Doctor Fined for Privacy Violations Following Abortion on 10-Year-Old Rape Victim
Dr. Caitlin Bernard, an Indianapolis, IN-based obstetrician-gynecologist has been fined $3,000 by the Medical Licensing Board of Indiana and issued with a letter of reprimand for violating HIPAA and state privacy law after talking to the media about an abortion she provided to a 10-year-old rape victim on July 1, 2022.
Within hours of the Supreme Court’s decision that overturned Roe v Wade and removed the federal right to an abortion, Ohio banned abortions after 6 weeks of pregnancy. Three days later, on June 27, 2022, Dr. Bernard received a call from a child abuse doctor in Ohio about a 10-year-old patient who could not legally have an abortion in Ohio as she was three days past the legal cutoff. The victim then traveled from her home state of Ohio to Indiana to have the procedure performed by Dr. Bernard.
A reporter for the IndyStar overheard a conversation between Dr. Bernard and another doctor at an anti-abortion rally and approached Dr. Bernard and asked for comment. The IndyStar ran a story about the girl and the reduction of access to abortions following the Supreme Court’s decision, and the story rapidly became national news. The case was also referenced on multiple occasions by President Biden. Following the publication of the story, Dr. Bernard provided further statements to the media, was interviewed on national TV networks, and was featured in various media articles, in which Dr. Bernard highlighted the real-world impact of the change to federal law on abortions. In those media interviews, Dr. Bernard confirmed that she had performed an abortion procedure on a 10-year-old patient, but did not disclose the name of the patient.
Shortly after the publication of the IndyStar story, Indiana Attorney General Todd Rokita confirmed in a Fox News interview that Dr. Bernard would be investigated. Rokita filed an administrative complaint with the Medical Licensing Board of Indiana alleging Dr. Bernard had violated HIPAA and state law by failing to get written authorization to release patient information, and that Dr. Bernard had failed to immediately report suspected child abuse to local law enforcement in Indianapolis or the Indiana Department of Children Services. Rokita claimed that Dr. Bernard learned about possible child abuse on June 27, 2022, in a telephone call, yet failed to report it until July 2, 2022, the day after the procedure was performed. As such, the child was returned to the custody of the alleged rapist, where she remained until July 6, 2022. Law enforcement later confirmed, with a 99.99% probability, that the rapist was the child’s biological father, who was charged with two counts of rape in July 2022.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
In a Medical Licencing Board hearing on Thursday, Dr. Bernard’s attorney explained that Dr. Bernard told an IU Health social worker about the case on the same day she received the initial call about the patient, and that discussion was in line with IU Health’s policies. She also confirmed that the abuse was reported on an Indiana state form and that the abuse had already been reported in Ohio where the abuse took place. The IU Health social worker testified that she reported the abuse in Ohio per IU Health policies, as that was where the abuse occurred. Dr. Bernard also confirmed with child protection staffers in Ohio that it was safe for the child to leave with her mother and testified that she did not violate state or federal privacy laws as she did not disclose any identifying information about the patient.
At the hearing, Deputy Attorney General Cory Voight asked Dr. Bernard why she had disclosed information about a real patient, rather than providing a hypothetical situation in her media interviews. “I think that it’s incredibly important for people to understand the real-world impacts of the laws of this country about abortion,” said Dr. Bernard in response. “I think it’s important for people to know what patients will have to go through because of legislation that is being passed, and a hypothetical does not make that impact.”
Andrew Mahler, a former official at the HHS’ Office for Civil Rights was an expert witness for the state and testified that the disclosures made by Dr. Bernard violated HIPAA, as it was certainly possible that the information disclosed by Dr. Bernard – age, state, and gender – would allow the girl to be identified. Paige Joyner, a privacy compliance officer and former OCR auditor, was a witness for the defense and disagreed with Mahler’s view, testifying that the information Dr. Bernard disclosed was not protected health information and that the disclosure was not a HIPAA violation. IU Health agreed and did not believe the HIPAA Rules had been violated. At the hearing, Dr. Bernard defended her right to speak to the media about medical issues when it is in the public interest and her attorney confirmed that there are no laws that prohibit physicians from speaking with the media.
Dr. John Strobel, President of the Medical Licensing Board believed Dr. Bernard disclosed too much information to the IndyStar reporter about the pending abortion and said consent should have been obtained before any information was disclosed. The majority decision of the Medical Licensing Board was the disclosures violated state and federal privacy laws and Dr. Bernard received a $1,000 fine for each of the three privacy violation counts. The Medical Licensing Board found the state had failed to meet the burden for the other two counts on reporting the child abuse and Dr. Bernard being unfit to practice, and therefore did not suspend Dr. Bernard or put her on probation so she is able to continue to practice in Indiana. Dr. Bernard will be given the right to appeal the decision.
