Healthcare Law Blog
Kalamazoo - Healthcare Law and Regulations Blog

The Legal System and Your Healthcare Information under HIPAA:

Posted December 3, 2018

Covered entities may disclose protected health information in a judicial or administrative proceeding if the request for the information is through an order from a court or administrative tribunal. Such information may also be disclosed in response to a subpoena or other lawful process if certain assurances regarding notice to the individual or a protective order are provided.

Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes under the following six circumstances, and subject to specified conditions:

  • as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests;
  • to identify or locate a suspect, fugitive, material witness, or missing person;
  • in response to a law enforcement official’s request for information about a victim or suspected victim of a crime;
  • to alert law enforcement of a person’s death, if the covered entity suspects that criminal activity caused the death; when a covered entity believes that protected health information is evidence of a crime that occurred on its premises; and
  • by a covered health care provider in a medical emergency not occurring on its premises, when necessary to inform law enforcement about the commission and nature of a crime, the location of the crime or crime victims, and the perpetrator of the crime.


Medical Malpractice

Posted November 18, 2018

Medical malpractice is a subspecialty of tort law that analyzes the professional conduct of licensed health care practitioners and facilities. The phrase licensed health care providers includes the following occupations: chiropractic, dentistry, medicine, nursing, optometry, osteopathic medicine, pharmacy, physical therapy, podiatry, and psychology. MCL 333.16101 et seq.

To prevail in a malpractice lawsuit against any of these professionals, the plaintiff must prove the elements of duty, breach, causation, and damages. The malpractice of the professional is the professional’s deviation from the standard of care that would be followed by a reasonably prudent professional of similar training under the same or similar circumstances. There must be a provider-patient relationship established for liability to attach

A recent medical malpractice case illustrates the distinguishing factor of the provider-patient relationship. The plaintiff was attacked by a psychiatric patient while she was a patient at defendant hospital. Plaintiff filed an ordinary negligence claim against defendant, alleging that defendant did not have sufficient staff to monitor its patients and should not have allowed patients with violent propensities to roam around the hospital and enter patients’ rooms. The Michigan Supreme Court held that the trial court had erred in concluding that the correct theory was ordinary negligence because the ordinary layperson does not know the type of supervision or monitoring that is required for psychiatric patients in a psychiatric ward. Similarly, the court held that an assault claim against hospital employees administering a drug despite a patient’s refusal falls under the medical malpractice act requiring plaintiff to provide a notice of intent to sue and affidavit of merit.


HIPAA's Security Rule:

Posted October 15, 2018

Prior to HIPAA, no generally accepted set of security standards or general requirements for protecting health information existed in the health care industry. At the same time, new technologies were evolving, and the health care industry began to move away from paper processes and rely more heavily on the use of electronic information systems to pay claims, answer eligibility questions, provide health information and conduct a host of other administrative and clinically based functions.

Today, providers are using clinical applications such as computerized physician order entry (CPOE) systems, electronic health records (EHR), and radiology, pharmacy, and laboratory systems. Health plans are providing access to claims and care management, as well as member self-service applications. While this means that the medical workforce can be more mobile and efficient (i.e., physicians can check patient records and test results from wherever they are), the rise in the adoption rate of these technologies increases the potential security risks.

A major goal of the Security Rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care. Given that the health care marketplace is diverse, the Security Rule is designed to be flexible and scalable so a covered entity can implement policies, procedures, and technologies that are appropriate for the entity’s particular size, organizational structure, and risks to consumers’ e-PHI.