> And to be honest, I'm surprised that his statements aren't "suable" in some form in the lawsuit happy country that is the United States of America. A friend of mine immediately pointed out to the numerous healthcare privacy laws in place; and another HN commenter pointed out on the original thread the possibility that the employees with the distressed babies would get discriminated against by their coworkers, after Armstrong's statements, due to the fact that they're probably identifiable internally by their team members.
It very well may be a suable violation. HIPAA laws prohibit the "misuse and disclosures of PHI", and PHI includes a person's payment history, not just their medical records[1]. Such a breach by a covered entity is a criminal offence that can result in jail time by the offending employee[2]. As AOL isn't a covered entity (e.g. healthcare provider, insurance company, etc), I'm not sure whether it could be applied directly to Armstrong. You can probably push a HIPAA violation to the insurance company, however, as Armstrong most likely was told of these cases as the basis for group rate spikes during their insurance contract re-negotiation.
And those are just justifications related to violating patient privacy laws. I'm sure a lawyer could also make a pretty strong case against Armstrong personally for defamation.
IANAL, most of my knowledge of HIPAA compliance comes from Business Law classes and required trainings when I worked for a healthcare/hospital system.
However, AFAIK that would make them a covered entity. As a payor, they would have direct access to their employee's medical records. Whereas under normal circumstances, the payor/insurer only provides the employer non-PHI data such as enrollment/disenrollment info and summary data (at an aggregate level) to support pricing discussions, which is why they aren't usually a covered entity. You can find a good write-up on HIPAA requirements for self-funded insurance plans here[1].
It very well may be a suable violation. HIPAA laws prohibit the "misuse and disclosures of PHI", and PHI includes a person's payment history, not just their medical records[1]. Such a breach by a covered entity is a criminal offence that can result in jail time by the offending employee[2]. As AOL isn't a covered entity (e.g. healthcare provider, insurance company, etc), I'm not sure whether it could be applied directly to Armstrong. You can probably push a HIPAA violation to the insurance company, however, as Armstrong most likely was told of these cases as the basis for group rate spikes during their insurance contract re-negotiation.
And those are just justifications related to violating patient privacy laws. I'm sure a lawyer could also make a pretty strong case against Armstrong personally for defamation.
[1]: http://en.wikipedia.org/wiki/Protected_health_information [2]: https://www.ama-assn.org/ama/pub/physician-resources/solutio...