| June
1, 2003 |
Paul J. Breaux completed
Pharmacy School in 1965. After practicing pharmacy
for several years, he entered L.S.U. Law School,
graduating in 1972, and he has practiced law since
then. His practice is located in Lafayette, Louisiana. |
A covered entity
may make a disclosure of a patient's protected health information
without the patient's written authorization or opportunity
to agree or object in eleven situations under the HIPAA Medical
Privacy Rule (42 Code of Federal Regulations §164.512).
Three of those eleven clauses involve instances when a covered
entity is required by law to disclose health information – and
of those three, the clause dealing with disclosure in a judicial
proceeding is more likely than any other to be confronted by
covered health care providers.
Not until a covered entity has satisfied the very specific
requirements of the federal Privacy Rule for disclosures
of protected health information in judicial proceedings,
be it for purposes of a trial or for pre-trial discovery,
and complied with the state law governing such a proceeding,
may it then make the disclosure.
The specific requirements of Section 512 of the HIPAA Privacy
Rule are that a disclosure may be made in a judicial proceeding
only in response to either (i) a court order, (ii) a subpoena,
or (iii) a discovery request. Further, if the request for
disclosure is made by either a subpoena or a discovery request
that is not also accompanied by a court order, Section 512
mandates that a health care provider must be provided satisfactory
assurances by the party seeking the protected health information
that reasonable efforts had first been made to ensure that
the patient was given notice of the request.
The "satisfactory assurance" requirement of Section
512 of the Privacy Rule is fulfilled if a covered entity
receives from the party requesting protected health information
a written statement and accompanying documentation demonstrating
that:
- the requesting party made a good faith attempt to provide
written notice to the patient,
- the notice included sufficient information about the
judicial proceeding in which the health information is
requested
to permit the patient to raise an objection to the court,
and
- the time for the patient to raise objections to the
court elapsed and without objection by the patient having
been
filed.
What is required by law for disclosure of medical records
for judicial proceedings in most instances in Louisiana,
as an example on one state's law, is the following:
- The health care provider must be served with a subpoena
and the service must occur at least seven days before the
date on which the records are to be produced/disclosed;
- The
provider must also receive an affidavit by the requesting
party stating –
- the subpoena is for records of a
patient who is a party to a specified judicial
proceeding; and
- notice of the subpoena
has been mailed by registered or certified mail
to the patient (or the patient's
attorney) at least seven
days before the issuance of the subpoena;
and
- The provider must not have, by the date on which the
records are to be produced, received a copy of a motion
indicating
the patient has taken legal action to restrain disclosure
of the records.
In conclusion, there are now two levels of detail, federal
as well as state, protecting health information being subpoenaed
for disclosure in judicial proceedings. Covered health care
providers can no longer produce information for use in a
judicial proceeding without many questions as they may have
done in the past, but rather should pay careful attention
now to satisfy both HIPAA and state law requirements before
doing so.
|
|
