IU Health has stated that the abortion doctor who took the story of a ten year old girl from Ohio to the Indianapolis Star did not violate HIPAA. I am totally calling bullshit.
HIPAA, like its education counterpart, FERPA, is meant to prevent the release of identifying information. It’s not just name, birthdate, etc., it’s any information that can be used to personally identify an individual, including demographic information–age, state of residence, etc..
A rule of thumb in education when working with large datasets is that any cohort that numbers less than five is excluded from publication because it could possibly be used to identify an individual.
According to Dr. Howard, the director of the HIPAA Privacy Program at the University of Arizona: “A good rule of thumb is if the information can reasonably be linked back to an individual, and the past, present or future provision of health care to that individual, it is identifiable.”
The information that doctor provided to the press led right to this little girl’s door. Not a lot of raped ten year old girls from Ohio coming to Indiana for abortions. You have a cohort of exactly one (I hope).
IU Health is only going by the items specially mentioned in the law and they forgot or overlooked the final catch-all that includes ANY unique identifier. It was a clear violation and for them to not recognize it as such shows that they should not be trusted with any medical information.
Midwest Chick's Place 
Leave a Reply