MLB suspensions vs. HIPAA laws

Factual Questions
1

Forgive me if this was already asked and answered as an aside to the MLB suspensions that were handed out today against A-Rod and others…

With regard to this whole MLB steroids affair, is it my understanding that a clinic in Florida (Biogenesis) got busted for providing steroids to numerous baseball players. To lessen the charges against them, the clinic then agreed to cooperate with the investigation and provide a list of their other patients.

Now I understand that the steriod use is illegal, but my understanding of the Health Insurance Portability and Accountability Act (HIPAA) makes you (the baseball player, in this case) the owner of your healthcare information, which includes the information that makes you personally identifiable. As such, how was the clinic able to offer this up to the investigators? I thought you, as a patient, were protected from someone revealing this information unless it was a matter of public health (e.g. you had some wildly contagious disease that may have infected others) or were a threat to national security (e.g. Osama Bin Laden was getting steroid injections too). I don’t remember getting illegal drugs being a qualifier for relase of this data. So I figure it’s one of a few senarios:

  1. I’m mistaken on the HIPAA law and the fact it was illegal drug use allows the clinic to reveal the medical record. Or that illegal drug use does not count as part of your medical record.

  2. The MLB players sign some kind of release in their contract that expressly allows access to their medical record for purposes of illegal drug use.

  3. It is all hearsay that is causing the players to get ratted out. That is, one of the players admits it, then rats out another player who they know went who admits it, and the clinic is only confirming the data once the players self-incriminate.

As an aside, if I was in the business of taking illegal steroid injections as a patient that could end my career in baseball, wouldn’t I ALSO be in the business of making sure there was no paperwork that tied my name to the clinic for just this reason? I would think the records would just say I was patient #29 so they knew what I had been given so that if anyone accused me, even if I was recognized, I could just say “Hey lot’s of people look like me (A-Rod). I was at home that weekend with (fake alibi) friends, and how dare you accuse me of this crime!”

2

Google “hipaa and subpoena” and you’ll see plenty of discussion of how a health care organization should respond, under HIPAA, to subpoena’s and court orders for information.

Basically, there are ways that either a subpoena or court order trumps HIPAA privacy rules.

3

^^^that. The lab can’t give out the info on their own, but they can be required to by a court.

4

Steroid use and HGH use and so on are entirely legal with a prescription. I don’t know if Biogenesis had valid prescriptions. The guy who ran the clinic was not a doctor, but his father is/was. What happened here is that after the clinic closed, a former employee took a bunch of its records to a Florida newspaper because he was angry he hadn’t been paid and knew this would be a big story. Those documents identified a bunch of players by name. Major League Baseball then sued the former director of the clinic and he agreed to turn over more documents to get them to drop the lawsuit. He’s also being investigated by the government, I think. I have no idea how if there’s a HIPAA issue here because I don’t know if these are legitimate medical records. It’s not like these guys were getting steroids and HGH through their insurance. They were paying under the table for stuff they knew was against the rules established by Major League Baseball.