This is a healthcare liability case. Before filing the complaint, the plaintiff gave written notice to the potential defendants of her healthcare liability claim against them. Tennessee Code Annotated section 29-26-121(a)(2)(E) requires that a plaintiff’s pre-suit notice include a HIPAA compliant medical authorization permitting the healthcare provider receiving the notice to obtain complete medical records from every other provider that is being sent a notice. After the plaintiff filed suit, the defendants moved to dismiss the complaint based on noncompliance with the statute, as the defendants alleged that the HIPAA authorization provided by the plaintiff had already expired when they received it. The trial court granted the defendants’ motion to dismiss, concluding that the HIPAA authorization was invalid due to the fact that the listed expiration date had already passed when the authorization was provided to the defendants with pre-suit notice. The plaintiff appeals. We affirm and remand for further proceedings.
Here is a link to the separate concurring opinion by Judge Swiney (which is a must-read):
NOTE: I think this opinion is in error. Again it confounds me that the courts of Tennessee—and many lawyers—have not picked up on the fact that a defendant (or potential defendant) in a health care liability action does not have to have a HIPAA-compliant authorization to share a patient's or plaintiff's protected health information ("PHI") with other defendants and their legal counsel because because doing that is part of a covered entity's "health care operations" as defined by 45 C.F.R. sections 164.501, -502(b), -.514(d).