If you find yourself in a position to blow the whistle on fraud in your organization, there are a lot of questions and grey areas that come up. At the beginning stages of building your case, you’ll have to gather a lot of evidence to prove an instance of fraud, but this is not so simple for healthcare workers.
A challenge for potential whistleblowers is understanding what an individual can take from their employer in order to prove their violation of the False Claims Act or compliance regulation, while navigating privacy laws like HIPAA.
The importance of understanding HIPAA in whistleblowing
Potential whistleblowers shouldn’t let HIPAA deter them from coming forward with their cases. There are exceptions designed to permit vital whistleblower activities:
HIPAA Whistleblower Safe Harbor – Protects whistleblowers to disclose HIPAA-protected material to their attorneys and the government in the instance that the whistleblower believes in good faith that their employer has provided unlawful or dangerous care. To clarify, whistleblowers can disclose PHI to evaluate potential claims and to submit required information for the False Claims Act.
De-identification Safe Harbor – Whistleblowers can comply with HIPAA by removing identifying information (names, birthdates, treatment dates, geographical information, etc.) from evidential documentation. PHI must be completely removed from the document, not just covered, to be protected by the de-identification safe harbor.
HIPAA Whistleblower Retaliation Protection – HIPAA-protected entities are forbidden from threatening, intimidating, harassing, discriminating against, or taking any other retaliation against whistleblowers.
As an example, let’s look at the case of United States v. Safeway, Inc. from 2106. In this case of pharmacy overcharging, the whistleblower provided 18 instances of false claims. While the defendant claimed these claims contained information that violated HIPAA, the court ruled that since only initials were used to name patients, the claim was protected by the de-identification safe harbor. However, even if full names were used in discussion with the whistleblower’s attorney, it was protected under the whistleblower safe harbor.
Reporting fraud that involves HIPAA-protected information
While there are measures in place for protecting whistleblowers in HIPAA-protected organizations, it’s in your best interest to have a whistleblower expert guide you through the process.
If you have witnessed wrongdoing in any healthcare or pharmaceutical setting, the best first step would be to reach out to the team at the DJO Whistleblower Law Group to set up a confidential consultation and determine the best approach for your unique situation. We can help guide you through the complex process, make sure you are protected, and potentially get you the reward you deserve for bravely stepping forward.