A recent opinion examines the interplay between the Health Insurance Portability and Accountability Act (“HIPAA”) and the False Claims Act (“FCA”). Relators Pam Howard and Eben Howard filed a wrongful termination action against Arkansas Children’s Hospital – a covered entity under HIPAA – alleging that they were terminated after expressing concern about the hospital’s billing practices in violation of the FCA and several other statutes. The relators allege that they were terminated from their positions after raising concerns regarding the manner in which the hospital billed the federal government. The Howards shared with an attorney protected health information (“PHI”) that they had retained in anticipation of their lawsuit.

The hospital filed a motion for partial summary judgment, contending that the plaintiffs do not qualify as whistleblowers under the FCA and, thus, also do not qualify for HIPAA’s allowance for disclosure of PHI by whistleblowers in certain circumstances. The defendants also requested a ruling that the plaintiffs’ sharing of PHI did not constitute a protected disclosure by a whistleblower under HIPAA. The HIPAA regulations state that a “covered entity is not considered to have violated [the Privacy Rule] if a member of its workforce . . . discloses [PHI,]” so long as certain criteria are satisfied. The court concluded that no HIPAA violation occurred here because: (i) the plaintiffs were members of the hospital’s workforce prior to termination; (ii) they believed that the hospital behaved unlawfully, violated professional or clinical standards, or was endangering patient safety; and (iii) the disclosure was to an attorney for purposes of determining legal options.

A copy of the court’s opinion can be accessed here.