Click to edit Master title style
7 Critical Considerations in
Conducting Discovery and
Responding to Subpoenas
Meggan Bushee, Associate, McGuireWoods LLP Amanda L. Enyeart, Associate, McGuireWoods LLP Nathan A. Kottkamp, Partner, McGuireWoods LLP
Jason D. Stevens, Assistant General Counsel, Novant Health, Inc. April 8, 2014
Introduction: HIPAA Core Elements
• What is HIPAA?
– Health Insurance Portability & Accountability Act of 1996 – Privacy Rule
– Security Rule
– Breach Notification Rule – Enforcement Rule
• What does HIPAA protect?
– Protected Health Information
• Who does HIPAA apply to?
McGuireWoods LLP | 3
1. Judicial Proceedings: Exception to Authorization
– State-defined language for notice to providers and/or patients – State-defined timing requirements for patient to object
– HIPAA protections of alcohol and drug abuse patient records
• Qualified Protective Orders
– Agreed by parties, entered by the court
• Court Orders
• Operational Considerations
– Do you really need a subpoena?
– Can you meet the subpoena requirements? – Should you treat all subpoenas the same?
– Is further disclosure necessary and permitted by the relevant order?
2. Patient Authorization for Disclosure of PHI
• Describe the information to be disclosed.
• Who is authorized to disclose?
• Who is authorized to receive?
• Describe the purpose of the disclosure.
• Indicate the expiration date or event.
• Must be signed and dated by patient.
• Must include statement regarding right to revoke, potential for
disclosure by recipient.
• Must be drafted in plain language.
McGuireWoods LLP | 5
3. Considerations if Patient is/is not a Party
• Patient is plaintiff and requests own records
• Patient and provider are both parties
– Patient has placed medical condition in question – waiver
1. Waivers of medical record confidentiality is not expressly noted in HIPAA regulations.
2. Safest course of action: seek a protective order.
– Still may need and can obtain authorization for provider to use records
• Patient is a party, but provider is not • Patient is not a party
4. State Law Considerations
• Physician-patient privilege • Ex parte communications
• State law protections that increase privacy requirements
McGuireWoods LLP | 7
5. Responding to OCR
• Recognize that the OCR investigators have strong knowledge about the Privacy Rule, but are not typically lawyers.
• Strike the right balance between being amicable and protecting your rights.
• Understand that OCR’s approach to a matter will be decided by how serious it perceives the problem.
– Awareness letters (and then close matter) – Response
– Back-and-forth letter campaigns
• There is considerable variability in enforcement
6. Disclosures of Sensitive Information
• HIV/AIDS information
– HIPAA silent but take note of applicable state law
• Mental health records
– Redisclosure limitations
• Psychotherapy notes
– Patient authorization required per 42 C.F.R. 165.508(a)(2)
• Drug and alcohol treatment
– 42 C.F.R. Part 2 – State law
McGuireWoods LLP | 9
7. HIPAA and Workers’ Compensation
• One of the “grand” exceptions to HIPAA
– 45 CFR 164.512(l)
– Disclosure must be authorized by applicable state law
• Heavily nuanced by state law and by decisions related to the claim (i.e., claim denial, discontinuation, etc.)
• Operationally difficult when a physician provides both
occupational medicine and primary or routine care to a patient. • Practical tips
• Know your state statutes and local rules, and follow the more restrictive rule.
• Careful drafting is crucial.
• HIPAA requires minimum necessary disclosure.
• Do not have paralegal sign requests or other subpoena documents.
• Do not allow Business Associates to respond to subpoenas without at least providing notice.
– Ensure your Business Associate Agreement contains appropriate language regarding the process to be followed when they receive a subpoena or Court Order.
McGuireWoods LLP | 11
For more information, contact:Meggan Bushee McGuireWoods LLP Charlotte firstname.lastname@example.org 704.343.2360
Jason D. Stevens Novant Health, Inc. email@example.com
Nathan A. Kottkamp McGuireWoods LLP
Amanda L. Enyeart McGuireWoods LLP