Search This Blog

Tuesday, August 07, 2018

New Health Care Liability Action Opinion: Trial Court's Grant of Motion to Dismiss Upheld on Appeal (Due to a Misunderstanding of HIPAA?)

The Tennessee Court of Appeals has issued its opinion in Buckman ex rel. Buckman v. Mountain States Health Alliance, No. E2017-01766-COA-R3-CV(Tenn. Ct. App. Jul. 26, 2018).  Here is the syllabus from the slip opinion:
This is a healthcare liability case. Before filing the complaint, the plaintiff gave written notice to the potential defendants of her healthcare liability claim against them. Tennessee Code Annotated section 29-26-121(a)(2)(E) requires that a plaintiff’s pre-suit notice include a HIPAA compliant medical authorization permitting the healthcare provider receiving the notice to obtain complete medical records from every other provider that is being sent a notice. After the plaintiff filed suit, the defendants moved to dismiss the complaint based on noncompliance with the statute, as the defendants alleged that the HIPAA authorization provided by the plaintiff had already expired when they received it. The trial court granted the defendants’ motion to dismiss, concluding that the HIPAA authorization was invalid due to the fact that the listed expiration date had already passed when the authorization was provided to the defendants with pre-suit notice. The plaintiff appeals. We affirm and remand for further proceedings.
Here is a link to that opinion:

http://www.tncourts.gov/sites/default/files/konah_evangeline_buckman_v._mountain_states_health_alliance.pdf

Here is a link to the separate concurring opinion by Judge Swiney (which is a must-read):

http://www.tncourts.gov/sites/default/files/konah_evangeline_buckman_v._mountain_states_health_alliance_et_al._-_concurring_opinion.pdf

NOTE: I think this opinion is in error.  Again it confounds me that the courts of Tennessee—and many lawyers—have not picked up on the fact that a defendant (or potential defendant) in a health care liability action does not have to have a HIPAA-compliant authorization to share a patient's or plaintiff's protected health information ("PHI") with other defendants and their legal counsel because because doing that is part of a covered entity's "health care operations" as defined by 45 C.F.R. sections 164.501, -502(b), -.514(d).

As such, dismissal of a health care liability action because a defendant did not get a HIPAA-compliant authorization for a patient's PHI would be improper because Tenn. Code Ann. sec. 29-26-121's requirement that such an authorization be enclosed as part of a claimant's presuit notice appears to be preempted by HIPAA. 



https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/disclosures-treatment-payment-health-care-operations/index.html