Nearly everyone who works in healthcare and has access to medical records is at least vaguely aware of HIPAA – short for the Health Insurance Portability and Accountability Act of 1996 – which, among other things, protects the privacy of patient medical records and creates consequences for those medical and administrative professionals and employees who violate its privacy rules. But, at the same time, you may have heard that there are significant financial incentives available to those healthcare workers who have the courage and willingness to provide evidence of Medicare and Medicaid fraud to the federal government (False Claims Act whistleblower rewards made to individuals often reach into the millions of dollars). Which raises the question of whether a person who reports Medicare or Medicaid fraud based on patient records will violate HIPAA. The short answer is no, an employee or business associate will not violate HIPAA so long as the proper procedures are followed.

HIPAA Allows Whistleblowers to Come Forward

Violation of HIPAA by sharing private medical information can result in a fine of $100 to $50,000 even when the offender was unaware of the violation, with much higher fines possible for disclosures based on willful neglect and/or repeated violations. Criminal penalties can follow as well.

But federal law very clearly allows exceptions for sharing of private medical information for a wide variety of lawful purposes. One of the purposes for which sharing of otherwise private information is allowed is when there is a good faith belief that the healthcare-related entity:

has engaged in conduct that is unlawful or otherwise violates professional or clinical standards, or that the care, services, or conditions provided by the [HIPAA-covered] entity potentially endangers one or more patients, workers, or the public…

Because Medicare and Medicaid fraud is, by definition, “conduct that is unlawful” it is therefore lawful for either employees of the entity or “business associates” of the entity (which might include customers, contractors, suppliers, and others) to report information to either: 1) a health care oversight agency or public agency tasked with monitoring healthcare fraud; 2) a health care accreditation organization; or 3) an attorney retained by the employee or business associate.  

Why Speaking With a Whistleblower Attorney is Your First Step

Thus, based on the law, it is appropriate and lawful for a workforce member or a business associate of a healthcare organization to provide information to an attorney relating to potential Medicare or Medicaid fraud.

In fact, by contacting an attorney first, you can speak with a trusted professional who can:

  • Speak with you in a 100% confidential consultation, meaning your employer or others will not know that you spoke with an attorney or what was said
  • Provide you counsel on how to properly transmit the records for the attorney’s confidential review
  • Assess whether the records indicate that laws have been broken and thus whether you might be eligible for a significant financial recovery via a False Claims Act (FCA) claim, and
  • Guide you through all further steps on how to pursue a claim while avoiding retaliation and other interruptions to your life, and at the same time acting in accord with all federal and state laws

Work with Experienced Whistleblowing Attorneys You Can Trust

At Kreindler & Associates, we understand that the decision to become a whistleblower is not an easy one. The government relies on courageous insiders like you to come forward with information that can stop harmful Medicare fraud. Our experienced healthcare fraud attorneys will work with you every step of the way to determine your appropriate course of action, protect you from retaliation, and collect your much-deserved reward. If you suspect that someone is committing Medicare fraud, contact us today for an evaluation of your allegations.