement Unit and Los Angeles County’s Health Facilities Inspection Division.

Rhett Pardon, of XBIZ, quoting AHF’s letter stated, “The authorization is essentially a waiver of privacy rights that is against public policy,” the letter said, citing Civil Code § 56.37. “Disclosures of testing results pursuant to such an invalid authorization would therefore appear to breach the actors’ privacy rights.”

The U.S. Department of Health and Human Services will now investigate whether AIM has violated California Civil Code § 56.37 as well as federal law. Jeffery Douglas, attorney for AIM, has stated that AIM’s HIPAA release has been vetted by experts in the privacy law and HIPAA and that AIM stands behind its release.

So what happens now and what does this mean to the industry and more specifically to performers and producers of adult content? If the investigation concludes that AIM’s release is too broad, their release may have to be rewritten, limiting who, how and for how long testing results may be disclosed. This may change how the industry handles the issue of testing between producers and performers. Access to testing results by producers may have to be blocked with only performers showing each other test results prior to shooting.

Performers themselves could share testing results with the producers though. There is no restriction on an individual’s rights to share their medical history or test results with whomever they wish.

Obviously, this issue will continue to evolve and everyone must stay informed as to how HIPAA may change how the industry does business. Cal/OSHA will be holding hearings later this month (June 29, 2010) as to the use of condoms on adult sets.

The original article “Porn, Privacy and HIPAA” was published in the summer of 2009 in XBIZ directly after the last HIV outbreak in the industry, however the issues covered in it remain relevant. The following are excerpts from that article.

Within HIPAA are confidentiality provisions of the Patient Safety Rule that prevent, in certain circumstances, the public disclosure of private healthcare information of a patient by a medical provider, health plan and health care clearing houses.

However, HIPAA does not apply to employers. The Privacy Rule does not prevent your employer from asking you information about your health if your employer needs the information to administer sick leave, workers’ compensation, wellness programs, or health insurance. However, if your employer asks your health care provider directly for information about you, your provider cannot disclose the information in response without your authorization.

It should be noted that if your private medical information is disclosed by a medical provider, that medical provider or their employee may face civil as well as criminal liability. A Los Angeles woman was indicted under the federal HIPAA privacy law for accessing the private medical records of celebrity patients at UCLA Medical Center and selling information obtained from those files to a national media outlet. The celebrities whose records were breached reportedly included actress Farrah Fawcett, singer Britney Spears and California first lady Maria Shriver.

The Privacy Rule allows medical providers, such as AIM, to disclose protected health information, without authorization, to a public health agency that are legally authorized to receive such reports for the purpose of preventing or controlling disease, injury, or disability. In this case, the Los Angeles County Public Health Department would be such an agency. Generally, medical providers are required to limit the protected health information disclosed for public health purposes to the minimum amount necessary to accomplish the public health purpose. Unfortunately, HIPAA prevents the public disclosure of those that are infected or who may have been exposed.

However, individual performers that might be afraid that they were exposed could still inquire into the identity of those exposed to determine if they if fact were. Private disclosure in the interest of public health may be allowable. Under the Privacy Rule, a medical provider may disclose protected health information to a person who is at risk of contracting or spreading a disease or condition if other law authorizes the covered entity to notify such individuals as necessary to carry out public health interventions or investigations. For example, a covered health care provider may disclose protected health information as needed to notify a person that (s)he has been exposed to a communicable disease if the covered entity is legally authorized to do so to prevent or control the spread of the disease.

However, performers must be careful about sharing what information they may learn. An infected performer that is “outted” by another individual can file a lawsuit under the common law theory of public disclosure of private facts. If a false report is made as to a performer’s HIV positive status, that performer may have a claim for false light. This is were the plaintiff is placed into a false light in the eyes of the public that may damage their career and cause emotional distress. Obviously, if someone mis-reports that a performer is HIV positive or even exposed to HIV that can cause great distress as well as the lost of a career. Damages for both public disclosure and false light could be extensive.

Overall, in an adult industry that lays its self open to all that consume its product, there is still a need for privacy within the industry.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s