When products liability defense counsel first heard of the new privacy regulations issued by the U.S. Department of Health and Human Services under the Health Insurance Portability and Accountability Act of 1996 (HIPAA Privacy Regulations), most counsel probably thought that only their regulatory healthcare colleagues would be affected by these detailed and complicated laws. How great an impact the HIPAA Privacy Regulations will have on product liability litigation in general is yet to be seen, but it is clear that these regulations will have an immediate effect on discovery of medical records. Under the statutory or common law of most states, when a plaintiff files a suit that puts his/her medical or health condition at issue, the plaintiff waives his/her right to privacy, to at least some extent, in his/her medical records. When the HIPAA Privacy Regulations became enforceable on April 14, 2003, this was no longer the case. Because the HIPAA Privacy Regulations provide strict privacy protection for a patient’s medical information, even if the patient filed a lawsuit with his/her health at issue, discovery of the patient’s medical records could become more difficult for product liability defense counsel. However, defense counsel still will have several options to obtain discovery of a plaintiff’s medical records under the HIPAA Privacy Regulations.
What are the HIPAA Privacy Regulations?