Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
0Activity
0 of .
Results for:
No results containing your search query
P. 1
Requesting Protected Health Information from Military Medical Treatment Facilities: The Privacy Rule Meets the Privacy Act

Requesting Protected Health Information from Military Medical Treatment Facilities: The Privacy Rule Meets the Privacy Act

Ratings: (0)|Views: 83|Likes:
Published by sbnsite

More info:

Published by: sbnsite on Jan 17, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

05/13/2014

pdf

text

original

 
Nvember 2010
Nevada Lawyer 21
REQUEsTING PRoTEcTED HEALTHINFoRMATIoN FRoM MILITARY MEDIcAL TREATMENT FAcILITIEs:
 
THE PRIVACY RULE MEETS THE PRIVACY ACT
BY MAJOR CHARLES G. KELS, USAF, ESQ.
Under the privacy regulations promulgatedpursuant to the Health Insurance Portability andAccountability Act (the HIPAA Privacy Rule),
1
 organizations subject to the rule (“covered entities”)must take special precautions in order to safeguardpatients’ protected health information (PHI). Theseheightened standards applicable to the healthcareindustry did not supplant or modify existing federallaw and thereby do not absolve covered entities fromtheir duty to comply with other privacy standards.
2
In particular, covered entities within federalagencies must comply with both the HIPAA PrivacyRule and the Privacy Act.
3
Satisfying the requirementsof one does not guarantee compliance with the other.
4
 In the majority of cases, the Privacy Rule proves morerestrictive than the Privacy Act in regulating the useand disclosure of PHI by covered entities.
5
However,this is not always the case. One notable exception inthe military context involves the release of PHI outsideDepartment of Defense (DOD) channels in responseto a subpoena or court order.
satifatry Aurane
The Privacy Rule provides that in the contextof any judicial or administrative proceeding,covered entities may disclose PHI “…in responseto a subpoena, discovery request, or other lawfulprocess, that is not accompanied by an order of a court or administrative tribunal,” if certainconditions are met.
6
Essentially, those conditionsamount to “satisfactory assurances” – provided bythe requesting party to the covered entity – thatthe requestor has either provided notice of therequest to the individual who is the subject of the PHI sought or has made reasonable effortsto secure a qualified protective order preventingthe PHI from being further disclosed outside theparticular litigation or proceeding in question.
7
In light of HIPAA’s relative permissivenessregarding this aspect of disclosing PHI in thecourse of judicial and administrative proceedings,attorneys involved in various stages of litigationwill oftentimes subpoena records containing PHIfrom military medical treatment facilities (MTFs).Understandably, the requesting litigators typicallycite as their authority the Federal Rules of CivilProcedure, which empower attorneys to issue andsign subpoenas as officers of the court.
8
continued on page 22
 
22 Nevada Lawyer
Nvember 2010
oering you generous ee splitting pursuant to rpC 1.5()
(702) 384-3616www.cogburnlaw.comLas Vegas
U
Reno
CogBurn
LAW OFFICES
Cogburn Law Oces is  pleased to announce the addition o  
 Andrew L. Rempfer
Focusing on Plaintifs’ Employment & Labor Law 
M. rm c  amc’  b d mmm wh h d t Vii,aDea,aDa,erisa,dlsa cm,  c  p’ mm db cm  Cb lwofc. M. rm  hh dd b h   vd b b cd  “r s” b slw mz  2009 & 2010. M. rm dmd  h ehh d nh Cc C  ad   d d c  nvd d iw.
THE PRIVAcY RULE MEETs THEPRIVAcY AcT
continued from page 21
So far as HIPAA is concerned,such a subpoena duces tecum maybe more than enough to permitthe covered entity to disclose PHIto the issuer without the patient’sauthorization. However, as notedabove, the Privacy Rule is not theonly player in federal law whenit comes to disclosing recordscontaining personal informationto outside entities. Specifically,medical, dental, mental health andother healthcare-related documentsmaintained by the DOD comprisegovernment systems of recordssubject to the Privacy Act. As aresult, PHI from such records “…may only be disclosed if disclosureis authorized under both” the HIPAA Privacy Rule and the Privacy Act.
9
curt order
The Privacy Act enables agenciesto disclose records without theconsent of the individual to whomthey pertain “…pursuant to theorder of a court of competent jurisdiction.”
10
The DOD’s regulatoryimplementation of this provisioninterprets such an order to be, at aminimum, one specifically “signed bya judge.”
11
The Defense Privacy Board,which is charged with oversightresponsibility for implementing theDOD Privacy Program,
12
has opinedthat “…to allow nonconsensualdisclosure pursuant to a subpoena…would permit disclosure of protectedrecords at the whim of any litigant,whether prosecutor, criminaldefendant, or civil litigant.” As such,disclosure of records under the courtorder exception “…requires that thecourt specifically order disclosure.”
13
In terms of what constitutes “thecourt,” and an order thereof, theDefense Privacy Board has furtherdetermined that “…a subpoenasigned by a clerk of a federal or statecourt, without specific approvalof the court [i.e., judge] itself,”is not sufficient for purposes of nonconsensual disclosures underthe Privacy Act. “Even though asubpoena signed by a clerk of thecourt is issued in the name of thecourt and carries with it the threatof contempt to those who ignore it,”
 
continued on page 24
Nvember 2010
Nevada Lawyer 23
the board noted that “…there is no guarantee that it is based upon acareful consideration of the competing interests of the litigant andthe individual who is the subject of the record.”
14
Leaving aside the more complex question of what amounts to“competent jurisdiction” when state courts order nonparty federalagencies to disclose information,
15
it is at least clear that theterm “order of a court” under the Privacy Act excludes routinelyissued subpoenas by attorneys or court clerks that have not been“specifically approved” by a judge.
16
It is also settled law that federalagencies retain the discretion to prescribe regulations, consistentwith existing statutes, dictating when official records under theircontrol may or may not be released by agency representatives.
17
PHI a Privay At Rerd
 As federal medical facilities, military clinics and hospitals areboth covered entities subject to HIPAA, as well as components of agencies subject to the Privacy Act. Medical documents maintainedby MTFs are oftentimes similarly dual-designated as PHI and Privacy Act-protected official records.The intricacies and relative newness of the Privacy Rule haveconditioned many medical entities and those that interact withthem to view HIPAA as the sole factor regulating the flow of medicalinformation. More often than not, applying the Privacy Rule topotential health record disclosures may lead to the right answer.These favorable odds, however, do not obviate the need for coveredentities to comply with other applicable law.In the case of MTFs, local law offices may find themselvesfrustrated when subpoenas that apparently comply with HIPAA aremet with requests for clarification or additional documentation. Thereason for such responses is that DOD components have generallybeen instructed to “…release documents subject to the Privacy Actonly with the consent of the individual or under a court order orsubpoena specifically signed by a judge of a court of competent

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->