Archive for Planned Parenthood Southwest Ohio Region

Planned Parenthood has a history of failing to protect patient privacy under HIPAA

Posted in Center for Medical Progress, HIPPA, Planned Parenthood HPPA with tags , , , , , , , , , , , , , , , , , on November 28, 2017 by saynsumthn

Americans are told that abortion is a “right” based on privacy. But when abortion providers like Planned Parenthood violate the privacy of women, abortion-friendly media and politicians are silent.

Planned Parenthood receives half a billion dollars annually from taxpayers and claims the majority of these dollars are Medicaid reimbursements. According to the Centers for Medicare and Medicaid Services (CMS), recipients of government programs that pay for health care, like Medicaid, must comply with the Health Insurance Portability and Accountability Act known as HIPAA.

But is Planned Parenthood following HIPAA laws? Multiple instances of privacy breaches at Planned Parenthood say no.

The latest video released by the Center for Medical Progress (CMP) further confirms what many already know all too well: when it comes to the privacy of abortion patients, Planned Parenthood is anything but trustworthy. Former Stem Express procurement technician, Holly O’Donnell, told CMP that Planned Parenthood revealed private patient medical information to third party contractors at fetal tissue procurement agency StemExpress in order to meet the company’s quotas for harvesting body parts from Planned Parenthood abortions:

O’Donnell said Planned Parenthood staff provided StemExpress contractors with private medical information of pregnant women coming into Planned Parenthood: “We’d go to the head nurse, let the nurses know, hey, this is what I’m looking for today. They’d give you a sheet of the appointments, which women were coming in, and it would tell you how many patients, what time they were coming in, their name, and if they knew how far along they were.”

Clearly, disclosing patient names is a violation of HIPAA.

According to HHS, the Privacy Rule protects all “individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral… Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).”

In 2016, the Washington Times reported, “The day before abortions were scheduled to take place… StemExpress was notified by fax by the clinics and granted medical files on individual patients.” O’Donnell told CMP that Planned Parenthood handed over a list of patient names and other private information to third party contractors before these patients signed a consent to release their personal information.

O’Donnell also reveals that Planned Parenthood gave StemExpress access to patient medical charts and even to the clinics’ computer network to download patient schedules across the entire Planned Parenthood affiliate. Emails from StemExpress management instruct procurement technicians: “EVERY Friday – please provide schedules for all the clinics you work in,” and, “All computers have access to other clinics.”

While this should shock politicians and media alike, tragically, accusations of carelessness and lack of concern for patient privacy at Planned Parenthood is not new.

In September of 2016, Live Action News released a two-part series exposing the way Planned Parenthood and the general abortion industry recklessly handles patient privacy. In those reports were documented case after case where Planned Parenthood was given a slap on the wrist for violating patient privacy — and in the cases reviewed at that time, no civil penalties had been issued.

CMS states that the U.S. Department of Health and Human Services Office for Civil Rights “enforces the HIPAA Privacy, Security, and Breach Notification Rules. Violations may result in civil monetary penalties. In some cases, criminal penalties enforced by the U.S. Department of Justice may apply.”

Breaches expose thousands of individuals

1. Planned Parenthood of Greater Washington and North Idaho (PPGWNI): 10,700 individuals exposed

A review of archived privacy breaches on file with the Office for Civil Rights (OCR), which affect more than 500 patients, reveals that in August 2016, Planned Parenthood of Greater Washington and North Idaho (PPGWNI), reported a breach which exposed 10,700 individuals.

2. Planned Parenthood Southwest Ohio: 5,000 individuals exposed

Another breach report states that on October 1, 2014, Planned Parenthood Southwest Ohio disposed of binders containing protected health information (PHI) for 5000 individuals, including names, dates of birth, lab results, and medications. Exactly what occurred in the privacy breach? Planned Parenthood’s archived prescription dispensing logs and waived lab test logs were left in an unlocked closet after business hours and a custodian mistakenly put them in a trash dumpster. The following morning, the dumpster was emptied by the trash collector, who took it to be buried with other garbage at a landfill that same day. And, as Planned Parenthood often claims it does when it violates government requirements, Planned Parenthood told the OCR that they conducted an investigation and re-trained all staff regarding HIPAA policies and procedures.

3. Planned Parenthood of the Heartland: 2,506 individuals exposed

Still under investigation is a July 2016 breach report reported by Planned Parenthood of the Heartland. This breach for “Unauthorized Access/Disclosure” affected 2,506 individuals. No additional information is available from OCR; however, HIPAA Journal reported the following:

The health center permanently closed its doors to patients this April year and the premises was listed for sale and was sold. However, hard copies of patient files were left in the Dubuque health center. In April 2016, individuals entered the medical center and could potentially have viewed and/or copied patient files. The potential breach was discovered by Planned Parenthood on May 6, 2016. The files have now been removed from the premises and have been secured. Planned Parenthood said this was an isolated incident and is not representative of the stringent privacy standards usually maintained by the healthcare organization.

Health Care Compliance Association summarized another case where Planned Parenthood violated privacy of a patient.  In January 2017, HCCA wrote, “a complaint filed against Planned Parenthood alleged that an employee posted a description of the procedure the individual had performed at the clinic on the individual’s public Facebook page.”

In response, HCCA states, “OCR sent Planned Parenthood the regulatory section on reasonable safeguards
and encouraged it to “assess and determine whether there may have been noncompliance… and if so, to take steps to ensure such noncompliance does not occur in the future.”

Other breaches

In addition to those listed above, the following are known instances of privacy breaches at Planned Parenthood:

  • California Planned Parenthood patient reported that following her visit, she received two text messages from an anonymous number, reading, “Damn, you have an STD WOW.”
  • Napa Planned Parenthood receptionist admitted to state officials that she had looked at private patient records because she was curious.
  • Alleged Planned Parenthood patient wrote online, “a worker there told a family member of mine about my privacy.”
  • In 2011, OCR received a complaint alleging that a worker at Planned Parenthood in New York “impermissibly disclosed” the complainant’s health information to her sister’s friend.
  • In 2012, a complainant informed the governing body that she had received a call from Planned Parenthood of Northeast Ohio asking her to contact them regarding recent test results. During the call, it was determined that she was not the correct patient.
  • In 2013, OCR was notified that Planned Parenthood of Delaware violated the Federal Standards for Privacy of Individually Identifiable Health Information.
  • That same year, Melody Meanor, the former Health Center Manager of Family Planning at Planned Parenthood of Delaware in Wilmington went public to expose the center’s privacy policies. A video and transcript of her statement is available online.
  • In 2013, a complaint was filed against a Planned Parenthood in Chicago, Illinois, which alleged that an employee impermissibly disclosed her private health information to a third party on Facebook.
  • complaint received by OCR in 2014 alleged that a Planned Parenthood in Trexlertown, Pennsylvania, violated the Federal Standards for Privacy Identifiable Health Information after sending a bill for a patient to the wrong person.
  • A 2014 complaint filed with the Texas Medical Board by former Planned Parenthood director, Abby Johnson, alleges that a Texas Planned Parenthood e-mailed their abortionist the ultrasound information of their patients — but not in encrypted form.
  • TAB, a records management company working with PPFA for over a decade, identified what they called “some serious problems” with the records of Planned Parenthood of Illinois, which oversees 17 branch locations.

In CMP’s video interview, O’Donnell tells David Daleiden that she has witnessed her colleagues log onto Planned Parenthood’s computers. O’Donnell provided copies of e-mails to CMP to support her claims.

“They would let us look at the physical charts outside the room,” O’Donnell stated, claiming that she was even asked to write in a Planned Parenthood patient’s chart, which she says she refused to do.

So much for privacy at Planned Parenthood.

  • This article is reprinted with permission. The original appeared here at Live Action News.

Planned Parenthood of Ohio Supreme Court Case regarding failure to report child abuse of teenage victim, seeking medical docs

Posted in child abuse, child predator, Planned Parenthood and Child Predators with tags , , , , , , , , , , , on January 3, 2012 by saynsumthn

Case No. 2007-1832, John and June Roe, Individually and as parents and next friends of Jane Roe, a minor v. Planned Parenthood Southwest Ohio Region, Roslyn Kade, M.D., and John Does 1-6

Vodpod videos no longer available.

Case No. 2007-1832, John and June Roe, Individu…, posted with vodpod

Supreme Court of Ohio – Oral Argument Previews

Court Asked To Order Disclosure of Medical Records of Minors Who Obtained Abortions
John and June Roe, Individually and as parents and next friends of Jane Roe, a minor v. Planned Parenthood Southwest Ohio Region, Roslyn Kade, M.D., and John Does 1-6, Case no. 2007-1832
1st District Court of Appeals (Hamilton County)
ISSUE: In pursuing a civil lawsuit against a clinic for allegedly failing to obtain parental consent before performing an abortion on a 14-year-old girl and allegedly failing to report known or suspected sexual abuse of a minor to police or a children’s services agency, are the parents of the girl entitled to compel the clinic to provide them with the medical records of all minors who obtained abortions through the clinic during the previous 10 years, with information identifying the patients redacted?
BACKGROUND: This case involves Jane Roe of Cincinnati, a 14 year old who obtained an abortion from Planned Parenthood of Southwest Ohio in March 2004. In subsequent legal filings, Planned Parenthood has stated that Jane told its medical staff she had been impregnated by a school classmate and that her parents knew and approved of her plan to obtain an abortion. The clinic also stated that when its representative called the phone number provided by Jane, an adult male who identified himself as Jane’s father answered and confirmed that he knew about and consented to the procedure.
Within weeks after the procedure was performed, a police investigation revealed that Jane had been sexually abused and impregnated by her 21-year-old soccer coach, John Haller; that the phone number provided to Planned Parenthood by Jane had been Haller’s number rather than that of her parents; and that the man the clinic had notified and from whom it had obtained consent for the abortion was Haller, not Jane’s father. Haller was later convicted on seven counts of sexual battery.
Jane’s parents subsequently filed a civil suit on their own behalf and on behalf of Jane seeking compensatory and punitive damages from Planned Parenthood and the physician who performed the abortion. The suit alleged that Planned Parenthood and the doctor intentionally breached their legal duties to: (1) notify Jane’s parents and obtain their consent before performing the abortion; (2) provide Jane with all the information required by law before obtaining her consent to the procedure; and (3) notify police or a child services agency of a known or suspected case of sexual abuse of a minor. In seeking punitive damages from the clinic and doctor, the Roes alleged that the intentional breaches of legal duties in the clinic’s handling of Jane’s case were part of a “pattern or practice” of similar breaches in other cases.
During pretrial proceedings, the Roes filed a discovery motion demanding that Planned Parenthood provide them with copies of all medical records and sexual abuse reports in its files for every minor who had sought an abortion from the clinic in the preceding 10 years. When the clinic refused to comply, the Roes sought and were granted an order of the Hamilton County Court of Common Pleas ordering the clinic to produce the requested records, with all information disclosing the identity of the other patients redacted (blacked out) from the records. Planned Parenthood appealed the trial court’s discovery order to the 1st District Court of Appeals, which reversed the trial court and invalidated the discovery order for the other patients’ records.
The Roes now ask the Supreme Court to reinstate the trial court’s discovery order. They argue that:
• The court of appeals erred by reviewing the trial court’s order under a de novo rather than a much more deferential abuse-of-discretion standard of review. They assert that trial courts have wide discretion to determine whether and when discovery of requested documents is necessary for a plaintiff to establish his claims, and claim that the court of appeals improperly substituted its judgment for that of the trial court by duplicating a balancing test between the Roes’ need for the requested medical records and the confidentiality rights of the clinic’s other patients, especially in light of the fact that all identifying information from the patient records was to be rendered unreadable prior to disclosure.
• The Roes assert that under R.C. 2151.421, the state law requiring certain professionals to disclose known or suspected child abuse to police or child welfare authorities, a proven claim that the clinic systematically failed to report sexual abuse in this case and other patient’s cases would entitle them to punitive damages, and that they need access to the medical records and abuse reports of other minor patients in order to substantiate that pattern of wrongful conduct.
• They also argue that a state law barring the use of sexual abuse reports in lawsuits against the party filing such reports does not bar them from accessing sex abuse reports filed by Planned Parenthood regarding other abortion patients, because the Roes are not suing the clinic for filing those reports, but rather for its failure to file a report in Jane’s case and other similar cases.
Attorneys for Planned Parenthood respond that:
• The court of appeals properly employed a de novo standard of review in overturning the trial court’s discovery order because the clinic’s appeal was based on a question of law (the privileged status of patient medical records) rather than a question of fact for which a trial court’s discovery rulings are reviewed on an abuse-of-discretion standard.
• They contend that because R.C. 2151.421 created a statutory cause of action that did not exist at common law before the 1851 state constitution was adopted, and the legislature did not expressly state in the statute that violations entitle a plaintiff to punitive damages, plaintiffs suing under the statute are limited to seeking only compensatory damages. In the absence of a right to seek punitive damages for a “pattern or practice” of breaches, they add, the trial court erred in finding that there was a “need” for the Roes to examine the privileged medical records of any patient other than Jane in order to prove their claim that the clinic breached its duties in handling Jane’s case.
• Planned Parenthood also argues that R.C. 2151.421(H)(1) expressly prohibits disclosure to the Roes of information from child sexual abuse reports that the clinic filed regarding any of its other patients, and specifically bars the Roes from using information from such reports “as evidence in any civil action or proceeding brought against the person who made the report.”
NOTE: Numerous amicus curiae (friend of the court) briefs have been filed on behalf of both parties in this case. The full text of those briefs and other filings can be accessed online by searching the Court’s online docket at http://www.supremecourt.ohio.gov/Clerk/ecms/default.asp. Click “Go,” and on the search screen enter Case No. 2007-1832.
Contacts
Brian E. Hurley, 513.784.1525, for John & June Roe and Jane Roe.
Daniel J. Buckley, 513.723.4000, for Planned Parenthood of Southwest Ohio.
Return to top
These informal previews are prepared by the Supreme Court’s Office of Public Information to provide the news media and other interested persons with a brief overview of the legal issues and arguments advanced by the parties in upcoming cases scheduled for oral argument. The previews are not part of the case record, and are not considered by the Court during its deliberations.
Parties interested in receiving additional information are encouraged to review the case file available in the Supreme Court Clerk’s Office (614.387.9530), or to contact counsel of record.