WASHINGTON - The Justice Department has decided that most health care employees
can't be prosecuted for stealing personal data under a privacy law intended to
protect medical information.
The ruling could jeopardize the lone conviction obtained under medical privacy
rules that took effect in 2003 and could stop federal prosecutors from pursuing
some of the more than 13,000 complaints that have been filed alleging violations
of those rules.
The health care industry has long sought to limit the effect of the rules and
the 1996 privacy law, the Health Insurance Portability and Accountability Act,
on which they are based, although officials at several industry trade groups
said Tuesday they did not lobby the Justice Department on this topic.
Hospitals, insurers, doctors and other health care providers that bill for
their services are subject to criminal prosecution under the law, according
to the June 1 memo signed by Steven G. Bradbury, the Justice lawyer who heads
the office of legal counsel.
But a hospital clerk, for example, and other employees cannot face criminal
penalties because the law doesn't apply to them, Bradbury wrote.
The memo was the subject of extensive internal debate within the Bush administration,
with at least one federal prosecutor voicing opposition to its conclusion.
"As prosecutors in the field, we're disappointed with the opinion,"
said Emily Langlie, spokeswoman for U.S. Attorney John McKay in Seattle.
Last August, McKay's office obtained a guilty plea from a technician at the
Seattle Cancer Care Alliance. Richard W. Gibson was sentenced to 16 months in
prison after admitting that he stole the identity of a cancer patient and used
the information to obtain credit cards in the patient's name. Gibson bought
$9,100 worth of jewelry, video games and a barbecue grill using the cards.
"This case should serve as a reminder that misuse of patient information
may result in criminal prosecution," McKay said at the time.
Langlie said prosecutors are waiting to see if Gibson attempts to withdraw
his plea or a federal judge intervenes. She said he could be prosecuted for
Peter Swire, who was the Clinton administration's top privacy law expert, called
the opinion bad law and public policy.
"It looks like they decided on the outcome for political reasons, namely
the health care industry's desire to get out from criminal prosecution,"
said Swire, a law professor at Ohio State University.
Officials at the Justice and Health and Human Services departments declined
to comment Tuesday. The existence of the memo was first reported by The New
Robert Gellman, a consultant on privacy and information policy, said the memo
leaves the bulk of the health care work force outside that interpretation.
"In terms of the misuse of records, it's not health care professionals
who are the likely problems," Gellman said. "This didn't seem to be
such a big issue just a few months ago, when they had the prosecution. I find