The American Medical News Journal article, “Cases Highlight Tension Between Record Requests and Privacy Protections,” explains why doctors should be wary when they receive legal requests for patient’s medical records.

If doctors disclose information that is beyond the minimum amount necessary or if it does not directly benefit a public health investigation, they could face a lawsuit for a HIPAA violation and negligent infliction of distress.

“Because it looks very official and it’s on pleading paper and is legally formatted, there’s a presumption that the [request] is valid…What happens is the records are turned over and the patient doesn’t know. In many cases, the subpoena is not valid,” said Catherine J. Flynn, chair of the Health Law Group at Weber Gallagher Simpson Stapleton Fires & Newby LLP in New Jersey.

Several high-profile cases involving HIPAA compliance issues have put doctors under pressure to comply why authorities while also adhering to privacy laws.

In one case this year, plaintiffs from 10 counties sued several production companies of lead paint, asking them to remove lead from the homes where their paints have been used. In turn, a California judge granted the defendants request to obtain thousands of children’s medical records from the 10 county health departments. While the judge granted a subpoena of these records and the public was given notice, the California Health department officials have not yet released the children’s records.

The second case involved a hepatitis C outbreak at Exeter hospital in New Hampshire that infected more than 30 people.  A judge ruled that the state proved their need for the health records and that a public health investigation could be conducted without violating HIPAA.

While doctors are exempt for HIPAA and privacy violation if a court orders the release of medical records, doctors are “caught in the middle” of protecting their patients’ privacy as well as their own career and reputation.

The article recommends that when doctors receive a medical records request, they should use caution, assess whether the request is overly broad and if so, voice their concern with health officials or attorneys.

“I often say to clients served with a subpoena, ‘Do you want to comply, or do you have business reasons for not wanting to comply?’ ” said Brad M. Rostolsky, a Philadelphia-based health law attorney who specializes in HIPAA compliance issues. Read More…