1 LITIGATING MEDICAL MALPRACTICE CASES IN OKLAHOMA: THE AFTERMATH OF HIPAA MELISSA A. COUCH * I. Introduction The enactment of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) 1 dramatically changed the way in which attorneys obtain medical information, especially in personal injury and medical malpractice cases. Attorneys in every state have faced challenges in obtaining protected health information (PHI) as defined by HIPAA, 2 and Oklahoma has been no exception. Before the enactment of HIPAA, most states had laws in place governing access to a patient s medical information and its use in litigation. Because HIPAA is a federal regulation, however, it preempts many of these state laws. 3 The legislative purpose of HIPAA, which is also known as the Privacy Rule, is to protect patients privacy by limiting a third party s access to a patient s medical information. 4 Although the goal of protecting patient privacy regarding medical records is certainly important, HIPAA fails to address how attorneys obtain relevant health information on patients who have filed lawsuits placing their medical condition in issue. Arguably, plaintiffs attorneys who have filed lawsuits placing clients medical conditions in issue have greater access to medical information than defense attorneys because plaintiffs counsel can easily obtain medical authorizations from their clients. Further, a plaintiff s attorney may communicate freely with her client regarding the plaintiff s medical care and * Associate, Short, Wiggins, Margo & Butts, P.C., Oklahoma City, Oklahoma. B.A., University of Oklahoma, 1999; J.D., Oklahoma City University, The views expressed herein are solely those of the author C.F.R (2003). HIPAA regulations were effective on April 14, 2001, but full compliance with HIPAA was not mandated until April 14, See United States ex rel. Stewart v. La. Clinic, No , 2002 WL , at *3 (E.D. La. Dec. 12, 2002). 2. See 45 C.F.R Generally, federal law preempts state law when state law contradicts federal law. However, there are exceptions to this general rule. For example, section (b) of HIPAA defers to state law where the state regulations provide greater privacy protection than HIPAA. 45 C.F.R (b); see also infra Part III. 4. See Smith v. Am. Home Prods. Corp., 855 A.2d 608, (N.J. Super. Ct. Law Div. 2003). 827
2 828 OKLAHOMA LAW REVIEW [Vol. 57:827 treatment and may even contact the plaintiff s treating physician to discuss care before filing the lawsuit. In Oklahoma, until the enactment of HIPAA, defense counsel used title 76, section 19, which governs patient medical records. 5 Section 19 allowed defense attorneys to obtain medical information upon the filing of a lawsuit without the patient s prior medical authorization. 6 After using section 19 for over a quarter of a century in litigating medical malpractice cases, attorneys in Oklahoma are attempting to determine the impact of HIPAA on informal methods of obtaining medical information, such as the procedures permitted under section 19 and Oklahoma case law. 7 While the general goal of HIPAA did not focus on the accessibility of medical records to attorneys litigating personal injury claims, HIPAA regulations certainly will influence counsels accepted methods of gathering medical information in Oklahoma. In construing the standards set forth under HIPAA and section 19, this Article argues that the two statutes are not in conflict. Part II of this Article discusses title 76, section 19 of the Oklahoma Statutes. Part III then analyzes HIPAA s effect on section 19. Finally, Part IV addresses HIPAA s impact on informal discovery methods used under section 19, including ex parte communications between counsel and treating physicians. This Article ultimately concludes that section 19 may still be used to obtain medical information while maintaining compliance with HIPAA s privacy requirements OKLA. STAT. 19 (2001). Pursuant to section 19, in cases involving personal injury or death filed against a health care provider, the plaintiff is deemed to have waived any physician-patient privilege provided by law by placing her medical condition in issue. Id. Thus, attorneys may obtain medical information for purposes of litigation even absent a medical authorization signed by the patient. Id.; see also Lee v. Calhoun, 948 F.2d 1162 (10th Cir. 1991). 6. See 76 OKLA. STAT Section 19 is one of the less restrictive statutes in the country, allowing not only access to medical records, but also the ability to communicate with treating physicians through informal discovery. Compare, e.g., Seaberg v. Lockard, 1990 OK 49, 800 P.2d 230, with Crenshaw v. Mony Life Ins. Co., 318 F. Supp. 2d 1015 (S.D. Cal. 2004). The permissive nature of Oklahoma s statute has been a topic of contention in courts across the country. See Conning the IADC Newsletters, 71 DEF. COUNS. J. 199, 208 (2004); John Jennings, Note, The Physician-Patient Relationship: The Permissibility of Ex Parte Communications Between Plaintiff s Treating Physicians and Defense Counsel, 59 MO. L. REV. 441, 454, n.77 (1994); J. Christopher Smith, Recognizing the Split: The Jurisdictional Treatment of Defense Counsel s Ex-Parte Contact with Plaintiff s Treating Physician, 23 J. LEGAL PROF. 247, ( ).
3 2004] LITIGATING MEDICAL MALPRACTICE CASES 829 II. Oklahoma s Statute: Title 76, Section 19 Section 19 has two general purposes. First, section 19(A) provides patients with open access to their own medical records as maintained by their health care provider. 8 Second, section 19(B) waives a patient s privacy privilege regarding medical information when the patient has made a claim against a health care provider placing her physical or mental condition in issue. 9 Section 19 provides an inexpensive and efficient method for attorneys to obtain medical records and information in order to prepare their case. 10 Absent section 19, defense attorneys would be effectively unable to prepare a defense; a plaintiff s attorney investigating a potential medical malpractice claim might also be hampered if she were denied access to records. Thus, for Oklahoma medical malpractice attorneys and litigants, section 19 is an important and valuable tool. A. HIPAA s Requirements III. HIPAA s Impact and Effect on Section 19(B) Although Congress did not necessarily intend HIPAA to prevent counsel from obtaining a plaintiff s medical information, 11 HIPAA s strict guidelines require Oklahoma lawyers to reexamine their use of section 19(B) in gathering medical information. The pertinent language in the federal regulation permits disclosure of PHI (1) in the course of any judicial or administrative proceeding ; (2) in response to an order of a court ; or (3) in response to a subpoena, discovery request, or other lawful process HIPAA further OKLA. STAT. 19(A). Patients can obtain copies of their medical records at the statutory rate. Id. The statute, however, specifically limits a patient s access to psychological or psychiatric records, which are both governed under a separate statute. Id. 19(A)(3). 9. Id. 19(B). The subject of the lawsuit must be a claim arising out of patient care by the defendant health care provider, including actions brought on behalf of a deceased patient. The statute specifically states that the patient shall be deemed to waive any privilege granted by law concerning any communication made to a physician or health care provider with reference to any physical or mental condition.... Id. 19(B)(1). Although such information is accessible and discoverable under the statute, it must be material and relevant to an issue in litigation before being admitted into evidence in any proceeding. Id. 10. See id. 19(B). 11. See Smith v. Am. Home Prods. Corp., 855 A.2d 608, 622 (N.J. Super. Ct. Law Div. 2003); June Mary Zekan Makdisi, Commercial Use of Protected Health Information Under HIPAA s Privacy Rule: Reasonable Disclosure or Disguised Marketing?, 82 NEB. L. REV. 741, (2004) (discussing the various reasons why Congress enacted HIPAA) C.F.R (e)(1)(i),(ii) (2003).
4 830 OKLAHOMA LAW REVIEW [Vol. 57:827 requires that attorneys provide both notice to the patient whose medical information is being sought and reasonable assurances that the information will be used only for purposes of litigation and will be returned or destroyed at the conclusion of the lawsuit. 13 Before HIPAA, attorneys in Oklahoma could request medical records from any health care provider by letter, attaching a copy of the petition and a copy of section 19(B). 14 Health care providers rarely refused these informal requests. 15 However, under HIPAA, more is now required for counsel seeking copies of medical records. HIPAA s guidelines do not greatly affect plaintiffs attorneys because they can simply have their clients sign HIPAA-compliant authorizations for release of records. 16 But defense counsel who do not have informal access to the plaintiff can no longer obtain medical records inexpensively or efficiently. After HIPAA, defense counsel must wait for the plaintiff to supply HIPAA-compliant medical authorizations before obtaining records that are central to issues in the lawsuit, which ultimately creates delays in the initial development of the defendant s case See id (e)(1)(ii)(A),(B). Specifically, the party seeking the PHI should obtain a qualified protective order, which is an order from the court restricting the use and disclosure of medical information obtained for litigation, and requiring its return or destruction at the end of the case. See id (e)(1)(v). For all practical purposes, this may be accomplished in Oklahoma by showing the court that the plaintiff has placed her medical condition in issue. See 76 OKLA. STAT. 19(B)(1). 14. See 76 OKLA. STAT. 19(B). 15. But see id. 19(A)(3). Health care providers only refused these requests if the attorney was seeking records concerning psychological or psychiatric care. Id. Pursuant to section 19(A)(3), not even a patient is entitled to copies of their mental health records absent the health care provider s consent or court order. Id. The statute permits disclosure of mental health records as outlined in title 43A, section of the Oklahoma Statutes. 43A OKLA. STAT (2001). Section states that a patient can personally access their mental health records unless disclosure is reasonably likely to endanger the patient s life or the life of another. Id. Presumably, the health care provider would be in the best position to make that determination, which may explain why section 19(A)(3) does not cover access to mental health records. See 76 OKLA. STAT. 19(A)(3). 16. See 45 C.F.R (c)(1)-(2). HIPAA sets forth various types of acceptable authorizations based on the purpose of the request. Generally, the authorization must include a specific description of information being sought (such as the date of treatment and complaint), the name of the person(s) making the request, the name of the person(s) or entity entitled to disclosure, a description of the purpose of the request, an expiration date (typically the conclusion of litigation), and the signature of the patient or authorized representative. Id (c)(1). Further, the authorization must contain language providing the patient with notice of her right to revoke the authorization. Id (c)(2). 17. One of the advantages of section 19(B) over HIPAA is the attorney s ability to make
5 2004] LITIGATING MEDICAL MALPRACTICE CASES 831 B. Oklahoma s Request for an Exception Determination Because HIPAA is a federal regulation and federal laws preempt conflicting state laws, 18 many commentators initially thought that HIPAA would render section 19(B) useless as a tool for obtaining medical information. 19 Realizing the impact that HIPAA would have on litigating medical malpractice cases in Oklahoma, the Oklahoma State Medical Association and the Oklahoma Hospital Association petitioned the Department of Health and Human Services for an exception from the application of the Privacy Rule adopted under HIPAA. 20 Title 45, section of the Code of Federal Regulations authorized the Secretary of the Department of Health and Human Services to grant an exception, 21 and the Secretary delegated the responsibility of making exception determinations to the Office for Civil Rights (OCR). 22 In a lengthy letter, the OCR clarified its position on HIPAA s impact on section 19(B) and determined that the Oklahoma statute was not in conflict with the Privacy Rule and was therefore not preempted. 23 The OCR letter stated that preemption occurs when state law is contrary to federal law. 24 Under section of the federal regulations, provisions of law are contrary on two conditions. 25 First, state law is contrary to HIPAA if a health care provider would find it impossible to comply with both state and federal [law]. 26 Alternatively, a state law would be contrary if it posed an obstacle to the goals of the Privacy Rule. 27 If neither condition is met, an an immediate request for medical records upon the filing of a lawsuit without having to wait for signed authorizations from the patient. See 76 OKLA. STAT. 19(B). Although records from the defendant health care provider could be easily obtained by defense counsel upon the filing of a lawsuit, records from subsequent treating physicians are not as simple to gather. 18. Meyer v. Conlon, 162 F.3d 1264, 1268 (10th Cir. 1998). 19. See Letter from Richard M. Campanelli, J.D., Director of Office for Civil Rights to W.F. Phelps, M.D., President of Oklahoma State Medical Association, and Craig W. Jones, FACHE, President of Oklahoma Hospital Association at 1 (June 24, 2003) (on file with the Oklahoma Law Review) [hereinafter Campanelli Letter]. 20. Id. (stating that the requested exception involved 45 C.F.R (e)(1)(ii)-(vi)) C.F.R (a) (authorizing exceptions to the general rule where such is necessary to, among other things, preserve a compelling need related to public health, safety, or welfare... and if it is determined that the intrusion into privacy is warranted when balanced against the need to be served.... ). 22. Campanelli Letter, supra note 19, at Id. 24. Id. at C.F.R (1). 26. Id. 27. Id (2).
6 832 OKLAHOMA LAW REVIEW [Vol. 57:827 exception determination is not warranted, and HIPAA will not preempt state law. 28 After considering each of these conditions, the OCR determined that an exception was not necessary in Oklahoma The Impossibility Test The OCR termed the first condition The Impossibility Test. 30 Under this test, the OCR must determine whether a health care provider would violate either section 19(B) or HIPAA if it complied with the other. 31 In medical malpractice cases, both state and federal law permit disclosure of PHI. 32 Section 19(B) authorizes disclosure through waiver of the physician-patient privilege, 33 whereas HIPAA requires notice and reasonable efforts to obtain a qualified protective order. 34 Because section 19(B) does not compel disclosure of PHI, it is not in conflict with HIPAA. 35 Thus, a health care provider can comply with section 19(B) in a manner that does not make it impossible to comply with HIPAA. 2. The Obstacle Test Under the alternative condition, the OCR recognized that section 19(B) does not impede the objectives of HIPAA. 36 The OCR defined the purpose of HIPAA as improv[ing] the Medicare and Medicaid programs and the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information. 37 It is difficult to ascertain how section 19(B) could be an obstacle to this objective. Accordingly, it appears an exception is not necessary under The Obstacle Test. C. HIPAA Compliance Still Required Despite OCR s letter finding that section 19 is not contrary to HIPAA, a health care provider must still comply with HIPAA unless the state law relating 28. See id (1). 29. See generally Campanelli Letter, supra note Id. at Id. 32. Id OKLA. STAT. 19(B) (2001). In other words, the statute prohibits a patient from claiming the privilege in an effort to impede the release of medical records C.F.R (2003). 35. Campanelli Letter, supra note 19, at Id. at Id. (citing Pub. L. No , 261).
7 2004] LITIGATING MEDICAL MALPRACTICE CASES 833 to patient privacy of health information is more stringent than HIPAA. 38 Thus, while HIPAA does not render section 19(B) useless because the Oklahoma statute is not contrary to HIPAA, 39 health care providers must still comply with HIPAA s notice and reasonable assurance requirements unless section 19 is more stringent than HIPAA. 40 Although no Oklahoma court has decided whether section 19 is more stringent than HIPAA, cases interpreting other state statutes provide guidance on this issue. In contrast to Oklahoma, Illinois recognizes a strict medical records privilege whereby even redacted medical records cannot be disclosed in judicial proceedings. 41 In Northwestern Memorial Hospital v. Ashcroft, 42 the government subpoenaed medical records from the hospital, requesting records of certain patients on whom a doctor had performed late-term abortions. 43 The central issue on appeal was whether the trial court s quashing of the subpoena under HIPAA was appropriate. 44 The government argued that HIPAA authorized the disclosure of these medical records because all information identifying the individual would be redacted, thereby removing any privacy concerns. 45 The U.S. Court of Appeals for the Seventh Circuit affirmed the trial court s decision but declined to apply HIPAA. Rather, the appellate court based its decision on Illinois strong policy of privacy for medical records C.F.R In other words, if a state passes a law regarding accessibility of PHI that is more protective of a patient s right to privacy, the state law is applicable and not preempted. 39. See infra Part III.B. 40. See 45 C.F.R (e)(1)(ii)(A),(B) (requiring that the party seeking PHI provide both notice to the patient whose medical information is being sought and reasonable assurances that the information will be used only for purposes of litigation and will be returned or destroyed at the conclusion of the lawsuit). 41. See N.W. Mem l Hosp. v. Ashcroft, 362 F.3d 923, 925 (7th Cir. 2004) F.3d 923 (7th Cir. 2004). 43. Id. at 924. The suit challenged the constitutionality of the Partial-Birth Abortion Ban Act of Id. 44. Id. 45. Id. at Id. at The case was brought in federal court involving a federal question. The Seventh Circuit determined that patients, physicians, and hospitals relied on the policy of heightened protection of privacy in Illinois, but recognized it may not be applicable in federal proceedings concerning federal question issues. See id. The court turned to Federal Rule of Civil Procedure 45(c), which allows a subpoena to be quashed if it imposes an undue burden on the person or entity subject to the subpoena, and used it as a basis for its decision. Id. HIPAA clearly authorizes disclosure of medical records when the medical records do not identify the individual, and there is no reasonable basis to believe that the information can be used to identify the patient. 45 C.F.R (2003). The Seventh Circuit s decision is a classic example of an outcome-oriented opinion because the court quashed the subpoena
8 834 OKLAHOMA LAW REVIEW [Vol. 57:827 Arguably, the court declined to apply HIPAA because federal law expressly allows for the disclosure of records that have been de-identified 47 and does not comport with Illinois strict medical privilege. 48 An appellate court in Florida similarly found Florida s state law regarding disclosure of PHI more stringent than the requirements established by the Privacy Rule. 49 Although the court concluded that HIPAA s procedural requirements for disclosure were more stringent than those of Florida because of notice requirements to the patient, the court determined that the substantive provisions of the Florida law were more stringent because disclosure of PHI was restricted to entities falling within four statutory exceptions, and not any third party as allowed under HIPAA. 50 Accordingly, the court found Florida s law concerning release of PHI more stringent and therefore controlling in Florida cases. 51 In determining whether a state law is more stringent than HIPAA, courts consider the extent to which a patient s privacy and ability to control disclosure of records is protected. 52 Some have taken the more stringent test to the extreme and have argued that state laws mandating disclosure of medical records are more stringent than HIPAA s permissive rule, which authorizes disclosure of PHI where certain guidelines are met. 53 However, states with laws concerning disclosure of PHI that are more stringent than HIPAA seem to be in the minority, and few cases have held that HIPAA does not preempt state law on this basis. Indeed, with patient control over the disclosure of PHI being the primary consideration in determining whether a state law is more stringent, state statutes, like Oklahoma s section 19, that mandate disclosure of medical records without the patient s consent or notice are not likely to meet the more stringent test. Under section 19(B), the plaintiff s consent for disclosure of medical information is inferred when the plaintiff files the lawsuit, which does under the guise of federal law when state law was the true basis for denying the government s request C.F.R N.W. Mem l Hosp., 362 F.3d at See Lemieux v. Tandem Health Care, Inc., 862 So. 2d 745 (Fla. 2003). 50. Id. at 748 n Id. 52. Law v. Zuckerman, 307 F. Supp. 2d 705, 709 (D. Md. 2004); Smith v. Am. Home Prods. Corp., 855 A.2d 608, 622 (N.J. Super. Ct. Law Div. 2003). 53. See Law, 307 F. Supp. 2d at Maryland s law regarding disclosure of medical records requires a health care provider to furnish medical records without patient authorization where the patient has filed a civil action and the care and treatment are the main issues in the case. Id. at 709.
9 2004] LITIGATING MEDICAL MALPRACTICE CASES 835 not appear to satisfy the notice and control requirements of HIPAA. 54 Although no court has published an opinion regarding section 19 s compatibility with HIPAA, based on the construction of the more stringent test for other state statutes, it appears unlikely that a court would find section 19 more stringent than the requirements of HIPAA. IV. The Ultimate Challenge: Ex Parte Communications Because section 19 is probably not more stringent than HIPAA, HIPAA may limit informal discovery methods authorized under the Oklahoma statute. Before HIPAA, counsel for plaintiffs and defendants had the ability to informally confer with treating physicians concerning the care and treatment of the plaintiff once the plaintiff filed a lawsuit placing her medical condition in issue. 55 Section 19 granted access to both plaintiff s and defense counsel to communicate ex parte with the treating physicians, who essentially became fact witnesses in the malpractice action. 56 Not only could physicians discuss their care of the patient, they could also offer opinions on the cause of the patient s complaints. 57 This informal discovery method provided an efficient and inexpensive process for obtaining medical information without patient authorization, subpoena, or court order, ultimately conserving judicial time and saving attorneys fees. With the enactment of HIPAA, however, the concern became whether contact with the plaintiff s physicians could occur absent the plaintiff s explicit consent. A. Seaberg v. Lockard HIPAA created an uneven playing field for attorneys litigating medical malpractice cases, whereby plaintiff s counsel can conduct informal interviews with treating physicians, but the defendant s representatives need the plaintiff s explicit consent to engage in such communications. Pre-HIPAA, health care providers were comfortable releasing and discussing medical information pursuant to section 19(B) with attorneys on both sides. Post-HIPAA, more was needed to demonstrate to health care providers that their disclosure of PHI did not violate HIPAA. For example, in 1990, before the enactment of HIPAA, the Oklahoma Supreme Court considered the issue of ex parte communication by counsel with 54. See id. at 711 n Seaberg v. Lockard, 1990 OK 40, 800 P.2d Id. 3, 800 P.2d at Communication occurred on the basis of the plaintiff waiving her physician-patient privilege under section 19(B). Id. 57. Id. 6, 800 P.2d at 232.
10 836 OKLAHOMA LAW REVIEW [Vol. 57:827 a plaintiff s treating physician. 58 In Seaberg v. Lockard, 59 the court addressed whether waiver of the physician-patient privilege under section 19(B) contemplated a district court s order authorizing or directing health care providers to participate in ex parte communications with defense counsel. 60 The court determined that the law permits voluntary ex parte communications with physicians where no legal privilege exists, but does not provide judicial authority for facilitating or impeding such communications. 61 Seaberg supported defense counsels practice of conducting ex parte communications with treating physicians. At the time Seaberg was decided, Oklahoma law allowed informal interviews to occur through section 19(B) which was deemed self-executing and there was no reason for the court to contemplate the need for an order specifically authorizing disclosure of medical information. B. Construing Seaberg After HIPAA Based on HIPAA s requirement that health care providers could disclose PHI in the course of any judicial proceeding or in response to a court order, 62 defense counsel began the practice of requesting court orders, stating that the plaintiffs had waived their physician-patient privilege under section 19(B) by filing a malpractice action, and that health care providers could disclose PHI through requests for production of medical records or informal interviews. Plaintiff s counsel frequently objected to these requests, arguing that Seaberg specifically held that a court cannot order health care providers to conduct ex parte communications. 63 In fact, the holding in Seaberg provided that neither statute nor case law prohibits the legal representatives of a defendant from conducting voluntary ex parte interviews with a plaintiff s prospective medical witness, but judicial action may not be invoked to facilitate or impede informal 58. Id. 2, 800 P.2d at 231. Although some courts distinguish a treating physician who is at the time treating the patient and a treating physician who treated the patient in the past, Oklahoma does not. See 76 OKLA. STAT. 19(B) (2001). Rather, any physician who has ever treated the patient is considered a treating physician OK 40, 800 P.2d Id. 2, 800 P.2d at Id. 6, 800 P.2d at C.F.R (e) (2003). 63. Although no Oklahoma court has published an opinion discussing the applicability of Seaberg in light of HIPAA, defense counsel working in medical malpractice have met frequent challenges when seeking court orders authorizing the disclosure of PHI by arguing Seaberg s application.
11 2004] LITIGATING MEDICAL MALPRACTICE CASES 837 interviews. 64 In other words, ex parte communications can only occur voluntarily by willing health care providers. 65 The OCR s letter illustrating its position on the use of section 19(B) in light of HIPAA supports this common practice. Oklahoma attorneys in medical malpractice litigation generally file a pleading with the court at the outset of the lawsuit notifying the plaintiff of counsel s intent to obtain PHI by any means necessary, including requesting records and conducting informal ex parte communication with treating physicians. This practice satisfies HIPAA s notice requirements, but still affords defense counsel the opportunity to take advantage of informal discovery methods authorized by section 19(B). More importantly, this practice allows health care providers to disclose PHI without fear of violating the Privacy Rule. C. Consideration by Other States Oklahoma is not the only state faced with the issue of whether informal practices authorized by state law are restricted in light of HIPAA. Maryland, for instance, does not prohibit ex parte communication between a lawyer and the treating physician of an adverse party who placed her medical condition in issue. 66 One Maryland court stated that HIPAA regulations radically changed the landscape of how litigators can conduct informal discovery in cases involving medical treatment. 67 The court further instructed counsel to be far more cautious in their contacts with medical fact witnesses to ensure compliance with HIPAA. 68 Nonetheless, the court recognized three methods counsel could use in conducting informal interviews while maintaining compliance with HIPAA. 69 First, counsel could obtain a court order allowing disclosure of PHI by the health care provider. 70 Second, title 45, section (e)(1)(ii)(A) of the Code of Federal Regulations authorizes disclosure of PHI in response to a 64. Seaberg 3, 800 P.2d at The important language is that the court can neither facilitate nor impede ex parte communications. If the court were to order health care providers to engage in ex parte communications, it would be facilitating informal interviews. Certainly, the Oklahoma Supreme Court would not force physicians to engage in ex parte communications concerning a patients care and treatment for obvious public policy reasons. Conversely, if the court were to order the parties not to engage in ex parte communications, it would be impeding informal interviews. Under Seaberg, neither is authorized. See id. 66. See Law v. Zuckerman, 307 F. Supp. 2d 705, 711 (D. Md. 2004). 67. Id. 68. Id. 69. Id. 70. Id.
12 838 OKLAHOMA LAW REVIEW [Vol. 57:827 lawful process if the health care provider receives satisfactory assurances that counsel has made reasonable efforts to provide notice to the plaintiff of the request for disclosure. 71 Third, section (e)(1)(ii)(B) of the federal regulations authorizes disclosure in response to a lawful process if counsel gives assurances that the defendant has made reasonable efforts to obtain a qualified protective order. 72 According to the court, the use of any of these methods are acceptable in conducting ex parte communications. 73 The term lawful process is not defined in HIPAA. One logical interpretation would include the informal discovery methods sanctioned by section 19(B), such as informal interviews with treating physicians. Apparently, the Maryland court considered lawful process to encompass ex parte communication. 74 The Maryland court concluded that while HIPAA preempted Maryland s law regarding informal interviews, compliance with HIPAA could be maintained while still taking advantage of the state s less stringent law. 75 A New Jersey court adopted a different approach in analyzing HIPAA s effect on the state s permissive authorization of informal interviews in medical malpractice cases. 76 New Jersey has both statutory and case law authority allowing ex parte communications with a plaintiff s treating physician. 77 The court found that HIPAA does not expressly address informal discovery methods and, therefore, state law should govern informal discovery. 78 Still, the court recognized the burgeoning importance of protecting patient privacy and determined that some adjustments would need to be made to ensure compliance with HIPAA. 79 Although the court did not elaborate on the adjustments, it acknowledged the burden placed on health care providers who are willing to C.F.R (e)(1)(ii)(A) (2003). 72. Id (e)(1)(ii)(B). 73. Law, 307 F. Supp. 2d at Id. 75. Id. 76. Smith v. Am. Home Prods. Corp., 855 A.2d 608 (N.J. Super. Ct. Law Div. 2003). 77. Id. at Id. at 622. The court stated that it was unaware of any intent by Congress to interfere with a state law concerning ex parte communications, and that HIPAA s objectives were not inconsistent with such informal interviews. Id. 79. Id. at 626.
13 2004] LITIGATING MEDICAL MALPRACTICE CASES 839 engage in informal interviews but are reluctant for fear of breaching their fiduciary duties to their patient or being sanctioned for violating HIPAA. 80 Other courts have taken the opposite approach to HIPAA s effect on states informal discovery practices. Because HIPAA does not define other lawful process, courts have held that only formal discovery requirements satisfy the requirements of HIPAA. Therefore, HIPAA prohibits ex parte communications. 81 This analysis, however, fails to consider the broad scope of HIPAA and focuses only on a small section of the regulation. Further, it ignores Congress s objectives in implementing the regulation. Clearly, many states have struggled with the impact of HIPAA on state statutes allowing attorneys to use informal discovery methods to obtain medical information. Despite this, it appears that section 19(B) of the Oklahoma Statutes is applicable, provided that compliance with the Privacy Rule such as notice and reasonable assurances to the patient is maintained. Moreover, even though Seaberg was decided before HIPAA, it remains good law and provides support for ex parte communications under section 19. V. Conclusion In construing HIPAA regulations, it appears that counsel may obtain medical records and conduct informal interviews so long as: (1) counsel provides the plaintiff with notice of counsel s intent to obtain PHI and affords the plaintiff an opportunity to object; 82 (2) the plaintiff receives adequate assurances that counsel will not use medical information for any other purpose other than its intended use in litigation; 83 and (3) counsel destroys or returns the plaintiff s medical information at the conclusion of litigation. 84 If these conditions are met, HIPAA has been satisfied, and health care providers can be assured that their disclosure of PHI will not violate the federal regulations. As it stands, section 19(B) is still applicable in Oklahoma and is not preempted by HIPAA. Oklahoma s practical approach to resolving its state statute with the requirements of HIPAA is a model for other states with similar laws. 80. Id. The court noted that health care providers could be forced to consult with counsel before disclosing medical information, creating additional costs for the health care provider. Id. The court also commented that insurance companies are now offering health care providers insurance for potential HIPAA violations. Id. at 626 n Crenshaw v. Mony Life Ins. Co., 318 F. Supp. 2d 1015, (S.D. Cal. 2004) C.F.R (e)(1)(ii)(A) (2003). Under section 19(B), a plaintiff s objection will likely be overruled unless medical information being sought does not encompass a medical condition the plaintiff has placed in issue. 76 OKLA. STAT. 19(B) (2001) C.F.R (e)(1)(v)(A). 84. Id (e)(1)(v)(B).
UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA WEST PALM BEACH DIVISION JANICE LEE, ) ) Case No. Plaintiff, ) ) vs. ) ) BETHESDA HOSPITAL, INC. ) ) Defendant. ) ) COMPLAINT FOR DECLARATORY JUDGMENT
CAROL PRICE IN THE Plaintiff CIRCUIT COURT vs. FOR SINAI HOSPITAL OF BALTIMORE, INC. BALTIMORE CITY CASE NO.: 24-C-04-007323 Defendant MEMORANDUM This case comes before this Court on a Petition for Court
IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MARYLAND Southern Division ROSALYNN LAW, ) ) Plaintiff, ) ) v. ) Civil Action No. CBD-01-1429 ) DAVID J. ZUCKERMAN, M.D., ) ) Defendant. ) ). ) )
HIPAA IN A NUTSHELL: A Synopsis of How the HIPAA Privacy Rules Impact Ex Parte Communications By Larry A. Golston, Jr. BEASLEY, ALLEN, CROW, METHVIN, PORTIS & MILES, P.C. 272 COMMERCE STREET POST OFFICE
This article originally appeared in The Colorado Lawyer, Vol. 25, No. 26, June 1996. by Jeffrey R. Pilkington TORT AND INSURANCE LAW REPORTER Informal Discovery Interviews Between Defense Attorneys and
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) by and between OUR LADY OF LOURDES HEALTH CARE SERVICES, INC., hereinafter referred to as Covered Entity, and hereinafter referred
IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MARYLAND IN RE APPLICATION OF THE : UNITED STATES OF AMERICA FOR AN ORDER PURSUANT TO : Misc. No. 01-189 (Magistrate Judge Bredar) 18 U.S.C. 2703(d)
Department of the Treasury Internal Revenue Service Office of Chief Counsel CC-2004-034 September 10, 2004 Subject: Effect of the Health Insurance Portability and Accountability Act of 1996 Privacy Regulations,
BUSINESS ASSOCIATE AGREEMENT FOR ATTORNEYS This Business Associate Agreement (this Agreement ), is made as of the day of, 20 (the Effective Date ), by and between ( Business Associate ) and ( Covered Entity
HIPAA Business Associate Addendum THIS HIPAA BUSINESS ASSOCIATE ADDENDUM (this Addendum ) is by and between ( Covered Entity ) and TALKSOFT CORPORATION ( Business Associate ) (hereinafter, Covered Entity
This (hereinafter referred to as Addendum ) by and between Athens Area Health Plan Select, Inc. (hereinafter referred to as HPS ) a Covered Entity under HIPAA, and INSERT ORG NAME (hereinafter referred
BAC to the Basics: Business Associate Contracts Made Easy Prepared by Jen C. Salyers BAC to the Basics: Business Associate Contracts Made Easy Table of Contents Page I. Approaches to Creating a Business
FirstCarolinaCare Insurance Company Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT ("Agreement"), is made and entered into as of, 20 (the "Effective Date") between FirstCarolinaCare Insurance
ETHICAL ISSUES IN THE EMPLOYMENT CONTEXT Mark J. Oberti Oberti Sullivan LLP 723 Main Street, Suite 340 Houston, Texas 77002 (713) 401-3556 firstname.lastname@example.org Edwin Sullivan Oberti Sullivan LLP 723 Main
Case: 12-12593 Date Filed: 04/09/2013 Page: 1 of 13 [PUBLISH] IN THE UNITED STATES COURT OF APPEALS FOR THE ELEVENTH CIRCUIT No. 12-12593 D. C. Docket No. 4:11-cv-00400-RS-CAS OPIS MANAGEMENT RESOURCES
HIPAA Compliance in Litigation and Discovery 10 Key Concepts Click to edit Master title style Presented by: Nathan A. Kottkamp, McGuireWoods LLP David J. Pivnick, McGuireWoods LLP Mary C. DeBartolo, McGuireWoods
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,
HIPAA Business Associate Agreement Sample Notice Disclaimer: Template Business Associate Agreement (45 C.F.R. 164.308) The information provided in this document does not constitute, and is no substitute
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT is made and entered into as of the day of, 2013 ( Effective Date ), by and between [Physician Practice] on behalf of itself and each of its
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ), is made effective as of the sign up date on the login information page of the CarePICS.com website, by and between CarePICS,
HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN Stewart C. Miller & Co., Inc. (Business Associate) AND City of West Lafayette Flexible Spending Plan (Covered Entity) TABLE OF CONTENTS
Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model
This form may not be modified without prior approval from the Department of Justice. Delete this header in execution (signature) version of agreement. HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate
The Florida Senate Interim Project Report 2005-142 November 2004 Committee on Health Care Senator Durell Peaden, Jr., Chair REVIEW OF STATUTES REGULATING ACCESS TO PATIENT MEDICAL RECORDS SUMMARY The purpose
Reflections on Ethical Issues In the Tripartite Relationship [click] By Bruce A. Campbell 1 Introduction In most areas of the practice of law, there are a number of ethical issues that arise on a frequent
Outline to HIPAA presentation I) Overview of the HIPAA Privacy Rule regulations that relate to obtaining a person s medical records for court proceedings and law enforcement purposes. A) Entities covered
THIS IS A TEMPLATE ONLY. CERTAIN STATES MAY NOT PERMIT THE TYPES OF ACTIVITIES ALLOWED HEREUNDER RELATING TO PROTECTED HEALTH INFORMATION. THUS THIS AGREEMENT MAY NEED TO BE MODIFIED IN ORDER TO COMPLY
PLEASE NOTE: THIS DOCUMENT IS SUBMITTED AS A SAMPLE, FOR INFORMATIONAL PURPOSES ONLY TO ABC ORGANIZATION. HIPAA SOLUTIONS LC IS NOT ENGAGED IN THE PRACTICE OF LAW IN ANY STATE, JURISDICTION, OR VENUE OF
STATE OF MICHIGAN COURT OF APPEALS ISIDORE STEINER, DPM, PC, d/b/a FAMILY FOOT CENTER, Plaintiff/Counter-Defendant- Appellant, FOR PUBLICATION April 7, 2011 9:00 a.m. v No. 294016 Livingston Circuit Court
Presenting a live 90-minute webinar with interactive Q&A HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When Responding to Subpoenas and Discovery Requests WEDNESDAY,
BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( Agreement ) dated as of the signature below, (the Effective Date ), is entered into by and between the signing organization
Colorado s Civil Access Pilot Project and the Changing Landscape of Business Litigation On January 1, 2012, new rules approved by the Colorado Supreme Court entitled the Civil Access Pilot Project ( CAPP
MEDICAL RECORDS ACCESS GUIDE MICHIGAN Parsonage Vandenack Williams LLC Attorneys at Law Parsonage Vandenack Williams LLC 2008 For more information, contact email@example.com TABLE OF CONTENTS Michigan...1
Summary of Key Cases: Protections Under the Patient Safety and Quality Improvement Act of 2005 (PSQIA) Kathryn K. Wire JD, Project Manager Center for Patient Safety February 25, 2015 Illinois Decisions
MEDICAL RECORDS ACCESS GUIDE IOWA Parsonage Vandenack Williams LLC Attorneys at Law Parsonage Vandenack Williams LLC 2008 For more information, contact firstname.lastname@example.org TABLE OF CONTENTS Iowa...1 Patient
RULE 4-1.5 FEES AND COSTS FOR LEGAL SERVICES (a) Illegal, Prohibited, or Clearly Excessive Fees and Costs. [no change] (b) Factors to Be Considered in Determining Reasonable Fees and Costs. [no change]
2016 PA Super 20 TRACY PRICE IN THE SUPERIOR COURT OF PENNSYLVANIA v. SIMAKAS COMPANY, INC., SIMAKAS INC., SIMAKAS CO., SIMAKAS BROTHERS, INC., ALEXANDER SIMAKAS T/D/B/A SIMAKAS BROTHERS, ALL FIELDS ELECTRIC
Drafting the Joint Defense Agreement (with Sample Provisions) Daralyn J. Durie Joint defense agreements have some obvious advantages, but some not-so-obvious disadvantages. If you plan to enter into one,
THE ASSOCIATION OF THE BAR OF THE CITY OF NEW YORK COMMITTEE ON PROFESSIONAL AND JUDICIAL ETHICS FORMAL OPINION 2009-6 AGGREGATE SETTLEMENTS TOPIC: Multiple Representations; Aggregate Settlements; Advance
HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BA Agreement ) is entered into by Medtep Inc., a Delaware corporation ( Business Associate ) and the covered entity ( Covered Entity
WISCONSIN Heather M. Bessinger Nathaniel Cade, Jr., Adam E. Witkov Michael Best & Friedrich LLP 100 East Wisconsin Avenue, Suite 3300 Milwaukee, WI 53202-4108 Phone: 414.271.6560 email@example.com
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is entered into by and between (the Covered Entity ), and Iowa State Association of Counties (the Business Associate ). RECITALS
UTAH Rick L. Rose Kristine M. Larsen RAY QUINNEY & NEBEKER P.C. 36 South State Street, Suite 1400 P.O. Box 43585 Salt Lake City, Utah 84111 Telephone: (801) 532-1500 Facsimile: (801) 532-7543 firstname.lastname@example.org
Business Associate and Data Use Agreement This Business Associate and Data Use Agreement (the Agreement ) is entered into by and between ( Covered Entity ) and HealtHIE Nevada ( Business Associate ). W
APPENDIX I: STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT THIS AGREEMENT is entered into and made effective the day of, 20 (the Effective Date ), by and between (a) THE SOCIETY OF GYNECOLOGIC
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement is effective September 1, 2013 and made between Community Health Solutions of America, Inc., a Florida corporation ( CHS ) and ( Company ).
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA): FACT SHEET FOR NEUROPSYCHOLOGISTS Division 40, American Psychological Association DISCLAIMER This general information fact sheet is made available
School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered
ESI: Federal Court An introduction to the new federal rules governing discovery of electronically stored information In September 2005, the Judicial Conference of the United States unanimously approved
CATHOLIC SOCIAL SERVICES BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (Agreement) is made this day of, 20, between the Catholic Social Services ( CSS ), whose business address is 3710
BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:, City State Zip This Business Associate and Data Use Agreement ( Agreement ) is effective
Talksoft is BA with Covered Entity BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BAA ) is made this day of, and entered into between, ( Covered Entity ) having its principal place of
UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): THIS AGREEMENT is made by and between UNIVERSITY PHYSICIANS OF BROOKLYN, INC., located at 450 Clarkson Ave., Brooklyn,
PUBLIC EDUCATION Public Education: Adverse Personnel Actions Raven v. Manatee County School Board, 2009 WL 4282920 (Fla. 2d Dist. App. Dec. 2, 2009) Teachers and other public school employees have a statutory
Ex Parte Communication in a Post-HIPAA World David M. Thomas Rutledge Manion Rabaut Terry & Thomas Detroit, Michigan and Alex J. Hagan Ellis & Winters LLP Raleigh, NC I. INTRODUCTION In April 2003, the
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (hereinafter Agreement ) is between COVERED ENTITY NAME (hereinafter Covered Entity ) and BUSINESS ASSOCIATE NAME (hereinafter Business
HIPAA BUSINESS ASSOCIATE AGREEMENT Preamble This Business Associate Agreement ( Agreement ) is Attachment to the Contract for Payment Eligibility Assessment Whereas, pursuant to the terms of the Contract,
HSHS BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement, ( Agreement ) is entered into on the date(s) set forth below by and between Hospital Sisters Health System on its own behalf and
Note: This form is not meant to encompass all the various ways in which any particular facility may use health information and should be specifically tailored to your organization. In addition, as with
HIPAA Compliance And Participation in the National Oncologic Pet Registry Project Your facility has indicated its willingness to participate in the National Oncologic PET Registry Project (NOPR) sponsored
1 BUSINESS ASSOCIATE AGREEMENT WITH TRANSFUSION FACILITIES This BUSINESS ASSOCIATE AGREEMENT (this Agreement ) is entered into as of the date first written in the signature block below (the Effective Date
HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement, dated as of September 22, 2014 ( BA Agreement ), supplements and is made a part of the Services Agreement (as defined below) by and
SMITHSONIAN DIRECTIVE 113, July 24, 2012 RESPONDING TO SUBPOENAS AND REQUESTS FOR EXPERT WITNESS SERVICES I. Purpose 1 II. Scope 1 III. Roles and Responsibilities 3 IV. Policy 4 V. Definitions 5 5 I. Purpose
BUSINESS ASSOCIATE AGREEMENT This BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into as of ( Effective Date ) by and between ( Covered Entity ) and American Academy of Sleep Medicine ( Business Associate
CHAPTER 2011-233 Committee Substitute for Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 479 An act relating to medical malpractice; creating ss. 458.3175, 459.0066,
STANDARD FORM BUSINESS ASSOCIATE CONTRACT AND DATA USE AGREEMENT THIS AGREEMENT is entered into and made effective the day of, 2014 (the Effective Date ), by and between (a) GI Quality Improvement Consortuim,
Business Associate Agreement This Business Associate Contract (Agreement) is entered into by and between, as a Covered Entity as defined in relevant federal and state law, and HMS Agency, Inc., as their
VOL. 34, NO. 4 SPRING 2009 Employee Relations L A W J O U R N A L Split Circuits Does Charging Party s Receipt of a Right-to-Sue Letter and Commencement of a Lawsuit Divest the EEOC of its Investigative
E-Discovery: New to California 1 Patrick O Donnell and Martin Dean 2 Introduction The New Electronic Discovery Act The new Electronic Discovery Act, Assembly Bill 5 (Evans), has modernized California law
Public Land and Resources Law Review Volume 0 Fall 2013 Case Summaries Anderson Brothers, Inc. v. St. Paul Fire and Marine Insurance Co. Katelyn J. Hepburn University of Montana School of Law, email@example.com
The Health and Benefit Trust Fund of the International Union of Operating Section 1: Purpose of This Notice Notice of Privacy Practices Effective as of September 23, 2013 THIS NOTICE DESCRIBES HOW MEDICAL
Applies: All Staff and Clients/Caregivers Page: 1 of 11 Purpose: To ensure that all THS Staff and Caregivers understand the permissible and required uses and disclosure of protected health information.
AVE MARIA UNIVERSITY HIPAA PRIVACY NOTICE This Notice of Privacy Practices describes the legal obligations of Ave Maria University, Inc. (the plan ) and your legal rights regarding your protected health
COLUMBIA AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is entered into as of ( Effective Date ) by and between The Trustees of Columbia University in the City of
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement and is made between BEST Life and Health Insurance Company ( BEST Life ) and ( Business Associate ). RECITALS WHEREAS, the U.S.
VERSION DATED AUGUST 2013/TEXAS AND CALIFORNIA This Business Associate Addendum ("Addendum") supplements and is made a part of the service contract(s) ("Contract") by and between St. Joseph Health System
INSTRUCTIONS FOR COMPLETING THE LOS ANGELES WORLD AIRPORTS NON-DISCLOSURE AGREEMENT Please read and execute the attached Los Angeles World Airports (LAWA) Non-Disclosure Agreement (NDA). The LAWA NDA must
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (the AGREEMENT ) is entered into this (the "Effective Date"), between Delta Dental of Tennessee ( Covered Entity ) and ( Business Associate
Tulane University DEPARTMENT: General Counsel s POLICY DESCRIPTION: Business Associates Office -- HIPAA Agreement PAGE: 1 of 1 APPROVED: April 1, 2003 REVISED: November 29, 2004, December 1, 2008, October
GAVIN'S ACE HARDWARE, INC., UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF FLORIDA FORT MYERS DIVISION Plaintiff, -vs- Case No. 2:11-cv-162-FtM-36SPC FEDERATED MUTUAL INSURANCE COMPANY, Defendant. ORDER