Is the Department of Veterans Affairs hiding behind HIPAA to hit federal whistleblowers?

HIPAA is the Health Insurance Portability and Accountability Act. It protects the privacy of patients’ health information. It is not meant to be a weapon against federal employees who expose wrongdoing at VA or anywhere else.

Citing patient privacy, managers have threatened VA employees or retaliated against those who complain about agency misconduct, according to a key congressman and the union that represents most of the department’s employees.

“VA routinely uses HIPAA as an excuse to punish into submission employees who dare to speak out,” said Rep. Jeff Miller
(R-Fla.), chairman of the House Committee on Veterans’ Affairs. He is leading a probe into the coverup of long wait times for VA patients.

David Borer, the American Federation of Government Employees’ top lawyer, listed a number of cases involving a VA claim of patient privacy used to stifle whistleblowers in a June letter to the department.

“We routinely hear from our members who wish to make disclosures about problems with the patient care system and other conduct within the VA,” he told VA’s general counsel. “Most are reluctant to do so both because of a history of reprisals by VA management, and because of recent experience with laws designed to protect patients which are instead being used as a sword against employees by VA management.”

The Office of Special Counsel (OSC), which investigates whistleblower retaliation cases, is “very concerned about the misuse of HIPAA,” said Eric Bachman, an OSC deputy special counsel. “The potential chilling effect of even a small number of these HIPAA retaliation cases is a serious issue and one that should be addressed by the VA in short order.”

Many veterans praise, and in fact their representatives have testified about, the high-quality care the department provides — once they get it. But the ongoing scandal has terribly eroded trust in the agency, even from its own staff.

VA managers don’t seem to know or care that employees are allowed to use patient information when informing appropriate authorities about misconduct. “If VA cannot protect whistleblowers who reveal corruption it is not a system worth saving,” Miller said in a letter to President Obama earlier this month.

Veterans Affairs’ general counsel’s office has not yet answered Borer’s letter. But he did hear from the department’s Office of Inspector General (OIG), which said “an employee can legally provide any VA record to the VA OIG.”

Valerie Riviello is one VA employee who felt the lash of the department’s culture of retaliation.

A registered nurse at the Albany Stratton VA Medical Center in Upstate New York, Riviello said she was threatened with suspension and stripped of managerial duties after she complained last November about how a veteran was treated.

Riviello said the vet was unnecessarily restrained, with an arm and leg strapped to bedposts.

“They scared the hell out of me,” Riviello said with worry clear in her voice. “They sent me a letter saying I could go to jail.”

That threat came in the form of an e-mail to Riviello’s lawyer, Cheri L. Cannon, a partner with the Tully Rinckey law firm. The VA e-mail said that information Riviello provided Cannon “unlawfully includes medical records of a VA patient” and noted that violating HIPAA “is a felony offense subject to imprisonment and a fine of up to $250,000.”

“Case law clearly says” an employee can provide that kind of information to her lawyer, Cannon said. So do Department of Health and Human Services regulations, which allow “disclosures by whistleblowers” to “an attorney retained by or on behalf of the workforce member.”

The Department of Veterans Affairs’ strong-arm tactic left Cannon as angry as Riviello was frightened.

“They are trying to intimidate her,” Cannon said. “They are trying to scare her. It is reprisal for whistleblowing.”

In another case, Katherine Mitchell, a VA doctor in Phoenix, said that shortly after she complained to the Veterans Affairs inspector general about safety concerns, the department punished her, citing patient privacy.

“I was placed on administrative leave for about a month and investigated for alleged wrongdoing for including truncated patient information in the confidential OIG complaint submitted through approved channels,” she told the House committee last month.

Acting VA Secretary Sloan Gibson told the Senate Veterans Affairs Committee this week that the department is working to regain its squandered trust.

“We apologize to our Veterans, their families and loved ones, Members of Congress, Veterans Service Organizations (VSO), and to the American people,” Gibson’s statement said.

That’s all good, but he left out an important group.

VA whistleblowers deserve an apology, too.

Twitter: @JoeDavidsonWP

Previous columns by Joe Davidson are available at