Comment by dijksterhuis
4 hours ago
> The Chesa Boudin DA "misrepresentations" document, linked towards the end of this story, is weak, bordering on Trumpian.
Are we reading the same document?
The first example is almost a perfect example of what's stated in TFA. Lim is incredibly aggressive in making her argument, and not an argument based on real evidence.
Scanning through the rest, it reads as much the same.
Direct gdrive link for those who don't want to go back and scroll through the article again: https://drive.google.com/file/d/1VZKYxe0oGq7HeC5Kj2lxf-X55r4...
edit:
> At one point it accuses Lim of "violating HIPAA", which is not a thing† (HIPAA constrains covered entities, not reporters).
Ehhhhh. I diagree with that reading. There's a clarification bullet point two lines down from the headline bullet (page 3). Emphasis mine.
> This suggests Ms. Lim was received a patient’s privileged medical records from another unauthorized source in violation of HIPAA.
I read this as the unauthorized source is violating HIPAA. But I guess neither of us are lawyers. So...
> Direct gdrive link
I'm confused where this came from. I cannot find this link in the original article as submitted:
https://radleybalko.substack.com/p/truth-power-and-honest-jo...
The most I can find is "But I found another place where someone has posted all 81 pages. It’s here. Feel free to look them over."
Where "here" links to:
https://www.documentcloud.org/documents/21011168-responsive-...
That is the 81 page PDF referred to multiple times in the article and is titled "Responsive Records Lim - Balko correspondence_Redacted". I don't see "HIPAA" appear in it anywhere. Toward the end of that document on page 69 is a screenshot of a text that includes a Word attachment titled "Dion Lim Misrepresentati...". After that are screenshots that are excerpts of the gdrive document that you linked, but the HIPAA accusation is not in any of those screenshotted excerpts.
So how did tptacek even come across the HIPAA accusation, and how did you find the document that you linked that contains it?
Edit: ah, it's linked from this sentence "But in the interest of transparency, I’m posting it as well. You can read it here." where "here"[^1] links to the gdrive document.
Sheesh.
[^1]: Pet peeve - you've failed HTML 101 if you use "here" as a link. A few sentences earlier in that paragraph is the text that should've been the link text: 'the “Dion Lim Misrepresentations” document that Tan mentions in his post'.
That's an extremely charitable read of a DA's office alleging lawbreaking. I really think you have to kind of slant your head and squint to come away with the impression that that section isn't about Lim, but rather the unnamed medical office.
A. That's how I read it too. B. You can be criminally liable for HIPAA violations, if you induce someone covered by them to violate them. See for example https://www.justice.gov/usao-nj/media/1254226/dl (indictment of KEITH RITSON)
"COUNT 2 (Conspiracy to Wrongfully Obtain and Disclose Individually Identifiable Health Information) 19. Paragraphs 1-3 and 5-18 of Count 1 of this Superseding Information are hereby realleged and incorporated as though set forth in full herein. 20. At all times relevant to this Superseding Information: a. The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) protects individually identifiable health information from wrongful disclosure or obtainment and seeks to set national standards to maintain patient confidentiality. b. In connection with HIPAA, the United States Department of Health and Human Services enacted regulations to safeguard the privacy of patients’ medical records and limit circumstances in which individually identifiable health information or protected health information can be used or disclosed. The HIPAA law and privacy regulations apply to, among others, health care providers, such as medical doctors, who transmit health information in connection with a transaction covered by the law and privacy regulations. c. Frank Alario, who is listed as a co-conspirator with respect to Count 2 of this Superseding Information but not as a defendant herein, was a health care provider and a covered entity under the HIPAA law and privacy regulations.
21. From in or about August 2014 through in or about February 2016, in the District of New Jersey, and elsewhere, defendant KEITH RITSON did knowingly and intentionally conspire and agree with Frank Alario and others to commit offenses against the United States, that is, to knowingly and without authorization obtain individually identifiable health information and protected health information to another person, and to knowingly and without authorization disclose individually identifiable health information and protected health information maintained by a covered entity relating to individuals, contrary to Title 42, United States Code, Section 1320d-6."
Is there a fact pattern where Lim could have bank-shot criminal liability despite not herself being a covered entity? Probably? She could have misrepresented who she was and obtained the records through fraud, for instance. Again, my thing here is, if you're going to put those kinds of accusations on the table, and you're a district attorney, you'd better come correct. The facts presented in the document the DA's office shared are not sufficient to allege wrongdoing by Lim.
4 replies →
As i said, neither of us is lawyers. Neither of us are experts in what a DA's office has written, and what that writing should be interpreted as under the law. Perhaps a more charitable reading is what is called for, given we're not experts in the domain.
i don't know about you, but i'm pretty confident a DA's office has a much better idea than me about what each of the HIPAA sentences in the document translate to in terms of "allegations".
The question you're raising isn't a legal one, at least as I understand it. I read you to be saying "the reasonable take on this document is that they are saying SOMEONE violated HIPAA, but not Lim".
That's a question about messaging, not the law.
1 reply →