Updated 2025: Looking for a Business Associate Agreement? Download our FREE template

TotalHIPAA Logo

What HIPAA Rules Were Broken During the Bornstein “Raid”?

Summary:

Have Dr. Harold Bornstein’s actions as President Trump’s former physician potentially violated HIPAA? Were there potential violations from the ‘raid’ that followed? Based on the information reported in the media, HIPAA rules were breached. HIPAA Authorization Release Form Bornstein, who has served as Trump’s doctor for more than 30 years, stated that last February, three […]

Have Dr. Harold Bornstein’s actions as President Trump’s former physician potentially violated HIPAA? Were there potential violations from the ‘raid’ that followed? Based on the information reported in the media, HIPAA rules were breached.

HIPAA Authorization Release Form

Bornstein, who has served as Trump’s doctor for more than 30 years, stated that last February, three men claiming to represent Mr. Trump came into his office and forced him to surrender all of Trump’s medical records. While the seizure did come with a letter to Bornstein from Ronny Jackson, the White House doctor, we don’t know if a HIPAA release form was included in that letter. Health care providers are prohibited from discussing or releasing any aspect of your medical information with anyone who is not directly involved in your care unless a signed authorization is presented. If there was no release signed by President Trump, this is a HIPAA violation.1

Refraining From Intimidation or Retaliation Tactics

How did the “raid,” as Bornstein reported, go down? If it was as the doctor claims that he was intimidated by the intruders to release the records, that is a HIPAA violation. HIPAA law (45 CFR§160.316) states that a Covered Entity or Business Associate – in this case, potentially the White House doctor’s posse – may not threaten, intimidate, coerce, harass, discriminate against, or take any other retaliatory action against any individual.2

Copies of Medical Records

Bornstein reported that the White House crew left with his original medical records. If that’s the case, another HIPAA rule was violated. Under New York State law, physicians must keep patient records for six years after the last visit, which means that copies of Trump’s records should have been given to the intruders, not the originals.3

The theft of the original documents could’ve been avoided if Bornstein had transferred the paper medical records into a digital format and stored the information in an EMR/EHR program. A doctor can safeguard medical records more efficiently through the use of EMR/EHR software. Bornstein did not take advantage of the significant financial incentive provided through the American Recovery and Reinvestment Act to help medical providers adopt EMR/EHR in their practices. HIPAA’s security requirements would have required the information to be encrypted and thus protected.

HIPAA rules will not likely be applied to this incident since it is likely that President Trump and his handlers do not want health information about the President leaked to the public. The irony is HIPAA already protected Trump’s medical information, but the heavy-handed tactics could result in some of the information being revealed by a detractor of the President. As the saying goes, “Let sleeping dogs lie.”

  1. https://slate.com/technology/2018/05/did-anyone-in-harold-bornsteins-story-about-trumps-medical-records-violate-hipaa.html
  2. http://www.healthcare-information-guide.com/HIPAA.html
  3. https://slate.com/technology/2018/05/did-anyone-in-harold-bornsteins-story-about-trumps-medical-records-violate-hipaa.html

Sharing is caring!

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Want to stay informed?

Join our community, stay ahead of the curve on HIPAA compliance and receive free expert guidance.

Related Posts

Is Gmail HIPAA Compliant Email? – Well, It Can Be!

Is Gmail HIPAA Compliant Email? – Well, It Can Be!

To use Google Workspace with Protected Health Information (PHI), you must enter into a Business Associate Agreement (BAA) with Google. However, a signed BAA is only the first step. To satisfy the Office for Civil Rights (OCR) modernized Security Rule standards, Covered Entities must properly configure their email settings, utilize end-to-end encryption, and account for new tech, like integrated AI. This guide covers how to secure your Gmail account and the critical configuration steps required to maintain compliance.

Does HIPAA Apply After Death? Limitations of HIPAA Rules

Does HIPAA Apply After Death? Limitations of HIPAA Rules

Yes, HIPAA protections continue long after a patient has passed away. Under the HIPAA Privacy Rule, Protected Health Information (PHI) remains safeguarded for 50 years following the date of death. During this time, the same privacy standards apply, though specific exceptions allow for disclosures to executors, funeral directors, and family members involved in the patient’s prior care.

HIPAA Compliance: A Constant Pulse, Not an Annual Event

HIPAA Compliance: A Constant Pulse, Not an Annual Event

Even though people talk about an “annual HIPAA audit,” compliance isn’t just a once-a-year task. To stay compliant, organizations can’t just “set it and forget it”; they need to constantly manage risks. Staying on top of things is the only way to be ready for an audit at any time.

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Save Cart & Generate Link
Send Cart in an Email Done! close
Empty cart. Please add products before saving :)

Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Send Cart Email
Your cart email sent successfully :)