Healthcare Information Security

HIPAA and Compliance News

Patient Privacy, HIPAA Violation Case Argued in Calif. Court

By Elizabeth Snell

A California medical center has gone to court over accusations that it violated patient privacy by releasing a patient’s private medical information.

- Patient privacy rights and HIPAA compliance are taking center stage in a California court, over the issue of whether or not hospital officials had the right to share a patient’s medical records.


Shasta Regional Medical Center officials claim that the patient waived her rights by giving her health information to a news agency. However, the patient’s lawyers argue that the organization had no right to share the records.

Darlene Courtois’ was diagnosed with a form of malnutrition typically seen in famine victims, according to Redding Record Searchlight. In an effort to disprove the accusation that it was overbilling Courtois, Shasta Regional officials brought her medical records to a Record Searchlight editor. Moreover, some records were included in an email sent to hundreds of hospital staff members.

The editor stated that some of the information in the records contradicted statements from a 2011 California Watch piece, and therefore did not publish the information.

In that 2011 California Watch article, a reporter found Courtois and her daughter, Julie Schmitz, while investigating if billing fraud was taking place at Shasta Regional. The reporter asked if anyone was willing to share their medical information. Schmitz reportedly testified last week that her mother panicked after seeing what information was actually published. According to Schmitz, then-Shasta Regional Chief Executive Officer Randall Hempling and Chief Medical Officer Marcia McCampbell shared far more records with Record Searchlight than the 63 pages the two of them showed to California Watch.

The state originally fined Shasta Regional $100,000 for violating patient privacy, but the hospital’s parent company – Ontario-based Prime Healthcare Services – appealed the case.

Shasta Regional admits that its distribution of Courtois’ medical records was in violation of its typical patient privacy policy. However, this particular instance was an exception of the “inflammatory” California Watch article on Courtois’ treatment that the hospital needed to get out. Moreover, Courtois waved her HIPAA privacy rights when she authorized the investigative agency to publish her records, claims Shasta Regional.

“You voluntarily disclosed your medical records as part of an inflammatory news story. … Shasta Regional Medical Center was informed and believed that you had waived your HIPAA rights and in fact wanted your medical records disclosed and examined,” read the Shasta Regional letter to Courtois.

A similar case was decided on earlier this year in Massachusetts. In that scenario, a patient who wished to remain anonymous granted The Boston Globe access to his medical records to prove mistreatment at a mental health facility. Steward Health Care System, which owned the facility, was concerned that the protected health information (PHI) the patient gave the organization, without context, would paint it in a bad light. Steward wanted a judge to let it review the records the patient gave to the Globe and disclose more of the patient’s PHI to refute the patient’s claims.

The judge said he would allow Steward to confirm or deny the allegations but added that he refused to “authorize a wholesale disclosure of medical information bearing on the assessment, diagnosis or treatment of the patient.”



SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks