Healthcare Providers Beware: HIPAA Applies When Complying With Subpoenas
By: Peggy L. Beat
Much scrutiny has been given to the treatment for COVID-19 and the use of funds in fighting it. In time, the local, state, and federal governments will be investigating or prosecuting organizations accepting COVID-19 funds or treating those with the coronavirus. Covered entities, such as healthcare providers and health plans, might be served with subpoenas and discovery requests. It is important to know how to manage the release or disclosure of patient information subject to these requests.
In general, a subpoena is a formal request made by a party to a court case that often requires the recipient to either produce documents, provide testimony, or both. If you are a healthcare provider, subpoenas can be intimidating to receive. You may even think that you have to comply with the request. However, if the request is for documents or records, which include Protected Health Information (PHI), and you do so without complying with the Health Information Portability and Accountability Act (HIPAA), you could violate an individual’s privacy.
Although HIPAA has been around for quite a while, it is still largely misinterpreted. In situations of litigation, discovery, and the judicial process, HIPAA can even be forgotten at times. However, healthcare providers and others who are subject to HIPAA must safeguard and protect an individual’s privacy unless the regulations allow otherwise. In situations of subpoenas, HIPAA does allow for the disclosure or release of PHI in certain circumstances. The HIPAA & Subpoenas Flow Diagram below is an oversimplified visual interpretation of HIPAA upon receiving a subpoena.
For more information on this topic, contact the author of this post. Click the "Subscribe For More Updates" button to receive alerts when new blog posts are published.