The Tennessee Court of Appeals just released its opinion in Parks v. Walker, No. E2017-01603-COA-R3-CV (Tenn. Ct. App. Nov. 28, 2018). The syllabus from the majority opinion reads as follows:
This is a health care liability action. Plaintiff gave written pre-suit notice of her claim to potential defendants. See Tenn. Code Ann. § 29-26-121(c) (2018). She then filed her complaint. Defendants filed motions to dismiss. After a hearing, the trial court held that plaintiff failed to substantially comply with the requirements of the notice statute by failing to provide a HIPAA-compliant medical authorization, pursuant to Tenn. Code Ann. § 29-26-121(a)(2)(E). It entered an order granting defendants’ motions to dismiss. Plaintiff appeals. We affirm.
Here is a link to the majority opinion:
http://www.tncourts.gov/sites/default/files/parks_vs._walker_coa_majority_opinion.pdf
Judge Swiney authored a dissent, which can be found here:
http://www.tncourts.gov/sites/default/files/jennifer_parks_v._walker_dissenting_coa_separate_opinion.pdf
NOTE: Respectfully, I think the majority opinion is in error. Again it confounds me that the courts of Tennessee—and many lawyers—have not picked up on the fact that a defendant (or potential defendant) in a health care liability action does not have to have a HIPAA-compliant authorization to share a patient's or plaintiff's protected health information ("PHI") with other defendants and their legal counsel because because doing that is part of a covered entity's "health care operations" as defined by 45 C.F.R. sections 164.501, -502(b), -.514(d).
As such, dismissal of a health care liability action because a defendant did not get a HIPAA-compliant authorization for a patient's PHI would be improper because Tenn. Code Ann. sec. 29-26-121's requirement that such an authorization be enclosed as part of a claimant's presuit notice appears to be preempted by HIPAA.
Again, I think the dissent is in error for the reasons stated above.
Here are some helpful links on this subject:
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/permitted-uses/index.html
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/permitted-uses/index.html