April 12, 2017 - Posts

Whistleblower HIPAA Concerns: Frequently Asked Questions

We are frequently asked by our clients about HIPAA and how it impacts their ability to expose fraud on a government program. This is a fair and important question. As lawyers who represent whistleblowers, we need solid evidence of the alleged fraud before we can take a case to state and federal authorities.  We often rely on medical records that are covered by HIPAA to help us build a False Claims Act case.


Below are some of the most common questions we get about HIPAA and our answers.  Each set of circumstances is different and if you are thinking of blowing the whistle, the most important step you can take is hiring an experienced lawyer to help you navigate these waters.


What is HIPAA?

HIPAA is a federal law designed to provide privacy standards to protect patients’ medical records and other health information provided to health plans, doctors, hospitals and other health care providers.


How can I bring confidential medical records to an attorney to discuss a False Claims Act case without violating HIPAA?

HIPAA contains an exception for “disclosures by whistleblowers” that allows you to bring confidential medical records to an attorney if you have a good faith belief that your employer has:

This is known as HIPAA’s safe harbor provision which allows employees to expose fraud by their employer without fear of violating HIPAA.


Who can I share this information with?

While whistleblowers are protected under HIPAA’s safe harbor provision, the information cannot be shared with just anyone. Private health information protected under HIPAA can be shared confidentially with an attorney for the purpose of exposing fraud. It can also be disclosed to a health oversight agency or public health authority who is authorized by law to investigate the alleged violations, or a healthcare accreditation organization if the purpose is to report conduct that violates professional or clinical standards.


Can I be sued by my employer for violating HIPAA?

In an attempt to intimidate whistleblowers, a company may accuse a whistleblower of violating HIPAA. Recent court rulings have protected whistleblowers from this form of retaliation, see United States ex rel. Cieszyski v. LifeWatch Services, Case No. 13cv4052 (N.D. Ill.). In this case, a whistleblower signed a privacy package requiring him to protect confidential patient records and to comply with HIPAA regulations. When the whistleblower took and disclosed HIPAA protected information in order to expose the company’s fraud, the company filed a claim against the whistleblower for violating HIPAA. The Court quickly rejected this claim because of HIPAA’s safe harbor provision. Because the company did not allege the whistleblower was acting with anything other than a good faith belief the company had committed fraud on the government, the Court tossed the company’s claim out.


What about a patient? Can I be sued by them for violating HIPAA?

A whistleblower cannot be sued by a patient for violating HIPAA because an individual does not have a right to sue for HIPAA violations.



In summary, a whistleblower may take and disclose confidential medical records to his or her attorney or a government agency without violating HIPAA if there is a good faith belief that the employer has engaged in unlawful conduct. This exclusion under HIPAA is paramount in supporting whistleblowers in their efforts to expose healthcare fraud.


To learn more about our Whistleblower & Qui Tam practice group, click here. We are always available to answer your questions on a confidential basis.

Get in touch

Contact us today for a free consultation. We are here to work for you!