Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
39 observes that âHIPAA does not prohibit non- covered entities, such as those organizations that operate electronic health record databases, from disclosing protected health information;â388 that there are also numerous âunrestricted uses of pa- tient information outside of treatment and bill- ing;â and that âas the number of people with ac- cess to patient information increases, so too does the risk that the security of that information may be compromised (citation omitted).â389 Yet another commentator contends that â[g]enerally, it is not the patient who decides how and when disclosure of personal health information occurs. The privacy rule, where applicable, decides (footnote omit- ted).â390 Of course, as discussed in this digest, most states have privacy laws, some of which are more restrictive than HIPAA. Some statesâ laws, more- over, are intended to prevent the further dissemi- nation of a personâs health information, even if the recipient of the information is not subject to HIPAA, without a specific authorization from the subject of the information.391 XV. APPLICABILITY OF OTHER FEDERAL LAWS A. Americans with Disabilities Act and the Rehabilitation Act of 1973 According to HHS, the information protected by the two primary federal disability nondiscrimina- tion laws, the ADA392 and the Rehabilitation Act of 1973,393 âfalls within the larger definition of âhealth informationâ under the Privacy Rule.â394 Although this digest does not involve the pri- vacy of employeeâs health information, it should be noted that HIPAA does not apply to employers, not even to covered entities in their capacity as an employer.395 However, employers such as transit cords, 2007 U. ILL. L. REV. 681, 714 (2007), hereinafter referred to as âTerry & Francis.â 388 Pasternack, supra note 8, at 827. 389 Id. at 828. 390 Ayres, supra note 42, at 982. 391 See Sections XVI.CâXVI.E. 392 42 U.S.C. § 12101, et seq. (2013). 393 29 U.S.C. § 701, et seq. (2013). 394 65 Fed. Reg. 82485. See also the Workforce In- vestment Act of 1988, 29 U.S.C. § 2938 (barring dis- crimination on the basis of disability). 395 U.S. DEPâT HEALTH AND HUMAN SERVICES, OFFICE OF THE SECRETARY, 45 C.F.R. PARTS 160 AND 164 STANDARDS FOR PRIVACY OF INDIVIDUALLY IDENTIFIABLE agencies âare subject to the federal disability non- discrimination laws and, therefore, must protect the confidentiality of all medical information con- cerning their applicants and employees.â396 More- over, â[i]f an employer-sponsored group health plan is closely linked to an employer, the group health plan may be subject to ADA confidentiality restrictions,â as well as to HIPAA.397 Employers who are at âgreater riskâ for privacy violations are those who are handling health information that is subject to the provisions of the ADA.398 In regard to paratransit and the ADA, several transit agencies responding to the survey ob- served that paratransit services are subject to ADA requirements, in particular parts 27, 37, and 38 of title 49 of the C.F.R. The purpose of Part 27 is to carry out § 504 of the Rehabilitation Act. Sec- tion 27.7(a) of part 27 provides, inter alia, that [n]o qualified handicapped person shall, solely by reason of his disability, be excluded from par- ticipation in, be denied the benefits of, or other- wise be subjected to discrimination under any program or activity that receives Federal financial assistance administered by the Department of Transportation. Part 37 establishes the requirements for com- plementary paratransit service399 and the ADA paratransit eligibility standards.400 Under 49 HEALTH INFORMATION; FINAL RULE, 67 Fed. Reg. 53182, 53192 (Aug. 14, 2002), available at http://www.gpo.gov/fdsys/pkg/FR-2002-08-14/html/02- 20554.htm. 396 65 Fed. Reg. 82485-82486. 397 Id. at 82486. Covered entities under HIPAA that receive federal financial assistance are subject to § 504 of the Rehabilitation Act and its regulations. See 29 U.S.C. § 794 (2013). The regulations impose restrictions on recipients of federal funds concerning âthe disclosure of medical information regarding persons who apply to or participate in a federal financially assisted program or activity.â Id. 398 Philip Gordon, Two Recent Decisions Illuminate for Employers the Broad Contours of ADA Confidential- ity vs. the Narrow Boundaries of HIPAA Privacy (July 22, 2011), hereinafter referred to as âGordon,â available at http://www.littler.com/2011/07/articles/federal- privacy-laws/two-recent-decisions-illuminate-for- employers-the-broad-contours-of-ada-confidentiality-vs. 399 49 C.F.R. § 37.121 (2013). 400 49 C.F.R. § 37.123 (2013). The section states: (a) Public entities required by § 37.121 of this subpart to provide complementary paratransit service shall pro- vide the service to the ADA paratransit eligible indi- viduals described in paragraph (e) of this section. (b) If an individual meets the eligibility criteria of this section with respect to some trips but not others, the in-
40 C.F.R. § 37.125, each entity that must provide complementary paratransit must establish a proc- ess for determining ADA paratransit eligibility. The process strictly limits ADA paratransit eligi- bility to individuals described in 49 C.F.R. § 37.123. Section 37.131 of title 49 of the C.F.R. es- tablishes the service criteria for complementary paratransit service under the ADA. Part 38 of ti- tle 49 of the C.F.R. provides minimum guidelines and requirements for accessibility standards un- der the ADA. If a state uses FTA § 5311 funding to pay a pri- vate entity to operate a fixed route service, the department of transportation (DOT) disability nondiscrimination regulations regarding comple- mentary paratransit service are applicable. Al- though state and local governments may delegate the performance of ADA functions to private enti- ties, public entities must continue to fulfill their responsibilities to provide service to passengers. When a public entity enters into a contractual or other arrangement (including, but not limited to, a grant, subgrant, or cooperative agreement) or relationship with a private entity to operate fixed route or demand responsive service, the public entity shall ensure that the private entity meets the requirements of this part that would apply to the public entity if the public entity itself provided the service.401 Transit agencies responding to the survey re- ported that they maintain strict confidentiality of their patronsâ health information that is provided for certification for paratransit service.402 How- ever, the term âprivacyâ appears only once in part 37: âAll documents and other information concern- dividual shall be ADA paratransit eligible only for those trips for which he or she meets the criteria. (c) Individuals may be ADA paratransit eligible on the basis of a permanent or temporary disability. 401 49 C.F.R. § 37.23(a) (2013). See FTA, Paratransit Requirements for § 5311-Funded Fixed-Route Service Operated by Private Entities, available at http://www. fta.dot.gov/12325_3892.html. 402 Response of EBPC (stating that the agency is re- quired to follow all regulations under the ADA); Re- sponse of KAT (stating that the ADA applies âonly in how it relates to paratransit requirementsâ); Response of Pierce Transit (stating that that âDOT/ADA Rules require a paratransit eligibility process which has re- quired Pierce Transit to handle HIPAA-related infor- mationâ); and Response of Whatcom (stating that it is subject to DOT and ADA laws and regulations and that it collects and maintains files âin accordance with ADA and DOT regulations for the specific purpose of author- izing and providing complementary paratransit service for disabled passengersâ). ing the planning procedure and the provision of service shall be available, upon request, to mem- bers of the public, except where disclosure would be an unwarranted invasion of personal privacy (emphasis added).â403 The term âprivacyâ does not otherwise appear in parts 27, 37, and 38, nor do the terms âconfidential,â âmedical,â âhealth,â âhealth information,â âhealth records,â or âphysi- cian,â or for that matter âHIPAA.â Metro Transit reported that it maintains the confidentiality of its records in accordance with the ADA Paratransit Eligibility Manual. In a sec- tion entitled âObserving Privacy Rightsâ the Man- ual states that [t]he medical information that may be gathered as part of the ADA paratransit eligibility certification process should not be shared with any other party. This would in- clude specific diagnosis provided by professionals and in- formation about the nature of disabilities provided by the applicant. Access to eligibility files should be limited and those with access to these files should be informed and instructed to respect the privacy of applicants. This should include in-house staff as well as any third-party contractors used in the determination process.404 According to the Manual, health information obtained for certification may be shared with other transit providers, such as when they âcall to obtain more detailed information about a personâs ability to travel if that person has requested ser- vice in another area as a visitor.â405 EBPC stated that it receives and maintains certain health information on riders that are cer- tified to use the ADA paratransit program, infor- mation that comes directly from the applicant and that on occasion is verified by a medical profes- sional. EBPC also reported that for the purpose of scheduling rides for certified riders âan electronic client file is established in the database. The cli- ent file only contains information necessary for the riderâs trip to be scheduled in a way that is safe for the rider and the driver.â406 Information in the database that may be shared with a driver includes whether mobility devices are used; whether a service animal accompanies a rider; whether a rider has vision issues; whether a rider travels with a personal care attendant; whether a rider may never be left alone; whether a rider is 403 49 C.F.R. § 37.137(b)(2) (2013). 404 U.S. DEPâT OF TRANSPORTATION, AMERICANS WITH DISABILITIES ACT (ADA) PARATRANSIT ELIGIBILITY MANUAL, (DOT-T-93-17, Sep. 1993), hereinafter re- ferred to as the âADA Paratransit Eligibility Manual,â available at http://ntl.bts.gov/DOCS/ada.html. 405 Id. 406 Response of EBPC.