Portland officials claim rules weren't broken when they shared personal data of 200 HIV patients

The city of Portland is mailing letters to more than 200 patients previously enrolled in an HIV-positive health program, apologizing for not disclosing that the city planned to share their personal information with researchers from the University of Southern Maine, a city spokeswoman told Becker's Hospital Review.                                                         

USM's Muskie School of Public Service was conducting a survey on behalf of the city examining whether the closure of the city's HIV program at the India Street Public Health Clinic and transfer of funds to the Portland Community Health Center would negatively impact service.

However, city officials failed to notify former patients it had sent their names, addresses and/or phone numbers to the study's organizers prior to the survey. Although two patients claimed Portland violated patient privacy, the city insists it did not breach HIPAA and cited exemptions for research and program evaluation.

"HIPAA and Maine state statute permit disclosure for legitimate research purposes so long as the researchers are bound by the same privacy protocols that the medical provider is and so long as identifying information is not included in the final research report," city spokeswoman Jessica Grondin told Becker's in an email statement. "So, disclosure of information without patient consent is permitted."

In its letter to patients, the city offered apologies for its failure to inform them of the survey.

"First and foremost, we deeply regret that the city did not do a better job of communicating with [India Street Health Clinic's] patients about the survey and explaining that USM was conducting the survey on behalf of the [city]," the letter states. "Although the survey was requested by and developed in cooperation with the patient advocacy committee … we also recognize that we should have notified all patients in advance."

More articles on cybersecurity:

Trend Micro: 6 cybersecurity predictions for 2018
OCR: 8 tips to ensure former employees don't leak PHI
NHS to spend $26M on security operations following WannaCry attack: 4 things to know

 

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months