Medical information about a patient under the care of Providence Alaska Medical Center was released to an Anchorage blogger, with the apparent intention of damaging the reputation of the patient’s legal medical power of attorney.
That medical power of attorney was Anchorage Assemblywoman Jamie Allard, who was trying to help conservative activist Bill Topel, who was then in grave condition due to Covid-19. Topel died two days later on Oct. 13.
Allard, in a note to Ella Goss, the CEO of Providence on Oct. 11 pictured above, said that Topel wanted to try Ivermectin and an infusion of vitamins and minerals.
Allard said his condition was too fragile at that point for him to take the medicine orally, and she was asking for his right to try the infusion method.
That note to Goss contained medical details about a patient. When Goss leaked it to the blogger, she violated that patient’s rights under the HIPAA law, which protects patients’ medical information.
Providence had weaponized personal medical information about one of its patients in order to stop what it perceived as harassment from Topel’s friends and to push back on the strong advocacy by Allard.
HIPAA, the Health Insurance Portability and Accountability Act of 1996, is a federal law that prohibits sensitive patient health information from being disclosed without the patient’s consent or knowledge.
The blog, armed with that letter from Allard to Goss, wrote the story about how Allard had relayed to Goss that Topel’s family would take legal action if the hospital didn’t respond. The story characterized Allard as threatening a lawsuit, and that characterization was repeated in a national blog, The Daily Beast, which headlined its story, “GOP Pol Waged Insane Battle to Treat Dying COVID Patient With Ivermectin.”
Only three people had that email — Allard, attorney Stacey Stone, and Providence CEO Goss. Only Goss had the motive to send it to a hostile blog, but that may have been done through an intermediary. Stone ultimately was not Allard’s attorney on this matter; her attorney is Mario Bird.
From appearances, the act falls into a criminal category.
“The minimum fine for willful violations of HIPAA Rules is $50,000. The maximum criminal penalty for a HIPAA violation by an individual is $250,000. Restitution may also need to be paid to the victims. In addition to the financial penalty, a jail term is likely for a criminal violation of HIPAA Rules,” according to the HIPAAJournal.com.
“Civil penalties for HIPAA violations start at $100 per violation by any individual who violates HIPAA Rules. The fine can rise to $25,000 if there have been multiple violations of the same type. These penalties are applied when the individual was aware that HIPAA Rules were being violated or should have been aware had due diligence been exercised. If there was no willful neglect of HIPAA Rules and the violation was corrected within 30 days from when the employee knew that HIPAA Rules had been violated, civil penalties will not apply,” the journal explains.
“Criminal violations that occur as a result of negligence can result in a prison term of up to 1 year. Obtaining protected health information under false pretenses carries a maximum prison term of 5 years. Knowingly violating HIPAA Rules with malicious intent or for personal gain can result in a prison term of up to 10 years in jail. There is also a mandatory two-year jail term for aggravated identity theft,” according to the journal.