It's time once again to point out that privacy laws, with their vague standards and selective enforcement, are more likely to serve privilege than to protect privacy. The latest to learn that lesson are patients mistreated by the Veterans Administration and the whistleblowers who sought to help them. According to the Washington Post:
Citing patient privacy, managers have threatened VA employees or retaliated against those who complain about agency misconduct, according to a key congressman and the union that represents most of the department’s employees.
“VA routinely uses HIPAA as an excuse to punish into submission employees who dare to speak out,” said Rep. Jeff Miller (R-Fla.), chairman of the House Committee on Veterans’ Affairs. He is leading a probe into the coverup of long wait times for VA patients.
David Borer, the American Federation of Government Employees’ top lawyer, listed a number of cases involving a VA claim of patient privacy used to stifle whistleblowers in a June letter to the department.The Office of Special Counsel (OSC), which investigates whistleblower retaliation cases, is “very concerned about the misuse of HIPAA,” said Eric Bachman, an OSC deputy special counsel. “The potential chilling effect of even a small number of these HIPAA retaliation cases is a serious issue and one that should be addressed by the VA in short order.”...
Valerie Riviello is one VA employee who felt the lash of the department’s culture of retaliation.
A registered nurse at the Albany Stratton VA Medical Center in Upstate New York, Riviello said she was threatened with suspension and stripped of managerial duties after she complained last November about how a veteran was treated.Riviello said the vet was unnecessarily restrained, with an arm and leg strapped to bedposts.
“They scared the hell out of me,” Riviello said with worry clear in her voice. “They sent me a letter saying I could go to jail.”
That threat came in the form of an e-mail to Riviello’s lawyer, Cheri L. Cannon, a partner with the Tully Rinckey law firm. The VA e-mail said that information Riviello provided Cannon “unlawfully includes medical records of a VA patient” and noted that violating HIPAA “is a felony offense subject to imprisonment and a fine of up to $250,000.”
Misuse of privacy law is now so common that I've begun issuing annual awards for the worst offenders -- the Privies. The Veterans Administration has officially earned a nomination for a 2015 Privy under the category "We All Got To Serve Someone: Worst Use of Privacy Law to Serve Power and Privilege." The Department is in good company; here are the 2014 nominees.