Submitted by New Jersey Nursing License Defense Lawyer, Jeffrey Hark.
There are two additional issues raised by the appellate in this case. A) Did she get proper notice of her violations and or health related issue concerning her behavior, and B) was the public publication of such notice a violation of her privacy rights and HIPAA federally protected privacy rights?
The court squarely addresses both of these issue for future licensees who may have the same concerns. The court states:
Under the UEA, “[i]n its discretion [the Board] may publish at such times as it shall determine a list of nurses licensed under this act, . . . and such other information as it shall deem advisable.” N.J.S.A. 45:11-24(d)(11). The Board has a compelling interest in notifying the public, and future employers, of negative actions taken against a healthcare professional’s nursing license. Appellant cites a statute instructing the Board to create “an Alternative to Discipline Program for board licensees who are suffering from a chemical dependency or other impairment.” N.J.S.A. 45:11-24.10(a). The Board created RAMP, under which “[a]ny information concerning the conduct of a licensee provided to the board” is confidential pending final disposition, and remains confidential “[i]f the result of the inquiry or investigation is a finding of no basis for disciplinary action by the board.” N.J.S.A. 45:11-24.10(f). However, although the Board’s provisional order offered appellant the option of having her comprehensive mental evaluation conducted “under the auspices of” RAMP, she rejected this attempt to “force” her into the RAMP program, instead choosing to use a Board-approved evaluation and normal disciplinary procedures. Moreover, under those procedures, the Board found a basis for discipline.
Furthermore, the Board’s publishing of its orders did not violate the Health Insurance Portability and Accountability Act (HIPAA), 42 U.S.C.A. §§ 1320d to 1320d-9. The information disclosed by the Board was not “created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse.” 42 U.S.C.A. § 1320d(4)(A), (6)(A). Rather, it was created and received by a State board which licenses and regulates health care providers. “The HIPAA privacy restrictions govern only covered entities and their business associates.” Michelson v. Wyatt, 379 N.J. Super. 611, 623 (App. Div. 2005); see 45 C.F.R. § 160.103. Thus, the Board’s disclosure of any “identifiable health information” about appellant did not violate 42 U.S.C.A. § 1320d-6.
Therefore, when the board, via its statutory authorization publishes information on the internet about a licensee’s behavior it is doing so under the guise of “public health and future employers’ as is authorized to do so for the ‘greater good’ of the medical community. Furthur, nothing in the federal HIPAA statute precedes an state board, which ‘regulates’ health care providers’ from disseminating the information as opposed to a health care provider, health care plan or other entity who handles health care information of a person. Again, this theory is based on the board being above the fray and acting solely to protect the public from a licensee who ay have acted in a manner contrary to the public health and welfare with in the last 365 days.