Indiana’s attorney general has sued the state’s largest hospital system, claiming it violated patient privacy laws when a doctor publicly shared the story of an Ohio girl who traveled to Indiana for an abortion.

The lawsuit, filed Friday in Indianapolis federal court, marked Attorney General Todd Rokita’s latest attempt to seek disciplinary legal action against Dr. Caitlin Bernard. The doctor’s account of a 10-year-old rape victim traveling to Indiana to receive abortion drugs became a flashpoint in the abortion debate days after the U.S. Supreme Court overturned Roe v. Wade last summer.

Rokita, a Republican, is stridently anti-abortion and Indiana was the first state to approve abortion restrictions after the court’s decision. The near-total abortion ban recently took effect after legal battles.

“Neither the 10-year-old nor her mother gave the doctor authorization to speak to the media about their case,” the lawsuit stated. “Rather than protecting the patient, the hospital chose to protect the doctor, and itself.”

The lawsuit named Indiana University Health and IU Healthcare Associates. It alleged the hospital system violated HIPAA, the federal Health Insurance Portability and Accountability Act, and a state law for not protecting the patient’s information.

Indiana’s medical licensing board reprimanded Bernard in May, saying she didn’t abide by privacy laws by talking publicly about the girl’s treatment. It was far short of the medical license suspension that Rokita’s office sought.

Still, the board’s decision received widespread criticism from medical groups and others who called it a move to intimidate doctors.

Hospital system officials have argued that Bernard didn’t violate privacy laws.

“We continue to be disappointed the Indiana Attorney General’s office persists in putting the state’s limited resources toward this matter,” IU Health said in a statement. “We will respond directly to the AG’s office on the filing.”

In July, a 28-year-old man was sentenced to life in prison for the child’s rape.

  • fmstratA
    link
    English
    3
    edit-2
    1 year ago

    I’ve worked deidentifying data in Healthcare so my experience is Safe Harbor is not the end all be all (in my industry anyway). You have to remove outliers of less than a certain threshold, even if it’s based on one data point (abortion plus age (year only but outlier) plus which hospital). This applied to deidentifying for private and government sectors. Glad to hear she likely had representation prior (from the other response).

    In your example, John Doe was one of many without outlier, unless they were risking it (if they gave the hospital).