mcle training california discovery law & records retrieval & hipaa tm
TRANSCRIPT
MCLE TrainingCalifornia Discovery Law & Records Retrieval & HIPAA
TM
TM
Agenda Issuing Subpoenas for Records
• Consumer Records • Confidential Records• Legal timeframes for compliance • Noticing and statutory hold
Witness Fees Medical Authorizations HIPAA Problem Locations Expediting Record Retrieval
TM
Confidential Records Some consumer records are further protected
and, oftentimes, a subpoena (even if it has been noticed properly), will not command release.
In these instances a signed consent will be required.• Medical records pertaining to mental health, HIV, or drug/alcohol
treatment.• Some scholastic/academic records.• All records held by government agencies.
Note: There is an exception for mental health records when “condition” is at issue; see California Evidence Code 1010-1016.
TM
All records are considered consumer records.
Myth vs Fact
TM
Records of a business that do not pertain to anyone’s personal information, i.e., logs, bids, invoices, etc. These are considered non-consumer records and therefore there are not statutory hold requirements, notice requirements are met by mailing a copy of the subpoena to each party.
ccp2020(d)(1)
Fact
TM
Legal Timeframe
Deposition subpoena for production of records from a non-party witness:
Deposition date is set at 20 days from the date of issuance. The witness has 20 days from the date of issuance, or 15 days from the date served (whichever date is later), to produce records.
‐ ABI’s Deposition date is set at 25 days from the date of issuance, if the records are those of a consumer and the notice is mailed.
‐ Add at least 5 business days to the deposition date for records to be copied and delivered; avg. TAT is typically 30-33 days.
TM
Statutory Hold Once the deposition date is set, and parties have
been noticed, when can the subpoena be served?
• Hold 0 days if the records are non-consumer.• Hold 0 days if time has been waived by consumer, or you have an
accompanying authorization.• Hold 0 days for worker’s compensation sdt • Hold 5 days if the records are those of a consumer and the notice has
been hand-delivered.• Hold 10 days if the records are those of a consumer and the notice has
been mailed.
TM
There is no re-course if the custodian does not produce records or provide a certificate of no records.
Myth vs Fact
TM
Disobedience of this subpoena may be punished by contempt of this court. You will also be liable for the sum of five hundred dollars and all damages resulting from your failure to obey.
The custodian must declare whether or not all records requested are in fact produced. Thus, if there are no records they must state such.
ccp 2020 40/1561
Fact
TM
Per California Evidence Code 1563:
Standard $15.00 witness fee must accompany each subpoena.
$24.00 per hour clerical costs for locating the chart, $16.00 per hour if presented an attorney-issued authorization.
Any actual costs incurred, i.e., postage, storage retrieval, duplication of non-paper materials such as x-rays, pathology slides, photographs, etc.
If the witness duplicates the records and mails, $0.10 per page for standard 8 ½ x 11, $0.20 per page for microfiche/microfilm or oversized pages.
Witness Fees
TM
When is an Authorizations Required?
Mental health records H.I.V. diagnosis Drug/alcohol abuse or treatment Records of a minor Records of the deceased Records of an incompetent Scholastic records Military records Government employee records Social services records Social Security records Peace officer records ( may need Pitchess Motion) E.D.D. records (when there is no current WCAB case filed) E.E.O.C. records ( may need additional paperwork) V.A. records ( must be original signature and on their forms) Residential and Cell phone records Out of state providers
TM
Subpoenas and authorizations must specify the dates of treatment for which records are requested and may not request the entire record.
Myth vs Fact
TM
The Office of Civil Rights has stated that a request for the “entire medical record” is valid.
This also can be written as “complete patient file.”
An authorization listing “all protected health information” without further definition may not be sufficiently specific enough however.
45 CFR 164.508b
Fact
TM
The Health Insurance Portability and Accountability Act
• Understanding HIPAA Privacy
‐ The Privacy Rule provides federal protection for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
HIPAA
TM
Sets standards for confidentiality and privacy of individually identifiable patient health information “PHI”.
April 14, 2003 compliance date
Applies to Covered Entities• Health plans (insurance companies, HMO’s, government programs)
• Health care clearinghouses (billing agency, re-pricing companies)
• Health care providers (doctors, clinics, dentist, pharmacies)
• Public health authorities• Employers• Life insurers• Schools or universities
HIPAA Privacy Rule
TM
Covered entities are permitted to disclose PHI without Authorizations for the purposes of:
• Treatment: management of healthcare• Payment: reimbursement and benefits• Healthcare Operations: medical reviews, contracts,
compliance, business planning, financial, and legal activities
45 CFR 164.501
Allowed Disclosure
TM
Myth vs Fact
HIPAA Does Not apply to attorneys and law firms
TM
Fact
Under the former rules, attorneys were Business Associates of Covered Entities and HIPAA only applied when they represented Covered Entities. As of 2009, all attorneys who work with PHI must comply with HIPAA and HITECH rules and must ensure that their subcontractors comply as well.
(45 CFR 160.102)
TM
Privacy Rule permits, but does not require, a covered entity to voluntarily obtain patient consent for uses and disclosures of protected health information for treatment, payment, and health care operations. Covered entities that do so have complete discretion to design a process that best suits their needs.
Allowed Disclosure
TM
Subpoenas and discovery requests can be used to obtain protected health
information without an authorization if;
Individual (patient) is a party to the litigation and receives notice of the request (proof of service) for their PHI and no objections were raised; or
The party seeking the information secures a qualified protective order or one has been requested• If the above conditions are met, a court order
is not required to make the disclosure
(45 CFR 164.512e)
TM
Description of information to be disclosed
Identity of the person or class of persons authorized to make the requested disclosure
Identity of person or class of persons to whom the covered entity can disclose the information
HIPAA Compliant Authorization
TM
Description of the purpose of the request for disclosure
Expiration date or event
Signature of person authorizing disclosure with date
Individuals right to revoke authorization in writing Re-disclosure – Information may be disclosed to others not
subject to the privacy rule.
HIPAA Compliant Authorization
TM
The Privacy Rule does not specify who may draft an Authorization, it may be drafted by a third party.
Copies, faxes, and electronically transmitted versions of signed Authorizations are valid to request PHI.
PHI created after the Authorization was signed may still be disclosed, provided that the Authorization encompasses the category of information that was later created.
Authorizations do not have to be notarized.
CCP 56.11 states (a) “is in a typeface no smaller than 14-pt font type”.
Notes on Authorizations
TM
Subpoenas and Authorizations are both needed to obtain medical records in preparation for litigation when the covered entity (custodian of records) is not a party to the litigation.
Myth vs Fact
TM
Authorizations, if compliant with the ten elements required by the Privacy Rule, are sufficient to obtain protected health information.
(45 CFR 164.508)
Fact
TM
Myth vs Fact
Authorizations must specifically identify individuals or entities who may use or disclose protected health information• for example: Mission Hospital or Dr. Brown
TM
Fact
One Authorization form may be used to authorize uses and disclosures by classes or categories of persons or entities, without naming the particular persons or entities
A separate Authorization specifically naming each health care provider from whom protected health information may be sought is not required
TM
Example
• Any health plan, physician, health care professional, hospital, clinic, laboratory, pharmacy, medical facility, or other health care provider that has provided payment, treatment or services to me or on my behalf” is sufficient language for an Authorization.
(45 CFR 164.508c)
TM
Kaiser/SCPMG/UC Medical Centers• Volume• Rotating Charts• Staffing• In Patient/Out Patient• Copying Access• Government Entity
Difficult Locations
TM
Provide The Following Information• Patient Information Must Be Correct – Name, DOB, SS
Number • Medical Record Number• AKA’s• Treating Physician• Dates of Service• Accounting Number• Copy of bill or treatment records• Kaiser Authorization - All authorizations must be HIPAA compliant.
(Authorization must include the following: Patient demographics, patient signature and date, expiration date, re-disclosure clause, type of records being requested, what location records are being requested from, and where records should be released to) Using a Kaiser authorization will aid in a quicker review and process of our request as it is easier to decipher if something is missing on - So CA/No CA
How to Secure Records Timely
TM
Insurance Company‐ Legal Review‐ Work Product‐ Storage Cost
Difficult Locations
TM
Provide The Following Information‐ Claim Number‐ Policy Number‐ Type of Claim
How to Secure Records Timely
TM
Out of State Providers‐ CA SDT is not valid outside of CA‐ Requires Authorization‐ Out of State Commission
(ABI does not file the commission – must be filed by attorney )
‐ Costly
Difficult Locations
TM
Governmental Locations‐ VA - Military ‐ E.D.D‐ Social Security
» Reject a sdt – require their own forms
Difficult Locations
TM
For your time and participation
The information provided is only intended to be general summary information. It is not intended to take the place of either the written law or regulations. Please refer to:
www.hhs.gov/ocr/regtext.html
Thank You
TM
California Code of Civil Procedure Section 2020
d) (1) A deposition subpoena that commands only the production of business records for copying shall designate the business records to be produced either by specifically describing each individual item or by reasonably particularizing each category of item; however, specific information identifiable only to the deponent's records system, such as a policy number or the date the consumer interacted with the witness, shall not be required. This deposition subpoena need not be accompanied by an affidavit or declaration showing good cause for the production of the business records designated in it. It shall be directed to the custodian of those records or another person qualified to certify the records. It shall command compliance in accordance with paragraph (4) on a date that is no earlier than 20 days after the issuance, or 15 days after the service, of the deposition subpoena, whichever date is later. (2) If, under Section 1985.3 or 1985.6, the one to whom the deposition subpoena is directed is a witness, and the business records described in the deposition subpoena are personal records pertaining to a consumer, the service of the deposition subpoena shall be accompanied either by a copy of the proof of service of the notice to the consumer described in subdivision (e) of Section 1985.3, or subdivision (b) of Section 1985.6, as applicable, or by the consumer's written authorization to release personal records described in paragraph (2) of subdivision (c) of Section 1985.3, or paragraph (2) of subdivision (c) of Section 1985.6, as applicable.
Back
TM
California Code of Civil Procedure
Section 2020.420 20 (3)
BACK
(2) Not less than 10 days prior to the date for production specified in the subpoena duces tecum, plus the additional time provided by Section 1013 if service is by mail.(3) At least five days prior to service upon the custodian of the employment records, plus the additional time provided by Section 1013 if service is by mail.
TM
California Code Of Civil Procedure Section 2020.240
BACK
A deponent who disobeys a deposition subpoena in any manner described in subdivision (c) of Section 2020.220 may be punished for contempt under Chapter 7 (commencing with Section2023.010) without the necessity of a prior order of court directing compliance by the witness. The deponent is also subject to the forfeiture and the payment of damages set forth in Section 1992.
TM
BACK
TMBACK
California Evidence Code Section 1561
(a) The records shall be accompanied by the affidavit of the custodian or other qualified witness, stating in substance each of the following: (1) The affiant is the duly authorized custodian of the records or other qualified witness and has authority to certify the records. (2) The copy is a true copy of all the records described in the subpoena duces tecum, or pursuant to subdivision (e) of Section 1560the records were delivered to the attorney, the attorney's representative, or deposition officer for copying at the custodian's or witness' place of business, as the case may be. (3) The records were prepared by the personnel of the business in the ordinary course of business at or near the time of the act, condition, or event. (4) The identity of the records. (5) A description of the mode of preparation of the records. (b) If the business has none of the records described, or only part thereof, the custodian or other qualified witness shall so state in the affidavit, and deliver the affidavit and those records that are available in one of the manners provided in Section 1560. (c) Where the records described in the subpoena were delivered to the attorney or his or her representative or deposition officer for copying at the custodian's or witness' place of business, in addition to the affidavit required by subdivision (a), the records shall be accompanied by an affidavit by the attorney or his or her representative or deposition officer stating that the copy is a true copy of all the records delivered to the attorney or his or her representative or deposition officer for copying.
TMBACK
Permitted Uses and Disclosures. A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations: (1) To the Individual (unless required for access or accounting of disclosures); (2) Treatment, Payment, and Health Care Operations; (3) Opportunity to Agree or Object; (4) Incident to an otherwise permitted use and disclosure; (5) Public Interest and Benefit Activities; and (6) Limited Data Set for the purposes of research, public health or health care operations.18 Covered entities may rely on professional ethics and best judgments in deciding which of these permissive uses and disclosures to make.(1) To the Individual. A covered entity may disclose protected health information to the individual who is the subject of the information.(2) Treatment, Payment, Health Care Operations. A covered entity may use and disclose protected health information for its own treatment, payment, and health care operations activities.19 A covered entity also may disclose protected health information for the treatment activities of any health care provider, the payment activities of another covered entity and of any health care provider, or the health care operations of another covered entity involving either quality or competency assurance activities or fraud and abuse detection and compliance activities, if both covered entities have or had a relationship with the individual and the protected health information pertains to the relationship. See additional guidance on Treatment, Payment, & Health Care Operations.
45 CFR 164.501
TM
BACK
Back