Does FMCSA’s medical card verification program violate HIPAA?
When we shared news of Federal Motor Carrier’s notice to medical examiners and drivers that, during roadside inspections and other carrier investigations, FMCSA would be conducting random verification by phone of medical certifications in an attempt to validate that the DOT exams actually took place, reaction from drivers and other readers was immediate. Most salient among the points of view was the question of whether such requests for information would be in violation of the medical information privacy rules in HIPAA, or the Health Insurance Portability and Accountability Act of 1996.
A commenter identifying himself only as Jeff noted that he holds “a medical license in the state of Pennsylvania” and also drives. “If I would receive a phone call from someone stating that they are an officer,” he said, “I could not legally release any patient information to them because I can not verify who they are or for what reason(s) they are calling. Your medical records in any state are confidential and that is why it is called ‘doctor-patient confidentiality.’”
He then went on, “Also, the offices and doctors that are performing the physicals are not going to take the time to dig through the millions of records that they have in their offices to find one driver’s records.”
FMCSA’s notice of the policy change requested medical examiners’ cooperation on the issue in the first order, however, so they’re at least banking on doctors entertaining the calls and in fact digging through those records. Queried as to the policy, an FMCSA official reiterated that the “policy sets goals for FMCSA and State enforcement personnel to validate [Medical Examiner's Certifications, or MECs] when possible and document their authentication of the MEC, during new entrant safety audits, roadside inspections, compliance reviews, and investigations, in order to mitigate the risk of a driver or carrier presenting a fraudulent or invalid MEC and to ensure consistency with the records of the Medical Examiner.”
Also, he went on to insist that verifying the medical card would not be in violation of HIPAA: “The Agency is not requesting any medically confidential information, which may be covered” by HIPAA, suggesting enforcement personnel would only be looking for confirmation of the examination from the examiner listed on the card, which information officers are of course privy to in the course of inspection.
No response was given to the question of whether tying up the driver at the roadside to confirm the info on the medical card was an appropriate use of agency time, however.
“The company the driver is working for or the owner-operator is leased to is (whoever has the DOT number on the door) responsible for this verification,” wrote a commenter posting as “dotdoctor.” “Why not hold the company accountable for doing its job instead of tying up drivers on the road and running them tighter against their 14-hour window?”
In the end, physical requirements are in place for a reason, noted independent owner-operator Mike “Mustang” Crawford in his commentary below the original post: ”In the mid-60s I had to have physicals to play sports in High School. November 1965 I had to have a physical when I joined the Marine Corps and had to maintain a certain physical ability during my tour of duty. When I was a police officer and a firefighter I had to pass and maintain a required physical status and when I started driving in the 70s I had to pass a physical to get my DOT medical card and have had to get one every two years since then. What’s the big deal? I have to renew my CDL every few years and get a new Medical Card every two years (I keep them both in the same slot in my wallet), and have never had a problem when DOT or police or any one required to see my card. When and if I cannot pass my physical I will not whine and complain that others should pay me a Social Security disability … I will just figure another line of work and do it to the best of my ability.”