What are our duties when we receive a subpoena for medical records or other PHI?
HIPAA Weekly Advisor, September 11, 2003
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: What are our duties when we receive a subpoena for medical records or other PHI?
A: When a covered entity receives a subpoena for PHI, it must determine whether the subpoena resulted from a judicial or administrative order. When a court or administrative tribunal order issues the subpoena, the covered entity may disclose the requested information without authorization. Note that this rule says that a covered entity "may" disclose; it does not say "must" disclose.
Absent a subpoena issued by a court or administrative tribunal, a covered entity may respond to a subpoena from a party to the proceeding only if the covered entity has an authorization from the person whose PHI is being released, or if it obtains either of the following from the party seeking the information:
The regulations state that a covered entity has received these assurances if the requestor produces the following evidence:
Note that the regulations require these assurances to be made in writing with accompanying documentation.
A covered entity will receive satisfactory assurance if it receives from the party seeking the information a written statement and accompanying documentation that demonstrates
A qualified protective order is an order of a court or of an administrative tribunal or a stipulation by the parties to the litigation or administrative proceeding that
Editor's note: Brought to you by attorneys Marty Baxter and Gretchen McBeath at Bricker and Eckler, LLP and The Quality Management Consulting Group, Ltd.. E-mail: mbaxter@bricker.com or gmcbeath@bricker.com
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- HIPAA Q&A: Level of encryption needed for email
- What does case-mix index mean to you?
- Identify potential Medicaid RAC target areas
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched