Obtaining Medical Records f...

health information. “Use” r...

• Properly “de-identified” ...

• Ensure that the PHI is av...

have to use a subpoena. Thi...
Upcoming SlideShare
Loading in …5

Obtaining medical records for legal requirements


Published on

Access to medical records for a medical record review is governed by the HIPAA Privacy Rule. This article outlines the major considerations when obtaining medical records for litigation purposes.

Published in: Business, Health & Medicine
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Obtaining medical records for legal requirements

  1. 1.                                1­800­670­2809 Obtaining Medical Records for Legal requirements Access to medical records for a medical record review is governed by the HIPAA Privacy Rule. This article outlines the major considerations when obtaining medical records for litigation purposes. An attorney handling medical litigation has to obtain the relevant medical records of the patient to have a clear understanding of the case via a comprehensive medical record review. When considering attorney access to medical records, a significant consideration is the HIPAA Privacy Rule. This Rule limits the manner in and extent to which “covered entities” such as healthcare providers are allowed to share information with third parties. So, attorneys representing healthcare providers, plaintiffs and insurers will be affected by the Privacy Rule. It follows therefore that lawyers and attorneys handling such cases need to have a basic understanding about the Privacy Rule, how it relates to the laws of each state and also how it would affect their access to the required medical records. “Use” and “Disclosure” in HIPAA These two terms relate to how covered entities including healthcare providers, hospitals, physician practices, nursing homes and other healthcare facilities share PHI or protected                                1­800­670­2809
  2. 2.                                1­800­670­2809 health information. “Use” refers to sharing the PHI with a covered entity, whereas “disclosure” refers to sharing the information outside a covered entity. In general, a covered entity is required to obtain the concerned patient’s written consent known as “authorization” before using or disclosing PHI. Let us look at how these affect attorneys handling medical litigation. As mentioned in the Code of Federal Regulations, • From the attorney’s point of view, there are certain exceptions to this rule that are beneficial when it comes to accessing medical records. The Rule clarifies that “conducting or arranging for … legal services” comes under business and management functions of the covered entity known as “healthcare operations.” When engaged in these functions, covered entities can use as well as disclose PHI without authorization. This makes it easy for attorneys to gain access to the required medical information without authorization, when they are representing healthcare providers. However, attorneys requesting medical records from non-client healthcare providers are not eligible for this exception. They will have to obtain patient authorization before accessing the medical records. • The Privacy Rule allows healthcare providers to disclose PHI to attorneys (both their own attorney as well as other attorneys) without prior authorization in the wake of an administrative or court order; or subject to certain conditions, discovery request, a subpoena or other “lawful process.”                                1­800­670­2809
  3. 3.                                1­800­670­2809 • Properly “de-identified” information (i.e. information from which around 18 specified identity revealing details have been removed) can also be shared with attorneys without authorization. Attorneys as Business Associates Attorneys representing covered entities are their “business associates.” All covered entities have to enter into a contract with their business associates, a contract containing provisions regarding the allowed uses the business associate can make, and the manner in which the business associate must protect the confidentiality of any PHI received for or on behalf of the healthcare provider. This contract is valid irrespective of whether the business associate is performing functions that necessitate an authorization from the patient. Since legal representation is a healthcare operation, the uses and disclosures of PHI that attorneys make when representing their healthcare clients will not require authorization under the Privacy Rule. So, what are the precautions attorneys are expected to observe with regard to the medical information they obtain? • Attorneys will have to employ “appropriate safeguards” to prevent uses and disclosures that are not allowed. • They will have to report any unauthorized use and disclosure to the provider client. • Make sure that subcontractors/agents who are given access to the PHI agree to all binding restrictions and conditions.                                1­800­670­2809
  4. 4.                                1­800­670­2809 • Ensure that the PHI is available for inspection and any required amendment by the concerned patient. • Track any disclosures of PHI in case the patient asks for details regarding those. • Reveal their records/books if there is an HIPAA audit. • Destroy/return all PHI when the client-attorney relationship terminates. It is important to note that attorneys who enter into a business associate contract with provider clients gain easy access to PHI without authorization. But the use and disclosure of the information obtained is limited by the contract. Attorneys trying to obtain medical records from non-clients are not bound by the business associate contract tenets. However, in most cases they will have to obtain authorization to access the medical records. Requesting and Reviewing Medical Records for Litigation Purposes The process of getting medical records involves considerable investment in terms of money, time and effort. Healthcare providers may be slow to respond, and this in turn may necessitate the law firm to spend more resources for follow-up purposes. When it becomes hard to obtain medical records, legal professionals can obtain them from the other party through the discovery process. Discovery entitles each party to gain access to documents that are relevant to the case. An RFP (Request for Production) can be made to the other party and in case they deny, you may                                1­800­670­2809
  5. 5.                                1­800­670­2809 have to use a subpoena. This will ensure that the documents you need are brought to court. Once the court reviews the medical records for any PHI under HIPAA, either party can inspect or copy them. When it comes to reviewing medical records, attorneys can obtain the assistance of a medical review company that usually has physicians and nurses on staff as medical review professionals. The review process will then be hassle free and accurate, with the required medical information made available within the required turnaround time. These medical review professionals check the records for comprehensiveness, completeness, consistency, relevance and timeliness. Reputable medical review companies provide medical review services at a reasonable pricing so that attorneys benefit from cost-effective, timely and accurate medical record review. Obtaining and reviewing medical records for medical litigation can be arduous and time consuming. However, with a basic awareness of the rules involved in obtaining the medical records and with the able support of a medical record review company, attorneys and lawyers can prepare well for trial and go ahead to win their case. Posted by MOS Medical Record Review Company                                1­800­670­2809