New York Healthcare Law Blog

Many physicians and other healthcare providers frequently find themselves faced with various, often unclear, requests for patient information.  This happens as part of pending malpractice litigation, administrative proceedings, surrogate disputes, and in numerous other scenarios.  Practitioners asked to produce Protected Health Information (PHI) must be certain to comply with such requests without violating either the Health Insurance Portability and Accountability Act, commonly known as HIPAA, or federal and state rules governing litigation and discovery.  This can be a daunting task for a physician busy with caring for patients and managing the ever-increasing administrative hurdles of running a medical practice.  Unfortunately, failure to comply with applicable regulations can result in serious consequences for a health care practitioner. Therefore, it is essential that doctors and other providers faced with any requests for release of PHI, educate themselves and obtain competent advice in order to avoid any impropriety in releasing protected patient information.

The HIPAA Privacy Rule provides federal protections for personal health information held by health care providers and other covered entities.  The rule places constraints on disclosure fo private patient data, and sets limits on the uses and disclosures that may be made of such information.  HIPAA Privace Rule is balanced so that to permit the disclosure of PIH when necessary for patient care and other important purposes. 

For an average health care provider, the HIPAA Privacy Rule mandates compliance in several specific areas such as notifying patients about their privacy rights and how their information may be used, adopting and implementing privacy procedures, training employees in privacy procedures, designating an individual responsible for ensuring that the proper privacy procedures are followed and securing patient records containing identifiable PHI.

Typically, a HIPAA violation involves a doctor or other health care practitioner improperly divulging medical history or other protected patient information.  While compliance with HIPAA may seem fairly straightforward at first glance, many situations involving possible violations can be multi-faceted and ambiguous.  Since violations can result in various serious sanctions and even criminal proceedings, health care providers are advised to carefully review and evaluate the propriety of all requests to release PHI received by their practices. 

In light of the complexity of relevant patient privacy regulations and frequent ambiguity of requests to release patient information, guidance of qualified legal counsel can prove to be invaluable to a physician confronted with a request for PHI.  Counsel with expertise in the area of healthcare law can evaluate whether the form of the request is proper and complies with applicable laws, whether procedural requirements have been met, and whether the scope of information sought is appropriate. Furthermore, qualified counsel can guide a health care provider in the process of responding to subpoenas and court orders.  In sum, any physician unsure of propriety of a response to a request for patient information would be well-advised to protect him or herself from failure to comply with HIPAA and other federal and state laws by seeking advice of a knowledgeable attorney.