(CN) – Federal medical-privacy laws do not preempt California’s own rules against doctors disclosing patient information to debt collectors, the state Supreme Court ruled.
The unanimous court revived Robert Brown’s longtime crusade to hold dentist Rolf Reinholds accountable under California’s Confidentiality of Medical Information Act.
Way back in 2000, Reinholds billed Brown $600 for a permanent dental crown that Brown claimed he never received. Brown refused to pay the bill, and Reinholds sent the matter to a bill collector and a credit agency, along with a copy of Brown’s dental charts and the charts of Brown’s minor children.
Debt-collector Stewart Mortenson in turn disclosed the Browns’ confidential medical information to the consumer-reporting agencies Experian, Equifax and Trans Union, and also sent along the family’s Social Security numbers, dates of birth, addresses, telephone numbers and entire dental histories.
After two years of repeated, unsuccessful demands that Mortensen stop the unauthorized disclosures, Brown sued Reinholds and Mortensen, alleging violations of the Confidentiality Act, which generally prohibits the unauthorized dissemination of medical information.
The trial court found Brown’s claims too vague and dismissed them. The Court of Appeal affirmed, though for different reasons. It ruled that Brown’s state law claims were preempted by the federal Fair Credit Reporting Act (FCRA).
Not so, the state’s high court said Thursday.
Congress chose not address “the scope of a medical provider’s duties when furnishing information to a consumer reporting agency” in the FCRA, the court found. And while Congress did address the issue somewhat in the Health Insurance Portability and Accountability Act (HIPAA), it simultaneously allowed “states to continue to regulate to the extent they desired to enact more stringent, privacy-favoring legislation,” according to the ruling.
We see no plausible basis for reading into [sections of the FCRA] which are silent on the duties of a furnisher to preserve medical confidentiality, a clear and manifest congressional intent to preempt state legislation on that topic, when the same Congress in HIPAA had just authorized and encouraged further state regulation of such matters,” Justice Kathryn Mickle Werdegar wrote for the court. “Far more credible is to assume Congress intended preemption only with respect to the specific furnisher duties for which it adopted standards … while leaving to other laws and their preemption provisions or savings clauses the task of articulating additional, more general duties and identifying what the several states’ role might be in enacting supplemental legislation.”
The court concluded that the FCRA “preempts state law claims only insofar as they arise out of a requirement or prohibition with respect to the specific furnisher duties regulated by section 1681s-2, i.e., the duties to provide accurate information and to take action upon being notified of a dispute.”
Mortensen argued that Brown’s claims should still be preempted, then, because Brown complained to the consumer reporting agencies that Mortensen’s disclosures were inaccurate, and because Brown claimed that Mortensen misled those agencies.
The court disagreed.
“This contention mistakes the nature of a Confidentiality Act claim, both in the abstract and as pleaded,” the ruling states. “As noted ante, that the information disclosed was inaccurate is not an element of a claim: the Confidentiality Act requires only that the disclosure, whether true or not, occurred without authorization.”