California Senator Liz Figueroa (D-Fremont) said she would introduce the bill in January when the state Senate returns for its next regular session. Figueroa said her bill would prohibit anyone possessing information involving California patients from sending that information abroad, according to a San Francisco Chronicle report.
This in effect would bar state hospitals from outsourcing transcription work unless they could guarantee that all related files remain within the country. Thus, the hospitals would be more responsible for the subcontracting of transcription work as well, which was the root of the problem in the case of the Health Insurance Portability and Accountability Act ( HIPAA) extortion (See Pakistani Threatens HIPAA Extortion ).
The Pakistani worker, Lubna Baloch, had been doing cut-rate clerical work for UCSF through a subcontractor hired to handle a portion of the health-care system’s voluminous medical-transcription workload. Earlier this month, Baloch sent an e-mail saying one of the subcontractors owed her money, and unless the hospital found the subcontractor and remedied the situation, patient medical records were going up online.
“Your patient records are out in the open to be exposed, so you better track that person and make him pay my dues or otherwise I will expose all the voice files and patient records of UCSF Parnassus and Mt. Zion campuses on the Internet,” Baloch wrote in her demand email. To show she was serious, Baloch even attached actual files containing diction from UCSF doctors.
After receiving the email, administrators at the hospital immediately began to think of the implications this disclosure could have under the HIPAA. Under HIPAA, health-care organizations are required to maintain strict shrouds of privacy around patient medical records. However, those laws are virtually unenforceable overseas, where much of the labor-intensive transcribing of dictated medical notes to written form is being exported.
“California already has the strongest medical-privacy laws in the nation, ” Figueroa told the Chronicle. “But not strong enough. There’s always something you didn’t anticipate.” And in this case, the nuisances of HIPAA provisions may work in Figueroa’s favor .
In most instances, federal law would trump state law, and the HIPAA outlines rules for safeguarding medical data. Thus anyone doing transcription work for a US hospital would be required to uphold HIPAA standards, even if the law is virtually unenforceable overseas. A unique aspect of HIPAA, though, is a provision that if a state adopts more stringent restrictions, state law will prevail.
“If there were a statute that no health care information in California could be disclosed outside the country, HIPAA wouldn’t have a problem with that,” Paul Smith, a San Francisco attorney specializing in health-care issues, told the Chronicle.