• E-mail
• Print
• RSS

Q: A patient is suing us for violating her privacy rights because her husband's attorney subpoenaed her records. Is it a privacy violation to release her records pursuant to a subpoena?

HIPAA Weekly Advisor, July 16, 2007

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

A: Under HIPAA, you must obtain assurance from the attorney issuing the subpoena that he or she gave notice of the request to the person whose records were subpoenaed. In other words, the attorney needs to notify the patient. Some cases come with "automatic" proof of assurance. For example, the individual knows his or her records have been subpoenaed if:

• His or her signed authorization accompanies the subpoena
• He or she is a party to the suit (Smith vs. Jones)

1. Secure a qualified protective order
2. Give notice to the person whose records are being subpoenaed

If the attorney gave notice, the attorney must state this in writing and provide documentation showing all of the following:

1. He or she made a good faith attempt to provide written notice to the individual. If the individual's location is unknown, the attorney should mail a notice to her last known address.
2. The notice included enough information about the lawsuit to allow the individual to raise an objection with the court.
3. The time for the individual to raise an objection has passed and there either weren't any objections or they were all resolved.

If you met these requirements, you did not violate the patient's privacy rights under HIPAA.

Editor's note: Mary Brandt, president of Bellaire, TX-based Brandt & Associates, LLC, answered this question. This is not legal advice. Consult your attorney for legal matters.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive