that hospital involved is gonna lose a whole lot of money lol
I suspect it depends upon the specifics of the case. I agree with the physicians on the EM forum that this would make more sense as an EMTALA than a HIPAA issue. If anything, the debt collector here would be preventing or delaying pt care. If, in fact, that was happening, then suits for EMTALA violation would be appropriate. On the other hand, if the patients bothered in the waiting room are only those identified as ESI 4s and 5s (maybe even some 3s), then I'm not so sure it'd even really be much of an EMTALA issue (as long as pts are not being harassed and made to feel they should not be there as a result). Still not in good taste (nor something I'd want to see), but I'm not so sure a lawsuit would really fly under those conditions. As long as the initial triage assessment is never impeded and the MSE is not delayed (or prevented) as a result, I would think it would be more a matter of angry pt complaints than one of legal ramifications.
The law considered in the article, then, is HIPAA. It seems this could be due to an appeal to EMTALA falling flat. However, HIPAA does not appear to have been explicitly violated (at least from what I saw). The example given was:
By giving its collectors access to health records, Accretive violates the Health Insurance Portability and Accountability Act, colloquially known as HIPAA, Ms. Swanson said. For example, an Accretive collection employee had access to records that showed a patient had
bipolar disorder,
Parkinsons disease and a host of other conditions.
That does NOT violate HIPAA as it falls under the OPERATIONS clause of the law (i.e., a medical record may be accessed for purposes relating to the operations of the organization). Unless that employee actually abused said access, no violation occurred. (Of course, the hospital's EMR could have been better segregated in terms of access and it would be preferable to avoid revealing diagnoses to billing. At the same time, these are often the people recepting a patient and so will likely be aware of such things regardless and must at least see the c/c in triage since they have to enter it into the computer there.)
Source:
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/usesanddisclosuresfortpo.html
In addition, certain health care operationssuch as administrative, financial, legal, and quality improvement activitiesconducted by or for health care providers and health plans, are essential to support treatment and payment. Many individuals expect that their health information will be used and disclosed as necessary to treat them, bill for treatment, and, to some extent, operate the covered entitys health care business.
In essence, I think this hospital used poor judgment and think the company's approach is generally inappropriate; however, I would not go so far as to say anything they are doing is
necessarily illegal (at least as stated in the article), although I agree it is in
very poor taste. I also wonder how much spin was placed on this article. It sort of reads like a long list of what individual employees did wrong rather than an overall analysis of their approach. For example, issues such as talking about a pt's condition (disabled vs. terminal) may have been completely inappropriate one-time discussions (e.g., an employee talking about clinical issues in a moment of gossip) vs. a potentially valid discussion related to insurance and billing vs. an indication of a very gossipy and non-HIPAA-compliant company culture.