Medical Records Requests and Subpoenas After Ciox Health
Complying With Federal and State Laws When Responding to Subpoenas and Requests
Course Details
- smart_display Format
On-Demand
- signal_cellular_alt Difficulty Level
- work Practice Area
Health
- event Date
Tuesday, April 21, 2020
- schedule Time
1:00 p.m. ET./10:00 a.m. PT
- timer Program Length
90 minutes
-
This 90-minute webinar is eligible in most states for 1.5 CLE credits.
This CLE course will provide healthcare counsel with guidance on medical records requests and subpoenas. The panel will examine the recent decision in Ciox Health v. Azar and the HHH Office of Civil Rights (OCR) response it prompted. The panel will discuss how the decision and OCR response change the landscape and will offer best practices for complying with HIPAA and other federal and state laws and the subpoenas/requests for medical records.
Ms. Peters is recognized by the healthcare industry as a preeminent thinker and speaker on data privacy and security, particularly with regard to HIPAA, the HITECH Act, the 21st Century Cures Act, the Genetic Information Nondiscrimination Act (GINA), the Privacy Act, and emerging cyber threats to health data. For over a decade, Ms. Peters both developed health information privacy and security policy, including on emerging technologies and cyber threats, for the Department of Health and Human Services, and enforced HIPAA regulations through spearheading multi-million-dollar settlement agreements and civil money penalties pursuant to HIPAA. She also focused on training individuals in both the private and public sector, including compliance investigators, auditors, and State Attorneys General, on HIPAA regulations and policy, and on good data privacy and security practices. As a CISSP, Ms. Peters works hard to bridge the gap between legal requirements for the security of health data and security industry best practices, so that clients can better understand data security issues and jargon.
Mr. Licata serves as COO and GC at HealthMark, a healthcare software and technology business focused on release of information and patient intake solutions. Prior to HealthMark, he was the COO and General Counsel at BAS in Austin, an ecommerce mass-customization business which was acquired by Cimpress in 2018. Prior to BAS, he was a litigation associate at a boutique firm in Houston.
Healthcare providers, other covered entities, and their business associates often receive requests and subpoenas for medical records that include protected health information (PHI). Federal and state privacy laws, including HIPAA, limit disclosure of PHI to third parties. However, this does not mean the healthcare providers can ignore subpoenas or some other requests for medical records.
In Ciox Health v. Azar (D.D.C. Jan. 23, 2020), the federal district court held (1) HHS's 2013 rule compelling delivery of PHI to third parties regardless of the records' format is arbitrary and capricious insofar as it goes beyond the statutory requirements set by Congress; (2) HHS's broadening of the Patient 3 Rate in 2016 is a legislative rule that the agency failed to subject to notice and comment in violation of the APA; and (3) HHS's 2016 explanation concerning what labor costs can be recovered under the Patient Rate is an interpretative rule that HHS was not required to subject to notice and comment.
Following the court's vacating of the 2016 Patient Rate expansion and the 2013 mandate broadening PHI delivery to third parties regardless of format, the OCR issued a notice that addressed the right of access to health records. Healthcare counsel must understand the impact of the Ciox Health decision and the OCR response.
Listen as our authoritative panel of healthcare attorneys examines the requests and demands for medical records that covered entities and business associates may receive. The panel will discuss the different types of requests/subpoenas as well as patient access and individual requests for records. The panel will review how the courts have addressed requests for medical records and offer guidance for complying with HIPAA and other federal and state laws and the subpoenas/requests for medical records.
- Ciox Health decision and what it means for holders of medical records
- OCR response to Ciox Health
- Responding to requests and subpoenas for records and complying with federal and state laws
The panel will review these and other noteworthy issues:
- How does the Ciox Health decision change the landscape of medical records requests or subpoenas?
- What is the impact of the decision on existing state medical record laws and regulations?
- What steps should healthcare counsel take to comply with medical records subpoenas as well as HIPAA and other privacy laws?
Related Courses
The ACA and the New Administration: CMS Proposed Rule Impacting Marketplace Eligibility and Other Notable Actions
Tuesday, April 22, 2025
1:00 p.m. ET./10:00 a.m. PT
Healthcare Providers and New Immigration Initiatives: Obligations to Patients and Employees, Compliance Strategies
Thursday, April 24, 2025
1:00 p.m. ET./10:00 a.m. PT
New CMS 60-Day Rule Revisions: Key Changes Impacting Reporting and Return of Medicare/Medicaid Overpayments
Saturday, March 22, 2025
1:00 p.m. ET./10:00 a.m. PT