USA: +1 508 290 1604 
Sign in
QUESTION
You supervise the release of information (ROI) section in the health information management department of an acute care hospital, which is also a Level II regional trauma center. Today the hospital received a subpoena duces tecum from an attorney, demanding either the originals or copies of all health records on Paul Johnson, who was allegedly a patient of the hospital. The ROI clerk came to you, unsure what to do. The subpoena lacks sufficient information for you to determine whether Mr. Johnson is (or was) a patient in the facility. Also, the subpoena was not accompanied by a valid authorization to release information for Mr. Johnson, as required in your state.
- Identify the steps that you should take, as the supervisor, to determine whether Mr. Johnson is or was a patient in the hospital
- How should the organization respond to the subpoena?
- What regulations apply to this request (be specific)
ANSWER
Release of Patient Information Upon Receiving a Subpoena from an Attorney
Hospitals are aware of the Health Insurance Portability and Accountability Act, which protects the patients’ information. According to the provisions of HIPAA, patient privacy extends to ensuring that their information is secure. Therefore, responding to a subpoena without clear details should be reevaluated to determine the course of action because it is the responsible action to take regarding protected health information (PHI) (Appel, 2022). As the supervisor in Release of Information (ROI), I am fully aware that the subpoena from the Attorney is different from that submitted by the judge. Considering the subpoena “lacks sufficient information,” as the case study suggests, I will not proceed to confirm to the Attorney whether Mr. Johnson is (or was) a patient in the facility. Instead, I would want to know if Mr. Johnson has been notified about the request for information or not. I will then proceed to inform the management about the subpoena and ask whether Mr. Johnson can be notified about the same or inquire if they are fully aware of the situation. This is called a reasonable effort. In case of persistence, I will require that the Attorney who issued a subpoena seeks a protective order to get the information from the court if they haven’t succeeded in getting Mr. Johnson to disclose it himself.
The organization should evaluate the authority of the subpoena, which in this case is by an attorney. This complicates the next course of action as the information given is also insufficient to allow disclosure. Therefore, the organization will not respond to the subpoena not unless the information is sufficient and the patient did object to the request for the release of their information. Either way, the Attorney will not obtain any information on the patient if they haven’t provided information where they have filed for a qualified protective order. As a course of action, which is commendable, the organization will seek permission from the patients, if they are not mentally capacitated, or their caregivers through an email, phone call, or letter (Weiss, 2010).
The regulations covering this request are guided by HIPAA and the subsequent protected health information (PHI) provisions.
References
Weiss, N. F. (2010). Release or Not to Release: An Analysis of the HIPAA Subpoena Exception, To. Mich. St. UJ Med. & L., 15, 253.
Appel, J. M. (2022). Breach of Confidentiality. In Malpractice and Liability in Psychiatry (pp. 113-120). Springer, Cham. https://doi.org/10.1007/978-3-030-91975-7_15
To get your original copy of this paper, please Order Now
Related Questions
Regulatory Issues in Health Information
