November 24, 2009
The staff of the Committee on Open Government is authorized to issue advisory opinions. The ensuing staff advisory opinion is based solely upon the information presented in your correspondence.
I have received your letter and the correspondence attached to it. You have questioned the propriety of a denial of your request for the names of Oswego County legislators who receive health insurance benefits paid by the County. You wrote that you are not interested in the number of times that health care benefits were provided or the medical basis for claims. However, the Clerk of the County Legislature wrote that the request “must be denied under the privacy protections of the Federal Health Insurance Portability and Accountability Act (HIPAA) as an unwarranted invasion of personal privacy.”
With due respect to the Clerk, I disagree and believe that those portions of the records requested that identify County officers or employees who receive health insurance benefits paid by the County, without an indication of the number or nature of claims, must be disclosed. In this regard, I offer the following comments.
As a general matter, the Freedom of Information Law is based upon a presumption of access. Stated differently, all records of an agency are available, except to the extent that records or portions thereof fall within one or more grounds for denial appearing in §87(2)(a) through (j) of the Law.
Relevant to the matter is §87(2)(a) which pertains to records that “are specifically exempted from disclosure by state or federal statute.” The term “statute”, according to judicial decisions, is an enactment of Congress or the State Legislature. In this case, the County alleges that the Health Insurance Portability and Accountability Act, a federal statute which is widely known as HIPAA, prohibits disclosure of the requested information. In my view, the restrictions on disclosure do not apply to records or portions of records that indicate only a public employee’s enrollment or participation in a health insurance plan.
The “Privacy Rule” imposed by HIPAA applies only to “covered entities”, which are defined to include a health plan, a health care clearinghouse, and a health care provider that transmits any health information in electronic forms (see 45 CFR §§160, 162 and 164, particularly §160.103). Only “protected health information”, which is defined as information relating to an individual’s physical or mental health, provision of health care, or payment of health care, falls within the scope of the regulations.
In the federal regulations dealing with “health plans”, 45 CFR 160.103 states in relevant part that:
“Individually identifiable health information is information that is a subset of health information, including demographic information collected from an individual and:
(1) Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and
(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual...”
However, the same section of the regulations states that “Protected health information excludes individually identifiable health information in...(iii) Employment records held by a covered entity in its role as employer.” Based on the foregoing, the fact that a public employee participates in a public employer sponsored health insurance plant does not constitute protected health information that is confidential under HIPAA.
It is noted that information indicating only participation in a health insurance plan differs from other records that include greater detail or personal information relating to actual events involving requests for or the provision of medical or mental health services or treatment. For instance, the federal regulations in 45 CFR §164.054 relate to “plan administration functions” and state in subdivision (a) that:
“Summary health information means information, that may be individually identifiable health information, and:
“1) That summarizes the claims history, claims expenses, or type of claims experienced by individuals for whom a plan sponsor has provided health benefits under a group health plan...”
The foregoing would signify that claims based on the provision of medical or mental health services have been made by an individual, and any such records would, therefore, be protected under HIPAA. To be distinguished is information that merely indicates that an individual participates in a health benefits plan, which alone indicates nothing about claims for or the provision of medical or mental health services. Records solely indicating participation in a plan in my opinion clearly are excluded from the scope of “protected health information”, for they are merely “employment records held be a covered entity in its role as employer.”
Also relevant, as raised by the County in response to your request, is §87(2)(b) which enables agencies to withhold records to the extent that disclosure would constitute an unwarranted invasion of personal privacy.
While the standard concerning privacy is flexible and may be subject to conflicting interpretations, the courts have provided substantial direction regarding the privacy of public officers employees. It is clear that public officers and employees enjoy a lesser degree of privacy than others, for it has been found in various contexts that public officers and employees are required to be more accountable than others. Further, with regard to records pertaining to public officers and employees, the courts have found that, as a general rule, records that relate to one’s official duties are available, for disclosure in such instances would result in a permissible rather than an unwarranted invasion of personal privacy [see e.g., Farrell v. Village Board of Trustees, 372 NYS 2d 905 (1975); Gannett Co. v. County of Monroe, 59 AD 2d 309 (1977), aff'd 45 NY 2d 954 (1978); Sinicropi v. County of Nassau, 76 AD 2d 838 (1980); Geneva Printing Co. and Donald C. Hadley v. Village of Lyons, Sup. Ct., Wayne Cty., March 25, 1981; Montes v. State, 406 NYS 2d 664 (Court of Claims, 1978); Powhida v. City of Albany, 147 AD 2d 236 (1989); Scaccia v. NYS Division of State Police, 530 NYS 2d 309, 138 AD 2d 50 (1988); Steinmetz v. Board of Education, East Moriches, supra; Capital Newspapers v. Burns, 109 AD 2d 292 (1985) aff'd 67 NY 2d 562 (1986)].
I point out that records indicating the salaries of public employees must be disclosed. Specifically, §87(3)(b) of the Freedom of Information Law states that: "Each agency shall maintain...a record setting forth the name, public office address, title and salary of every officer or employee of the agency..." Similarly, records reflective of other payments, whether they pertain to overtime, or participation in work-related activities, for example, would be available, for those records in our view would be relevant to the performance of one's official duties. It is also noted that those portions of W-2 forms indicating public employees' names and gross wages have been found to be available to the public (Day v. Town Board of Town of Milton, Supreme Court, Saratoga County, April 27, 1992).
In sum, in my opinion, a record of payment to or a benefit received by a public official or employee would generally be accessible to the public; disclosure would constitute a permissible, not an unwarranted invasion of personal privacy. In this instance, it is my view that the names of those who receive a benefit in conjunction with the County’s plan must be made available.
In an effort to enhance understanding of and compliance with applicable law, a copy of this opinion will be sent to County officials.
I hope that I have been of assistance.
Robert J. Freeman
cc: Ted Jerrett, Clerk/FOIL Officer
Richard Mitchell, County Attorney