Day on Torts - New Post: HIPAA authorization single-provider exception did not apply where 21 providers were sent HCLA pre-suit notice. |
Posted: 21 Apr 2021 06:10 AM PDT Where an HCLA plaintiff sent pre-suit notice to twenty-one healthcare providers but failed to provide HIPAA authorizations for at least nineteen of those providers, dismissal was affirmed. In Shaw v. Gross, No. W2019-01448-COA-R3-CV (Tenn. Ct. App. April 13, 2021), plaintiff filed suit as the administrator of the decedent’s estate after decedent died of sepsis. Decedent had presented at defendant hospital and been treated by defendant doctor before being released with a dehydration diagnosis, but he returned to defendant hospital the next day and was diagnosed with sepsis, which eventually led to his death. Before filing her complaint, plaintiff sent pre-suit notice to defendant hospital, defendant doctor, and nineteen other medical providers. After an initial grant of summary judgment, appeal, and remand, defendants filed motions to dismiss on the basis that plaintiff’s HIPAA authorizations sent with her pre-suit notice were incomplete, and that the HIPAA authorizations did not allow defendants to obtain records from the nineteen other providers that were sent notice. After the motion to dismiss was filed, plaintiff amended her complaint, alleging that “all doctors and providers to include Dr. Gross only saw and treated Decedent at Methodist Hospital.” The trial court granted the motion to dismiss, finding that plaintiff had failed to comply with the pre-suit notice requirements and thus was not entitled to the 120-day extension of the statute of limitations, making her complaint untimely, and the Court of Appeals affirmed. The HCLA requires that a plaintiff include with her pre-suit notice a “HIPAA compliant medical authorization permitting the provider receiving the notice to obtain complete medical records from each other provider being sent a notice.” (Tenn. Code Ann. § 29-26-121(a)(2)(E)). The Court of Appeals decided to first analyze defendants’ argument that plaintiff had failed to provide HIPAA authorizations for all required entities, as that issue was dispositive of the appeal. While perfect compliance with the HIPAA authorization component of pre-suit notice is not required, “[s]ubstantial compliance still requires that medical authorizations must sufficiently enable defendants to obtain and review relevant medical records.” (internal citations omitted). “If a plaintiff’s noncompliance with Section 121 frustrates or interferes with the purposes of Section 121 or prevents the defendant from receiving a benefit Section 121 confers, then the plaintiff likely has not substantially complied with Section 121.” (internal citation omitted). Here, plaintiff argued that because defendant doctor treated decedent at defendant hospital, all records were held at defendant hospital, and she only named the one doctor and the hospital as defendants, “she was not required to provide HIPAA-compliant authorizations because this case falls within the one-provider exception recognized by the Tennessee Supreme Court in Bray v. Khuri, 523 S.W.3d 619 (Tenn. 2017)).” Plaintiff argued that defendants doctor and hospital “should be considered one entity for purposes of HIPAA because they were engaged in joint activity under an Organized Health Care Arrangement, and all relevant records were held by the Hospital.” Without deciding whether defendants doctor and hospital would have fallen under the one-provider exception, the Court rejected plaintiff’s arguments because more providers than just the named defendants were sent pre-suit notice in this case. After reviewing similar cases where the one-provider exception was found not to apply, the Court explained:
(internal citations and quotations omitted). The Court also explained that plaintiff’s amendment to her complaint, alleging that all treatment occurred at the hospital, did not change the result here. The Court stated that “the relevant time frame for determining the issue of prejudice was during the pre-suit investigative phase,” and the amendment was not filed until after the motion to dismiss. The Court stated that at the time notice was sent, defendants were not “provided access to the records of [the other nineteen] providers” and “had no way to know that [plaintiff] would file suit against only [defendants].” (internal citation omitted). The Court also noted that plaintiff had not “establish[ed] that the other nineteen providers had no relevant records.” The Court stated:
Because plaintiff failed to provide HIPAA authorizations for all providers being sent notice, she did not comply with the HCLA and was not entitled to the 120-day statute of limitations extension thereunder. Dismissal of her claim based on the statute of limitations was accordingly affirmed. HIPAA authorizations continue to be a much-litigated aspect of the HCLA. While the one-provider exception is helpful to some HCLA plaintiffs, this case and the cases cited therein are reminders that this exception will only apply in very specific fact scenarios.
NOTE: This opinion was released thirteen weeks after oral argument. |
You are subscribed to email updates from Day on Torts. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States |