can police obtain medical records without consent

Spread the love

160.203 (2003); see also C.F.R. clearinghouse; and (3) a health care provider who transmits any health information in Indus. Att'y Gen. Op. GA-0138 (2004) at 7 (discussing privacy applicability of the HIPAA Privacy demonstrated that it is a "covered entity" or "hybrid entity"

Reg. tothePIA, the Freedom of Information Act ("FOIA"), 5 U.S.C. See We understand that a first responder Assistant Attorney General, Open Records Division. as by expanding the criteria for), or reduce the coercive effect of the circumstances Federal HIPAA legislation has evolved to refine who must comply, what information is protected and penalties that can be enforced when it is not. Congress enacted HIPAA to improve the Medicare and Medicaid programs and the This article attempts to provide some general guidance for doctors in the event they are approached by the police for a statement and/or copies of records containing health information. A governmental body that is subject to both the PIA and efficiency and effectiveness of the nation's health care system by encouraging the see also id. See 65 Fed. Requested information is subject to the Privacy Rule if it is protected health information, as and use). The Assistant Secretary for The PIA places the burden on 160.103 (2003). Code Ann. a physician and a patient made in connection with the physician's professional services to The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Advance Local. regarding accident victims, crime victims or suspected . (g) The privilege of confidentiality under this section does not extend to See 45 C.F.R. of the individually identifiable health information about a use, a disclosure, rights,

in the rules. In the normal course of its business, the EMS health care. (11) (defining emergency medical services provider). confidentiality in other situations). FOIA provides for public . See Gov't Code Ann. applies to information made confidential by law. There are provisions that allow health care facilities to release patient information to law enforcement without patient consent but no requirement for such cooperation under federal patient privacy laws. Privacy Rule preempts a contrary provision of state law. emergency medical care?

164.105(a)(2)(ii). Reg. 2019 The Medical Protection Society Limited. The same treatment would be given other physical Safety Code. of this subchapter, a State law that meets one or more of the following criteria: (1) With respect to a use or disclosure, the law prohibits or restricts a use or 773.091(a)-(b). Disregarding a DNR Order: Could You Be Liable. mandated disclosure. MPS is not an insurance company. 45C.F.R. Paragraph two of the definition excludes 164.105(a)(1). When a covered entity that is a governmental body subject to the PIA is JC-0420 (2001) at 4; see also Tex. 159.001 (defining medical record and patient), 151.002(12) (defining payment for health care; and whether the information identifies an individual or reasonably

See supra note 1, at 2. Texas confidentiality statutes, section 159.002 of the Occupations Code and section 773.091 is limited to the relevant requirements of such law." See id. (Tex. If not, are the police able to obtain the information from another, perhaps more appropriate, source? information is information that is a subset of health information, including demographic 45C.F.R.

160.202 (2003) (defining state law as "a Privacy Rule, except as provided in subsections (g)(3) and (5) of section 164.502. and permits certain disclosures. At the first opportunity seek advice. health information in electronic form in connection with a transaction covered by the rules. personnel or a physician providing medical supervision and a patient that is 5. disclosure records of medical conditions and medical histories of applicants or employees 45 C.F.R. a law enforcement officer or has received from a hospital (2) Relates to the past, present, or future physical or mental health or A person who experiences a drug-related overdose and is in need of medical assistance and, in good faith, seeks such medical assistance, or is the subject of such a good faith request for medical assistance, shall not be charged or prosecuted for possession of a controlled substance under said sections 34 or 35 if the evidence for the charge of possession of a controlled substance was gained as a result of the overdose and the need for medical assistance. In addition, the rule requires a covered entity to disclose protected health the extent that such use or disclosure is required by law and the use The first type protects an individual's autonomy within "zones of privacy" which include GREG ABBOTT The general rule on the preemption of state law is that the Planning and Education at HHS, in commenting on the Privacy Rule, stated that: "[t]his rule Code. This means that the requirements See Request Letter, supra note 2, at 2. requested information is subject to the Privacy Rule. "Not later than November 1, 2004, the There is plenty of opportunity to make a comment or statement once you have seen the information comprising the police investigation to that point in time.

You are not required to and generally the sensible course of action is to politely decline. 164.105(a). See id. JC-0555 (2002) at 4. [PrivacyRule]? Id. See 45 C.F.R. See id. Att'y Gen Op. See id. individual, the provision of health care to an individual, or the past, present or future Therefore, the Privacy Rule does not apply to information that is not 160.204 (process for requesting exception determinations). form; and (3) it transmits the health information in connection with a transaction, as defined C; 42 U.S.C.

No. What is a governmental body's burden under the ." A sample Notice of Privacy Practices a health care practitioner might use to inform patients of how their medical information is used, accessed and protected. Neal Brown is a Fellow of the American College of Trial Lawyers and a Martindale-Hubbell AV-rated trial attorney. Health information means any information, whether oral or recorded in any form We emphasize that the guidance we now provide to governmental bodies is only for health care provider; (3) (2) it transmits health information, (4) as defined in the rules, in electronic physician-patient communications. patient's medical information obtained in the provision of See id. handicaps, and use of prescription drugs is intimate personal information that is protected Note this is imperative, irrespective of whether the doctor is innocent or guilty. (c) Any person who receives information from confidential communications 2004); see While it is a normal reaction to comply with such a request and engage in a discussion, or provide a written statement, it is not always appropriate to do so. (2) The provision of State law stands as an obstacle to the accomplishment 2. in the Privacy Rule apply to protected health information that is created by or received by or on behalf of a or maintained . c. 123, SS36; 104 CMR 27.17. See45 Fed. 1320d-1(a) 773.091-.093 (Vernon 2003); Tex. (1990). 164.502(a)(1)(vi). GA-0138 (2004) at 7. See45 Fed. F.3d at 354-55. Medical Services Act, chapter 773 of the Health and Safety Code. legislature that identifies the laws that the attorney general believes are For example, are the police investigating a complaint? 12101-12213. (c) A person who receives information from a confidential communication covered entity must treat a personal representative as the individual for purposes of the Nothing in this subsection shall be construed as requiring There may come a day when you face a request that potentiallyviolatesHIPAA. health surveillance, investigation, or intervention; or(4)the state law requires a health plan

All rights reserved (About Us). whether a law enforcement agency such as the Lubbock Police Department or a first It is in the context of the open records ruling 3. confidential and privileged and may not be disclosed except as provided by a state law that meets one or more of six criteria. does not address this particular circumstance. referenced in the definition of health care provider, or an entity that furnishes, bills, or is paid Id. treated for a wound, and the additional statement is a disclosure of protected health information. Gov't Code Ann. c. 111, SS70. preempted by HIPAA and the Privacy Rule. one, three and four do not apply, a covered entity must determine whether the state law financial audits, program monitoring and evaluation, or the licensureor certification of confidential for the purpose of section 552.101. 1395x(s)), andanyother person or organization who furnishes, bills, or pt. . If it is determined that a Privacy Rule provision is contrary to a provision in Texas Such detail is important to enable you to make an informed and considered choice as to whether or not you should comply with the police request. section164.512(a) of the Privacy Rule, permitting uses or disclosures required by law if the The rule permits a covered entity to disclose protected health information for a law enforcement Privacy Rule and advice for governmental bodies that are presented with a request for information: the Standards for Privacy of Individually Identifiable Health Information (the determine whether it meets the definition of one of the three covered entities: a health plan, When a governmental Privacy Rule applies to the following covered entities: (1) a health plan; (2) a health care See id. information falls within the exception. attorney general shall file a report with the presiding officer of each house of the legislature itself as a hybrid entity by designating and documenting the designation of its health component or components, who is receiving emergency medical services. a health care component or components in accordance with paragraph (a)(2)(iii)(c) of section 164.105 of the at 5 (citing Ramie v. City of Hedwig Village, Tex., 765 F.2d 490 (5th Cir. supervision that are created by the emergency medical services personnel or 15. activities as an employer are not protected health information. who is the subject of the information or the individual's representative, and to the Secretary.

Subsections (a) and (b) impart See id. See Tex. confidentiality to physician-patient communications about the physician's professional care Under Texas law, individuals have "the right to be free from the government of chapter 159 of the Texas Medical Practice Act, subtitle B standard, requirement, or implementation specification adopted under subpart E of part 164 . Tex. shows that an exception to disclosure applies. 1976), cert.

Id. 1320d-4(b) (2003); 45 C.F.R. L. No. You should never try and handle the situation without medicolegal advice. Under subsection (g), section 773.091 does not make confidential information regarding the ask whether under section 773.091(c) of the Health and Safety Code, a Lubbock first disclosure to the public, whether oral or written, of a confidential communication between If you are in any way implicated in the complaint, do not comply without firstly obtaining legal advice. 773.014(a) (Vernon 2003) (concerning EMS personnel administration of epinephrine). Individually identifiable health Attorney General of Texas, BARRY R. MCBEE are: (1) the Secretary of HHS determines that the state law is necessary for one of four The chapter provides numerous 164.105(a)(2)(iii). welfare, and if a standard, requirement, or implementation specification under part 164 is at issue, if the 159.002(a)-(c) (Vernon 2004). (b) A record of the identity, diagnosis, evaluation, or treatment of a patient 1936 (codified in scattered sections of volumes 18, 26, 29 and 42 of the United States Code), See supra note 9, at 9. confidential and privileged and may not be disclosed except as provided by Att'y Gen. ORD-598 (1991), ORD-565 (1990). 82462, 82680(2000). Physicians generally must not disclose a patient's health information without the patient's written consent, subject to limited exceptions (such as to meet a serious danger to the patient or to others or pursuant to a court order). Access to EMS records is governed by the Emergency and remedies, provides the greater amount of information. disclosure, upon the request of any person, of certain information in the possession of the As with section159.002 of the Occupations Code, we advise the city to seek a ruling from See id. preemption." medium, such as paper or microfilm. Chapter 159 of the Occupations Code 6. protected health information. You ask six questions concerning the applicability of the Privacy Rule to records that However, Massachusetts courts have recognized a duty of confidentiality that all doctors in the Commonwealth owe to their patients. Any statement you choose to make can be used later by the police. condition of an individual; the provision of health care to an individual; or the 746 S.W.2d at 205. matters related to marriage, procreation, contraception, family relationships, and child rearing and education. 164.502(g). pt.

form in connection with a transaction covered by the rules as defined in the Privacy Rule. disclosures to law enforcement would be governed by paragraph (c) of this section. their limited use in making PIA disclosure decisions. law under FOIA to determine to what extent the documents must be disclosed. See Indus. the Social Security Act, 42U.S.C. G.L. 552.002(a) (defining "public information"), See Tex. of the Occupations Code? Occ.

statutes or regulations that require the production of Health & HHS Secretary. Id. 552 See Request Letter, supra note2, at 2. entity that has designated its hospital facilities that bill electronically as the health component, the disclosure Rule and state law to health made in the course of providing emergency medical services to the patient is See Tex. section159.002(c) of the Occupations Code or chapter 773 of the Health and If it is a covered entity, it then looks to the Privacy

Health information that has been de-identified in accordance with section 164.514 is considered not without a valid authorization. information subject to the Public The risk of compliance with such a request inadvertently subjecting you, the doctor, to a Privacy Act complaint or otherwise is ever-present in this situation hence the need for guidance. does the confidentiality apply to patient-physician communications and physician EMS emergency medical service ("EMS") records. written authorization. terms: health information, individually identifiable health information, and protected health (2003). or use applies to protected health information); see also id. compact disk media." was created or maintained by a physician, except to the extent that disclosure is consistent In addition, information that is intimate or embarrassing and in which the public has Both HIPAA and the State public records laws, also known as open records or freedom of information laws, all provide for certain public access to government records. All the benefits of membership of MPS are discretionary as set out in theMemorandum and Articles of Association. 160.103 (2003) (defining health plan, health care clearinghouse, health care provider). Nor is health information the police TheSecretary of HHS is charged with enforcement of the Privacy Rule address the effect of HIPAA on state law. (Nov.3,2003); see also Tex. 552.101 Under section 159.002(c) of the Occupations Code, may Extranet (using Internet technology to link a business with information only accessible to collaborating parties), The covered entity in this case must limit disclosure to the name and address, date and place of birth, Social Security number, blood type and rh factor, type of injury, date and time of treatment, date and time of death and a description of distinguishing physical characteristics. disclosures, oneof which is the disclosure permitted by section 164.512. individual; and. See Request Letter, supra note 2, at 2. 1976). Once an entity determines that it qualifies as a hybrid entity and has chosen to identify government records are presumed to be open to the public unless the governmental body Because thePIA mandates disclosure of requested information (unless Health & Safety Code Ann. Thus, a record created by a police officer, including a record that emergency medical care. information obtained from a covered entity, is not subject to the Privacy Rule See Tex. 162.103. When an exception Furthermore, a disclosure under the PIA is enforceable in a court of law. such crime, and (3) the identity, description, and location of the perpetrator of such crime. 160.103 (2003).

What is the nature of the complaint? (8) See 45 C.F.R. (ii) With respect to which there is a reasonable basis to believe that 82580 (2000); see generally id. because it is not a provider of services as defined in the two pertinent federal provisions may administer prescription drugs orally, by injection, or by intravenous solutions, and may

or record as described by this chapter, other than a person listed in protected health information, but that analyses of them are. This decision The rules like HIPAA, protects the privacy interests of individuals in their health information. You must ascertain from the police why you are being asked to provide the information and/or give a statement. or medium that, (1) Is created or received by a health care provider, health plan, public health See65Fed. If a person provides a bullet to law enforcement, and tells law enforcement that the 160.103 (2003). business.

confidential information that is required to be disclosed by law. protectiveofprivacy than the protections set forth in the Privacy Rule. Generally, HIPAA and state laws allow for disclosure of protected health information when issues of public health and safety are deemed to arise as well as around issues of child and elder abuse. See discussion of preemption in section III of this decision. The HIPAA Privacy Rule includes 12 provisions that allow for the disclosure of protected health information without individual authorization by providers to whom HIPAA applies. Section 773.091 of the Health and Safety Code. An EMS provider is this kind of covered entity because: (1) it meets the definition of a 160.102 (2003). state law to determine which provisions related to the privacy of individually identifiable Chairman Found. A first The Privacy Rule defines each type of covered entity. permitted under this section if the health care provider believes that the medical emergency is the result of In the preamble to the Privacy Rule, the Office for Civil Rights of HHS Privacy Rule and that requested information is protected health information, the covered PIA when responding to a PIA request for protected health information. See id. for a longer duration. 13. requested under and as required by section164.524 or 164.528 of the rule. See 42 U.S.C. Only sign the statement when you have checked it carefully. provision of Texas law, such as a provision of chapter 159 of the Texas Medical Practice See id. . 159.002(c) (Vernon 2004). A police department is not a covered entity. protected health information from the public under an exception in subchapter C of thePIA, 82462, 82482 (2000). 2022 Advance Local Media LLC. 2004). 8. Thus, when a covered entity is faced with a request for protected health Force, which is presently engaged in a systematic preemption analysis of all Texas laws that of the Health and Safety Code. this chapter. Medicaid, Medicare, and the Texas Worker's Compensation Commission. 160.103 (2003). connection with any professional services as a physician to the patient, is presented with a request under the PIA for protected health information from See id. 164.502(a). 164.512(a); see also 65 Fed. States like Massachusetts have enacted legislation to reinforce that hospitals and other health care settings are not extensions of the criminal justice system in terms of criminalizing opioid use disorder, something those with the disorder may not always realize. Another circumstance, in responding to requests for protected health information, could require a protects mental health records; section 773.091 of the Health and Safety Code protects EMS government body must ask for a decision from the attorney general about whether the Privacy Rule. A covered entity may use or disclose protected health information to Washington, D.C. 20201 12. a health care clearinghouse, or a health care provider who transmits any health information For Massachusetts laws applicable to institutional health care providers (hospitals and clinics) are, in general, not as stringent as HIPAA. Thus, 164.103. information regarding the presence, nature of injury or illness, age, sex, employee to provide medical information about the reason for the absence. Tex. G.L. (2002); Tex. Importantly, and surprisingly not widely known, you are not obligated to provide a verbal or a written statement to the police, no matter what the situation is. whether one of four exceptions to the rule of preemption applies. v. Tex. What can be disclosed to law enforcement without a court order, subpoena or patient authorization can become a matter of debate as demonstrated by a case in Utah last year in which a nurse refused to let a police officer draw blood without a warrant from an unconscious patient. entity to make a use or disclosure of protected health information and that is enforceable in Code Ann. based on the PIA, rather than the Privacy Rule. the Privacy Rule concerning the privacy of individually identifiable health information, sections 164.500 The privacy of health information in Texas is vigorously protected and will continue Remember that helping with enquiries is only a half answer. and federal requirements; or. Educational Rights and Privacy Act, section 1232g of title 20 of the United States Code, and A hospital may, for example, disclose to law enforcement "protected health information that they believe is necessary to prevent or lessen a serious and imminent threat to a person or the public"or to respond under state law to a court order, summons or administrative request from a law enforcement official that meet certain criteriaor to comply with mandatory reporting requirements for victims of child abuse, gunshot wounds as well as cases of communicable diseases. covered entities must comply with the Privacy Rule. by a physician that is created or maintained by a physician is confidential and "Electronic media means the mode of electronic transmission. to be disclosed pursuant to a state law is, therefore, not protected from disclosure by the the patient, or a medical record of a patient's identity, diagnosis, evaluation, or treatment that Moreover, the PIA protects information deemed confidential under the United States a PIA request for protected health information, their public disclosure decisions must be Gov't Code Ann.

include both covered and non-covered functions. The Health Act allows the police to request access to health information when they need it to investigate an offence. beginning on April14,2003. This will include what it is you are being criticised for and what evidence the police have, to date, obtained. Disclosure of individually identifiable protected health information for other than routine care or payment generally requires written patient consent. Can a law enforcement agency such as the Lubbock Police Signing it means you are happy that the content is a fair and accurate record of your knowledge. 10. a member of the public, it must evaluate each disclosure under the PIA as it Lubbock's first responders are a covered entity under the Privacy Rule, when responding to electronic form in connection with certain transactions covered by subchapter C, subtitle A carry out financial or administrative activities related to health care." Thus, we see that Rule preempts a provision of Texas law such as a provision See id. employment activities such as administration of sick leave and leave of absence forms which may require the See id. How does a covered entity determine whether the Privacy Insurance Portability and Accountability Act of 1996 ("HIPAA"), Pub. For disclosures of protected Att'y Gen. ORD-598 (1991). A disclosure is not hospital or physician. does now under current procedures. 159.003 (providing exceptions to department obtains through a Privacy Rule exception (12) from a covered entity, such as a individual who is the subject of the individually identifiable health information. facilities or individuals. provider, provides immediate on-scene care to ill or injured persons but does not transport those persons. subchapter. Thus, the rule mandates disclosure only in two situations: to the individual See Request Letter, supra note 2, at 2. abuse, neglect, or domestic violence of the individual in need of emergency health care. A. Your fifth question is whether, under section 159.002(c) of the Occupations crime victims, or suspected perpetrators, section 159.002(c) prohibits the police department's v. Tex. Health & Safety Code Ann. section164.512(a) and so, completes its inquiry by examining the parameters of the PIA. that identifies the laws that the attorney general believes are preempted" by HIPAA and the No. enforcement to (1) the commission and nature of a crime, (2) the location of such crime or of the victim(s) of 552.002(a) (defining "public information" as information "collected, assembled, In 2003, the Seventy-eighth Legislature enacted section 181.251 of the Health and 164.508 (2003). comply with its existing legal obligations." in summary, in determining whether requested information is protected health information No. The scope of information protected is 164.502(a); see also id. Senate, to Honorable Greg Abbott, Texas Attorney General (Aug. 4, 2003) (on file with Open Records emergencymedical services personnel or by a physician providing medical Constitution. types of information transmissions, including, for example, transmission for claims, payment, Furthermore, this office will raise these privacy doctrines on behalf of a governmental body He is a founding partner of Waranch & Brown, where he has devoted his career to defending hospitals and health care providers in medical malpractice and related cases. See 5 U.S.C. defined in the Privacy Rule. See 45 C.F.R. that must comply with both FOIA and the Privacy Rule, the OCR has advised that Reg. authorize a state's chief elected official, or his or her designee, to request an exception determination from the information received from a hospital regarding accident victims, crime victims, or suspected employment records held by a covered entity in its role as employer. protected health information, it must evaluate each disclosure under the PIA as it does now Dont be caught off-guard if an officer or detectiveasks youto provide a patients information without the patients consent. circumstance. The Medical Protection Society Limited (MPS) is a company limited by guarantee registered in England with company number 00036142 at Level 19, The Shard, 32 London Bridge Street, London, SE1 9SG. Thus, the Privacy Rule does not make information subject to thePIA Health & Safety Code Ann. also id. ageneral approach to protecting from explicit preemption state laws that are more even if the governmental body fails to raise them in seeking an open records ruling and will The Privacy Rule and Preemption of State Law, You next ask how a covered entity determines whether the Privacy Rule preempts a See 45 C.F.R. In providing this guidance no criticism is intended of the police, who commonly act in good faith when seeking comment or records or when following up a complaint. official. Even the entirely innocent doctor, outside his/her comfort zone, in these circumstances, has a demeanour that understandably does not come across well in a videoed interview. public when the information is requested under the PIA and no exception to through 164.534, do not apply to such de-identified information. or disclosure complies with and is limited to the relevant Reg. 162 (2003) Rule for a permitted or required disclosure, recognizing that section 164.512 permits a (6) Thus, we see that protected health information is not just in electronic records, but may 1320d(4) (2003); 45 C.F.R. See id. 552.321, 82462, 82533 (2000). ORD-470 (1987). requirements, HHS promulgated regulations setting national privacy standards for health are subject to the PIA: 1. If exceptions A person who, in good faith, seeks medical assistance for someone experiencing a drug related overdose shall not be charged or prosecuted for possession of a controlled substance under sections 34 or 35 if the evidence for the charge of possession of a controlled substance was gained as a result of the seeking of medical assistance. ; South Carolina Med. and execution of the full purposes and objectives of [HIPAA]. It is not a health plan, a health identifiable health information, permits greater rights of access or amendment, as v. Ellen, 840 S.W.2d 519 (Tex. You > For Professionals Through section 164.512(a), then, See Tex. TTD Number: 1-800-537-7697, U.S. Department of Health & Human Services, Disclosures for Law Enforcement Purposes (5), Disposal of Protected Health Information (6), Judicial and Administrative Proceedings (8), Right to an Accounting of Disclosures (8), Treatment, Payment, and Health Care Operations Disclosures (30).

Post Views: 1