SACRAMENTO—The ACLU of Northern California (ACLU-NC), along with Lambda Legal and HIV & AIDS Legal Services Alliance (HALSA), are asking for an explanation why, beginning in 2007, the state’s Medi-Cal program provided the “unauthorized and illegal disclosures of confidential identifying information of approximately 5,000 HIV-positive Medi-Cal recipients” to the AIDS Healthcare Foundation (AHF).
The request for an explanation was sent in a letter yesterday to David Maxwell-Jolly, director of the California Department of Health Care Services (Medi-Cal), the ACLU said in an announcement issued Thursday.
According to the statement, Lambda Legal and ACLU-NC became aware of the breach during discussions about AB 2590, a bill which would have diluted confidentiality protections under California law for those with HIV/AIDS and would have legalized the release of such information to an HIV/AIDS service provider, with the patient him/herself having no recourse to protect his/her confidentiality. Despite the fact that current law forbids unauthorized disclosures about a person's HIV status, Medi-Cal is being accused of releasing confidential identifying information about HIV-positive recipients “without authorization or proper limitations on how that information was to be used by a private organization, the AIDS Healthcare Foundation.”
The three groups are demanding that Medi-Cal comply with California law and stop releasing information to third-party service providers, and also provide a full accounting of exactly what information it has released.
"The state stepped out of bounds when it disclosed the confidential records of HIV-positive Medi-Cal patients, even including their contact information," said Elizabeth Gill, staff attorney at the ACLU of Northern California. "Medical records contain highly sensitive and personal information, and DHCS had no right to give out that information without people's permission."
Peter Renn, staff attorney with Lambda Legal, agreed.
"This is not just a violation of people's privacy, it's a violation of California law," he said. “HIV is still a highly stigmatized disease, something the state agency seems to have conveniently forgotten. Especially for those who are extra vulnerable—like many who depend on Medi-Cal for their essential medical care—it is critical to prevent improper disclosures of private health information, such as one's HIV status. Of course we all want people with HIV to be able to access quality health services. But that does not require stripping patients of control over their own medical information and exposing them to greater likelihood of stigma and discrimination."
In a response posted to its website on Friday, AHF defended the release of the confidential information, and accused the three legal groups of being willing to sacrifice “the health and wellbeing of low-income California HIV/AIDS patients with hypothetical [sic] scenarios of breaches of patient privacy.”
AHF, which accuses the ACLU letter of containing no actual privacy complaints from patients, says that the groups are accusing California health officials of violating “a 25-year-old privacy law that was enacted well before HIV became a treatable disease with the advent and widespread use of lifesaving antiretroviral treatment in 1996.”
AHF also complained that it was forced to end its Positive Healthcare Disease Management program operation at the end of that 2009 because it could not “obtain sufficient information to successfully contact this vulnerable, underserved population,” presumably because Medi-Cal stopped providing it. A similar program in Florida, it claims, has been successful because the state agency there is more compliant.
“We care for over 22,000 HIV/AIDS patients throughout the United States, so we are of course concerned with and honor patient privacy along with HIPPA compliance,” said Whitney Engeran-Cordova, senior director of public health for AIDS Healthcare Foundation.
“When privacy trumps prudent public health and the provision of lifesaving care, we’ve gone too far,” said Michael Weinstein, president of AIDS Healthcare Foundation. “It appears the ACLU and its cohorts are ready, willing and able to sacrifice the lives of thousands of vulnerable California AIDS patients on the altar of its own outdated and overblown privacy concerns. Should they prevail, it will be a hollow victory for these three agencies and a threat to the health and wellbeing of HIV and AIDS Medi-Cal patients throughout California.”
“The understandable but misguided position of these groups is undermining public health,” added Tom Myers, chief of public affairs and general counsel for AHF. “Privacy laws are intended to protect people, not hurt people.”
AHF's position, therefore, appears to be, "Medical privacy violations are okay for me but not for thee." Ironically, it was only in February of this year that AHF sent its own letter asking for an investigation into the activities of the Adult Industry Medical Healthcare Foundation (AIM), which it claimed violated adult performers’ privacy rights by disclosing test results to industry producers. The letter was addressed to the U.S. Department of Health and Human Services, which in late July announced that it had closed its investigation based on the AHF complaint, saying that AIM “is a healthcare provider but does not transmit any health information in electronic form for any of the designated transactions and therefore does not meet the definition of a covered entity.” AHF, it turned out, had filed its complaint with the wrong agency.
In June, however, AHF also sued AIM in Los Angeles Superior Court over its claim of privacy violations, enlisting the help of two former adult performers, Desi and Elli Foxx, as it tried to get the lawsuit certified for “class action” status. The action is perceived by most in the industry as just another route undertaken by AHF to gain control over the industry in order to follow through on its long-running campaign to force a "condom/dental dam/goggles only" policy for sex scenes. Moreover, AIM's patients, unlike Medi-Cal's, voluntarily sign legally compliant disclosure forms so that information about their STD health status can be conveyed to adult producers who may wish to hire them—and to no one else.
In response to a request for comment, Free Speech Coalition Executive Director Diane Duke said, “This is another unfortunate case where the folks at AIDS Healthcare Foundation have taken a stand for whatever profits them, be it a lucrative contract with the state of California concerning HIV-positive Californians, a settlement that brings them a financial windfall from a drug company or co-opting the AIDS Walk from other nonprofit AIDS organizations. It is unfortunate that a nonprofit that should be a trusted entity in our community consistently pops up in these types of scandals.”
The ACLU letter can be read here.