Skip to Content
  • Home
  • About the Bar
  • Mission
  • Forms
  • Sitemap
    • Member Directory
      Last Name:
      First Name:
      Bar Number:
      City:


    • Login
OSB Logo
Oregon State Bar Bulletin — FEBRUARY/MARCH 2004

HIPAA? HUH?
Discovering medical records in Oregon after HIPAA
By Robert B. Miller and Jeff Robertson

Every day lawyers request medical records on behalf of their clients for information relevant to a particular case, whether it be a personal injury dispute, commercial litigation or dispute between two physicians. Today, these lawyers face objections from medical records custodians declining to release the requested information due to the requirements imposed on them by HIPAA. The lawyers’ typical response is 'HIPAA? Huh?'

An understanding of HIPAA and its rules is essential to the efficient and proper discovery of medical records for your clients. This article is intended to be a practical overview for attorneys on the HIPAA requirements and their intersection with Oregon statutory laws relating to medical records privacy and the Oregon Rules of Civil Procedure. As there are several rules for varying situations, please carefully review the HIPAA rules for your specific practice area and the facts of your case.

Background of HIPAA
In 1996, Congress passed sweeping reform for medical records privacy in the form of the Health Insurance Portability Accountability Act ('HIPAA'), 42 U.S.C. § 1320d. During 1999, the Department of Health and Human Services issued proposed regulations and final regulations on Dec. 28, 2000, with a final modification on Aug. 14, 2002, implementing the HIPAA privacy provisions. 45 CFR Parts 160 and 164. HIPAA was designed to improve the efficiency and effectiveness of the health care and insurance industry through electronic information delivery. With electronic disclosure, concern arose over protecting the privacy of this information. In general, the HIPAA privacy rules restrict the use and disclosure of an individual’s personal health information ( 'Protected Health Information' or 'PHI').

'Covered Entities' are subject to HIPAA’s requirements. The term covered entity includes: group health plans, health care clearinghouses (e.g., a billing entity) and health care providers. 45 CFR § 160.103, 104. HIPAA defines these terms very broadly. A covered entity may only disclose protected health information pursuant to a specified exception or a signed individual authorization. HIPAA contains severe penalties for the improper disclosure of medical records containing PHI — $100 per violation up to a maximum of $25,000. (See § 1176 of the Social Security Act.) Discovery from a covered entity can be achieved in any of the following three different ways.

Three Methods to Receive Medical Records
As previously stated, a covered entity may not disclose medical records unless disclosed pursuant to a specific exception or a signed individual authorization. To meet these requirements, a lawyer has three choices. First, a lawyer may use a subpoena or administrative order. Second, a lawyer may use a judicially signed court order. Third, a lawyer may submit a signed individual authorization as to the specific medical information requested.

1. Obtaining Medical Records Pursuant to a Discovery Request
Typically, defense counsel obtains a plaintiff’s medical records through a discovery request as per ORCP 43D; ORCP 55. Under HIPAA, a lawyer in an Oregon state court case may no longer simply send a subpoena duces tecum to the covered entity to request medical records, wait 14 days and receive the disclosure, pursuant to the old rules under ORCP 55I.1 Pursuant to amendments promulgated to comply with HIPAA, a subpoena duces tecum under the amended ORCP 55H2 must include 'Satisfactory Assurances' to the covered entity that the lawyer has given notice to the individual whose medical records are in question. 45 CFR § 164.512. In federal court, the applicable Federal Rules of Civil Procedure ('FRCP') are Rule 26 and Rule 45.

Satisfactory Assurances means:

The requesting party made reasonable efforts to give notice of the request to the individual; and

The notice included sufficient information and a specific time period so that the individual could object; and

That no objection has been filed, or if filed, was resolved. See, 45 CFR § 164.512.

A lawyer can meet the notice requirement by sending a letter to the individual whose records are in question or, if the person is represented by counsel, to the lawyer, stating that the lawyer will subpoena records from certain providers. The letter must include notice that the individual or attorney has until 14 days from the date of the notice to object.3 If 14 days passes and no objection is filed, the requesting party may serve the subpoena in accordance with ORCP 55. The requirement for satisfactory assurances to the covered entity can be met by including a cover letter with the subpoena that specifies the manner of notice given to the individual before the subpoena was served.

Alternatively, a lawyer may apply for a qualified protective order to meet the requirement for satisfactory assurances. 45 CFR § 164.512. A Qualified Protective Order can be an order from the court or a stipulation among the parties specifically limiting the use of the information and requiring the return or destruction of the information after its use in the case at bar. We have seen frequent requests for qualified protective orders as the discovery method preferred by both records custodians and counsel. The qualified protective order provides assurance that the requirements of HIPAA have been met, but it is more costly than a simple discovery request.

2. Signed Judicial Order
HIPAA allows for the disclosure of medical records by a covered entity pursuant to a signed court (or administrative tribunal) order which expressly authorizes the specific information’s disclosure. If the discovery request is signed by a judge or administrative officer, satisfactory assurances are not required.

3. Signed Individual Authorization
The easiest and safest way to receive protected health information is pursuant to a signed individual authorization. However, obtaining the authorization can be cumbersome and strategically difficult.

An individual’s authorization to disclose medical records must meet the specific HIPAA requirements of 45 CFR § 164.508 and any applicable state requirements.4 Beware of model forms which may not include the specific state law requirements, which are in addition to the HIPAA authorization requirements.

Because of the additional state requirements, counsel may wish to draft and send their own authorization form, as well as a cover letter explaining that an authorization is enclosed which meets both the federal and state requirements allowing the disclosure of medical records to the appropriate records custodian.

Conclusion
HIPAA requires more notice and care be given to disclosure of protected health information, even in connection with litigation. However, rumors of the demise of discovery of medical information are greatly exaggerated. As the HIPAA privacy rules near their first anniversary in April 2004, our experience has shown that difficulties encountered by both counsel and records custodians arise primarily from misunderstanding and varying practices regarding HIPAA and the applicable state laws. However, the HIPAA rules provide for 3 specific discovery methods, and complying with the rules to efficiently obtain the records necessary for your client is relatively simple and just a matter of revising your current procedures.

 

SAMPLE INITIAL COVER LETTER FOR SUBPOENAS – HIPAA

This letter places you and your client on notice, within the requirements of the HIPAA Privacy Regulations, 45 CFR § 164.512(e), that we will request your client’s medical records pursuant to a subpoena duces tecum from the listed covered entities:

[INSERT COVERED ENTITIES]

Copies of the subpoena(s) are attached for your review.

You have until 5:00 p.m. Pacific Standard Time, 14 days from the date of this notice, [INSERT APPLICABLE REPLY DATE], to file an objection with the Court in question or otherwise notify me in writing of your objection. If you do not notify us of any objection, we will issue the subpoena(s) and notify you of any applicable deposition(s). We will enclose a copy of this letter with the subpoena to provide Satisfactory Assurances to the medical records custodian that you have received notice of the subpoena and received adequate opportunity to object.

 

SAMPLE COVER LETTER TO ENCLOSE WITH SUBPOENAS AFTER NOTICE PERIOD- HIPAA

Please find enclosed, a [Notice of Deposition, Subpoena Duces Tecum] from [INSERT NAME OF DEFENDANT], Defendant, in the referenced action. These documents are being sent to you in order to obtain a certified copy of the complete medical file of [INSERT PATIENT NAME].

In accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Regulations, 45 CFR § 164.512(e)(1) (iii), Defendant is making Satisfactory Assurances that [INSERT PATIENT NAME] has, in accordance with HIPAA, been afforded notice and an opportunity to object to the issuance of this subpoena, and we have received no objection nor any notice of any objection.

 

Endnotes

1. ORCP 55(l) was repealed by the 2003 Legislative Assembly.

2. The 2003 Legislative Assembly amended ORCP 55(h) to reflect HIPAA requirements.

3. ORCP 55(h) contains the 14 day notice requirement formerly within ORCP 55(l).

4. ORS § 192.525 has been updated by HB 2305.

ABOUT THE AUTHORS
Robert B. Miller is a shareholder with Bullivant Houser Bailey. His practice focuses on complex litigation and coverage analysis arising under individual policies, government plans and group plans governed by ERISA. Jeff Robertson is an attorney with Bullivant Houser Bailey, whose practice focuses on advising health care clients and ERISA group health plans on issues relating to HIPAA and related laws..

© 2004 Robert B. Miller & Jeff Robertson


— return to top
— return to Table of Contents

  • For The Public

      Public Legal Information

    • Public Information Home
    • Legal Information Topics
    • Juror Handbook

    • Getting Legal Help

    • Finding The Right Lawyer
    • Hiring A Lawyer
    • Lawyers Fees

    • Client Services

    • Client Assistance Office
    • Client Security Fund
    • Fee Dispute Resolution
    • Public Records Request
    • Locating Attorney Files

    • Unlawful Practice of Law

    • UPL Information
    • UPL FAQ

    • Volunteer Opportunities

    • Public Member Application
  • For Members

    OSB Login

    • Log In To OSB Site
    • Member Account Setup
    • Non-Member Account Setup
    • Reset Password

    OSB Resources

    • Attorney's Marketplace
    • Career Center
    • Events
    • Forms Library
    • Online Resources
    • OSB Group Listings
    • Performance Standards
    • Rules Regulations and Policies
    • Surveys and Research Reports
    • Unclaimed Client Funds
    • Voting Regions and By-City
      County Information

    Fastcase™

    • Log in to Fastcase
    • Overview
    • Scheduled Webinars
    • Inactive Member Subscriptions

    Legal Ethics

    • Legal Ethics Home
    • Find an Ethics Opinion
    • Bulletin Bar Counsel Archive

    Company Administrator

    • Company Administrator Home
    • Company Administrator FAQ
    • Authorization Form

    State Lawyers
    Assistance Committee

    • SLAC Info

    Volunteering

    • Volunteer Opportunities

    Court Information

    • Judicial Vacancies
    • Court Info | Calendars | Jury Info
    • Oregon Attorneys
      in Federal Court
    • Tribal Courts of Oregon

    OSB Publications

    • Bar Bulletin Magazine
    • – Bulletin Archive
    • – Legal Writer Archive
    • Capitol Insider
    • Disciplinary Board Reporter

    PLF Programs

    • (OAAP) Oregon Attorney
      Assistance Program
    • Practice Management Attorneys
    • Malpractice Coverage
  • CLE/Legal Publications

    CLE Seminars

    • CLE Seminars Home
    • Online Seminar Registration
    • General Info/FAQ

    My Account

    • My Content
    • My Events
    • Order History

    Legal Publications

    • Legal Publications Home
    • Log in to BarBooks
    • BarBooks FAQ
    • Online Bookstore
    • Legal Pubs Blog
  • Bar Programs

    Diversity & Inclusion

    • Diversity & Inclusion Home
    • Diversity Story Wall
    • D&I Programs
    • ACDI Roster
    • D&I Staff Contacts
    • D&I Links

    Legislative/Public Affairs

    • Legislative Home
    • Committee Contacts
    • Legislative Sessions
    • Staff Contacts
    • Useful Links

    Legal Services Program

    • LSP Home

    Oregon Law Foundation

    • OLF Home
    • Partners in Justice

    Fee Dispute Resolution

    • Fee Dispute Resolution Home

    Pro Bono

    • Pro Bono Home
    • Pro Bono Reporting
    • Volunteer Opportunities

    Lawyer Referral and Information Services

    • RIS Login
    • Summary of Referral and Information Services Programs
    • Lawyer Referral Service Info and Registration Forms
    • Modest Means Program Registration Forms
    • Military Assistance Panel Training Info and Registration Form
    • Problem Solvers Registration Form
    • Lawyer To Lawyer Registration Form

    (LRAP) Loan Repayment Assistance Program

    • LRAP Home
    • LRAP FAQ
    • LRAP Policies
  • Member Groups

    Sections

    • Section Info/Websites
    • Joining Sections
    • CLE Registration Services
    • Standard Section Bylaws (PDF)
    • Leadership Resources
    • Treasurers Tools

    Committees

    • Home
    • Leadership Resources
    • Professionalism Commission
    • Volunteer Opportunities

    House of Delegates

    • HOD Home
    • HOD Resources
    • Meetings
    • Rules (PDF)
    • Roster (PDF)
    • Staff Contacts

    Board of Governors

    • BOG Home
    • Meetings & Agendas
    • Members
    • Liaisons
    • Committees
    • Resources
    • Task Forces

    Oregon New Lawyers Division

    • ONLD Home
    • Law Students
    • Student Loan Repayment
    • Committees
    • Upcoming Events

    Task Forces and Special Committees

    • Task Forces Home

    Volunteer Bars

    • List/Contacts
    • Leadership Resources

    Volunteering

    • Volunteer Opportunities
  • Licensing/Compliance

    Admissions

    • Admissions Home
    • Alternative Admittance
    • Applicants for Admission
    • Admissions Forms
    • Past Bar Exam Results

    Licensed Paralegal Program

    • LP Home

    Pro Hac Vice/Arbitration

    • Pro Hac Vice
    • Arbitration

    Lawyer Discipline

    • Discipline Home
    • Disciplinary Board Reporter
    • Disciplinary Boards
    • Client Assistance Office
    • (SPRB) State Professional Responsibility Board

    Membership Records

    • Address Changes
    • Good Standing Certificate
    • Request Discipline File Review

    MCLE

    • MCLE Home
    • Program Database
    • Forms
    • Rules (PDF)

    IOLTA Reporting

    • IOLTA Home
    • IOLTA FAQ

    Membership Fees

    • Member Fee FAQ
    • Member Fee Payment

    Status Changes

    • Status Changes FAQ
    • Inactive Status Form
    • Retired Status Form
    • Active Pro Bono Status Form
    • Reinstatement Forms
    • Resignation Form A
    • Pending Reinstatements

    Unlawful Practice of Law

    • UPL Information
    • UPL FAQ

    New Lawyer Mentoring Program

    • New Lawyer Mentoring Program Home

    Professional Liability Fund

    • Professional Liability Fund Website
For The Public

Public Information Home
Legal Information Topics
Juror Handbook
Finding The Right Lawyer
Hiring A Lawyer
Lawyers Fees
Client Assistance Office
Public Records Request
Unlawful Practice of Law
Fee Dispute Resolution
Client Security Fund
Volunteer Opportunities
for the Public

For Members

BarBooks™
Bulletin Archive
Career Center
Fastcase™
Judicial Vacancies
Legal Ethics Opinions
OSB Group Listings
OSB Login
OSB Rules & Regs
SLAC Info
Surveys and Reports
Volunteer Opportunities

CLE/Legal Pubs

CLE Seminars Home
Legal Publications Home

Bar Programs

Diversity & Inclusion
Fee Arbitration/Mediation
Legal Services Program
Legislative/Public Affairs
Loan Repayment
Assistance Program

Oregon Law Foundation
Pro Bono

Member Groups

Board of Governors
Committees
House of Delegates
Volunteer Bars
Oregon New
Lawyers Division

OSB Sections
Professionalism
Commission

Volunteer Opportunities

About The Bar

About the Bar
ADA Notice
Contact Info
Copyright Notice
Directions to the Bar
Meeting Room Rentals
Mission Statement
OSB Job Opportunities
Privacy Policy
Staff Directory
Terms of Use

Licensing/Compliance

Admissions
Client Assistance Office
Client Security Fund
IOLTA Reporting
Lawyer Discipline
MCLE
Member Fee FAQ
New Lawyer
Mentoring Program

Professional Liability Fund
Status Changes

Oregon State Bar Center

Phone: (503) 620-0222
Toll-free in Oregon: (800) 452-8260
Facsimile: (503) 684-1366

Building Location:
16037 SW Upper Boones Ferry Road
Tigard, OR 97224

Mailing Address:
PO Box 231935
Tigard, OR 97281

Oregon State Bar location Map

Copyright ©1997 Oregon State Bar  ®All rights reserved | ADA Notice | Mission Statement | Privacy Policy | Terms of Use