Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
54 right of action under HIPAA.584 Finally, transit agencies responding to the survey did not report any claims in tort or contract having been brought against them by a patron concerning a disclosure of health information received or maintained by an agency. E. Defenses Asserted by Defendants 1. Immunity Although beyond the scope of this digest, tran- sit agencies subject to a tort claims act or a gov- ernmental immunity act will want to determine whether they have immunity for tort claims in- volving the handling of patronsâ health informa- tion. In Di Genova, the court ruled that even if a disclosure of the plaintiffâs records was a tort un- der District of Columbia law, liability would be barred by the Federal Tort Claims Act (citations omitted).585 Individual defendants may be shielded as well from alleged violations of a constitutional right of privacy. For example, in Rhoades, the court dis- missed claims against the individual defendants: Governmental actors performing discretionary functions are shielded from liability for civil dam- ages insofar as their conduct does not violate clearly established statutory or constitutional rights of which a reasonable person would have known (citations omitted).586 The court held in Rhoades that the individual defendants were entitled to qualified immunity, because the defendants at the school where Rhoades was a student would not have known whether the constitutional right that was alleg- edly violated was a clearly established constitu- tional right.587 2. No Vicarious Liability Under applicable state law a transit agency may not be liable necessarily for the actions of an employee that were not foreseeable and that were not within the scope of the personâs employ- 584 See Section XIII.B of this digest. 585 Di Genova, 642 F. Supp. at 633 (holding that 28 U.S.C. § 2680(a) âexcludes from FTCA coverage âany claim based upon an act or omission of an employee of the Government, exercising due care, in the execution of a statute or regulation, whether or not such statute or regulation is validââ). 586 Rhoades, 574 F. Supp. 2d at 911. 587 Id. ment.588 As held by a New York court, an em- ployer is not vicariously liable for tortious action that an employee committed for personal motives that were unrelated to the furtherance of the em- ployerâs business.589 3. Absence of Compensable Damages Even if a claim in tort or contract is possible it may be difficult for a plaintiff to prove damages because of the difficulty in placing a value on an individualâs health information or on the injury suffered by a plaintiff caused by an improper dis- closure.590 In Steinberg, one of the reasons for the dismissal of the claim was the failure to show that the information had a âcompensable value.â591 XVIII. HIPAA AND TRANSIT REGISTRIES OR DATABASES FOR EMERGENCY PLANNING AND OPERATIONS Another issue for transit agencies concerns the effect of HIPAA and emergency planning and op- erations that may require or result in the disclo- sure of a patronâs health information during an emergency. Fourteen transit agencies having health information on patrons stated that they do not have a plan or policy for the handling of 588 Guthrie Clinic, Ltd., 2012 U.S. Dist. LEXIS 20507 at 10, 11â12 (citing Murray v. Watervliet City School Dist., 130 A.D. 2d 830, 515 N.Y.S.2d 150, 152 (N.Y. App. 1987); Ello v. Singh, 531 F. Supp. 2d 552,582 (S.D. N.Y. 2007); and Naegele v. Archdiocese of New York, 39 A.D. 3d 270, 833 N.Y.S.2d 79, 80 (N.Y. App. 2007)). 589 Yildiz v. PJ Food Service, Inc., 82 A.D. 3d 971, 918 N.Y.S.2d 572, 574 (N.Y. App. 2011). 590 Pasternack, supra note 8, at 837â38 (stating that âthe value of oneâs private information [is] difficult to quantifyâ). 591 Steinberg, 899 F. Supp. 2d at 339 (citing La Court v. Specific Media, Inc., 2011 U.S. Dist. LEXIS 50543 (C.D. Cal. 2011) (holding that the defendantâs practice of collecting the plaintiffsâ Web browsing histories could not give rise to a finding of monetary injury as practice did not deprived the plaintiffs of informationâs economic valueâ); In re JetBlue Airways Corp. Privacy Litig., 379 F. Supp. 2d 299, 327 (E.D.N.Y. 2005) (personal informa- tion of individual airline passengers has no âcom- pensable value in the economyâ); In re DoubleClick Inc. Privacy Litig., 154 F. Supp. 2d 497, 525 & N 35 (S.D.N.Y. 2001) (â[A]lthough demographic information is valued highlyâ¦, the value of its collection has never been considered an economic loss to the subject. â¦[W]e are unaware of any court that has held the value of this collected [demographic] information constitutes damage to consumers or unjust enrichment to collectors.â). See Steinberg, 899 F. Supp. 2d at 340.
55 health information when providing patrons with transportation during an emergency.592 Guidelines issued by the Federal Emergency Management Agency (FEMA) set forth the means for coordinating federal assistance to supplement state and local resources when there is an emerg- ing or existing health and medical emergency.593 When local transportation assets are not suffi- cient to meet demand, requests for federal medi- cal transportation assistance are coordinated with the Department of Homeland Security and FEMA, including accessible transportation for âmedical needs populations.â594 The DOTâin collaboration with the Depart- ment of Defense, the General Services Admini- stration, and other agencies providing transporta- tionâfurnishes logistical and technical assistance for all types of transportation, including air, rail, marine, and motor vehicle and for accessible transportation, as well as other support (e.g., sup- plies, equipment, blood supplies) from DOT re- sources.595 A question that has arisen is whether transit agencies may create and maintain a registry or database of patrons with medical needs or physi- cal limitations who would require transportation during an emergency. One study states that there is âno generally accepted practiceâ on having a registry of patrons or others who would need as- sistance in an emergency.596 However, [s]ome operators may find it useful to maintain data on customers who will have special needs during an emer- gency, while others may find it useful to work with other agencies on creating a registry of a wider population of people with disabilities. A registry established by a para- transit system should probably be limited in purpose to determining individuals who will need continuing urgent 592 One agency reported that it did not provide âsame day emergency transportation.â Response of Utah Tran- sit. Two agencies having health information on patrons did not respond to the question. 593 FEDERAL EMERGENCY MANAGEMENT AGENCY, ANNEX #8, EMERGENCY SUPPORT FUNCTIONâPUBLIC HEALTH AND MEDICAL SERVICES ANNEX, hereinafter re- ferred to as âFEMA Emergency Support Annex,â avail- able at http://www.au.af.mil/au/awc/awcgate/frp/ frpesf8.htm. 594 Id. 595 Id. 596 Nelson\Nygaard Consulting Associates, MTC/Bay Area Partnership Paratransit Technical As- sistance Program, Guidance for Paratransit Emergency Planning, at 22 (Sep. 2008), hereinafter referred to as âGuidance for Paratransit Emergency Planning,â avail- able at http://www.nelsonnygaard.com/Documents/ Reports/Para-Emer-Plng-Guidance_REPORT.pdf. transportation during an emergency (e.g. for dialysis) as- suming the paratransit system is able to continue func- tioning at a reduced level of operations.597 The same source cautions, however, that the creation of a registry may raise âissues of privacy, whether the information could be shared with other agencies involved in emergency response, and whether transit agencies are the appropriate entity to develop such registries.â598 Although âsome transit agencies [in Florida] annually ask their paratransit customers about evacuation needsâ¦others consider this an intrusion on cus- tomersâ privacy,â apparently out of concern caused by HIPAAâs Privacy Rule.599 As discussed below, based on information from HHS, another source concludes that the HIPAA Privacy Rule does not affect the ability of transit agencies to create a registry for use during an emergency. A study on paratransit emergency planning notes that standard operating procedures adopted by the North County Transit District (NCTD) and the Metropolitan Transit System (MTS) in Cali- fornia recommend the creation of a centralized database.600 The database would document the needs of patrons based on information from group homes, assisted living facilities, nursing homes, and other sources.601 The study, which concludes that HIPAA is not an obstacle to developing a reg- istry, relied on information provided by HHS. HHS explains that â[t]he Privacy Rule does not apply to all persons or entities that regularly use, disclose, or store individually identifiable health information. â¦For example, the Privacy Rule does not limit the disclosure of information by so- cial service agenciesâ¦[or] paratransit authori- tiesâ¦.602 Thus, according to HHS, a âsocial ser- vices agency (that is not a covered entity) that maintains a list of names, addresses and limita- tions of persons with disabilities in an area may release the information to a transportation con- tractor without regard to the HIPAA Privacy 597 Id. 598 Id. at 20. 599 Id. at 20â21. 600 Id. at 21. Attachment 1 to the study is the North County Transit District and Metropolitan Transit Sys- tem (San Diego): Standard Operating Procedures: Dis- aster Awareness/Response Action Plan & Assessment of Need. 601 Id. at 20. 602 Id. at 21 (citing U.S. DEPâT OF HEALTH AND HUMAN SERVICES, DISCLOSURES FOR EMERGENCY PREPAREDNESSâ A DECISION TOOL, available at http://www.hhs.gov/ocr/hipaa/decisiontool).
