Missouri's Physician-Patient Privilege Presents Problems
by Amy J. Sokol1
I. Introduction
Hospitals and other healthcare providers have traditionally been caught between two sides-one wanting medical information and the other refusing to release it. Lawyers who represent healthcare providers see the same scenario play out over and over. Example: Two parents are involved in a child custody battle. The attorney representing the father requests the mother's medical record. The healthcare provider asks the requesting attorney to get the mother's authorization to release the medical record. The mother refuses to sign the authorization (or the attorney does not attempt to get the authorization signed) so the attorney sends a subpoena duces tecum to the provider requiring the provider to appear at a medical records deposition with the medical records. The letter accompanying the subpoena usually states that the provider may send the medical records with a medical records affidavit to the attorney in order to avoid the deposition. Many providers have done this - one provider did exactly this in a child custody case and was sued by the patient. Why? Because in Missouri a subpoena does not waive the physician-patient privilege.
In this scenario the patient was awarded punitive damages of $375,000. The judge reduced these damages to $25,000.2 The damages were awarded even though the other side would have probably acquired the records anyway.3 Hopefully, most providers no longer send medical records in response to a subpoena and require before releasing the records: (1) an authorization from the patient (that complies with HIPAA); (2) a court order; (3) Form 43 (workers' compensation); or (4) a waiver of the physician-patient privilege on the record.
If an attorney receives records in response to a subpoena, the attorney should not review them. According to the Supreme Court of Missouri's decision in the case of State ex rel. Crowden v. Dandurand, "it is professional misconduct for a requesting attorney to review or otherwise use privileged records that a provider mails contrary to a subpoena requiring production of documents at a deposition."4 In the scenario above, the attorney who sent the letter accompanying the subpoena stating that the provider can mail the records instead of appearing at the deposition based on the Crowden case may be subject to professional misconduct, especially if the attorney reviews the records.
II. Why Can't Healthcare Providers Just Send the Records?
The general rule of discovery is that the "[p]arties may obtain [information] regarding any matter" "relevant to the subject matter involved in the pending action" so long as the matter is not privileged.5 In Missouri there are two physician-patient privileges.6 The first privilege, a statutory privilege, is a testimonial privilege and is strictly construed (called the statutory privilege throughout this article). The second privilege, a fiduciary duty, originates from case law and is broadly construed (called the fiduciary duty throughout this article).
The physician-patient privilege in Missouri was created by § 491.060(5), RSMo, which specifically states:
The following persons shall be incompetent to testify:
A physician licensed pursuant to chapter 334, RSMo, a chiropractor licensed pursuant to chapter 331, RSMo, a licensed psychologist or a dentist licensed pursuant to chapter 332, RSMo, concerning any information which he or she may have acquired from any patient while attending the patient in a professional character, and which information was necessary to enable him or her to prescribe and provide treatment for such patient as a physician, chiropractor, psychologist or dentist.7
The physician-patient privilege applies both in civil and in criminal cases and relates to physicians and nurses when acting under the direction of a physician or assisting a physician in treating a patient.
8 The Missouri Court of Appeals held that statements made to a nurse employed by a hospital, who at the time was not working under the direction of the physician, were not privileged.
9 The statutory privilege also applies to medical records.
10 However, this statutory privilege creates only a testimonial privilege relating "to the disclosure of confidential medical information by testimony in court or by formal discovery."
11
On the other hand, case law provides a fiduciary duty of confidentiality not to reveal any medical information received in connection with the treatment of a patient.12 This privilege at times seems almost limitless in its scope. The fiduciary duty, unlike the statutory physician-patient privilege, expands beyond the physician to include hospitals13 and insurance companies.14 The Supreme Court of Missouri stated, "If [confidential] information is disclosed under circumstances where this duty of confidentiality has not been waived, the patient has a cause of action for damages in tort against the physician."15 The Supreme Court of Missouri has also emphasized a physician's ethical duty as articulated by the "American Medical Association's Principles of Medical Ethics."16
Neither the fiduciary duty nor the statutory privilege is absolute, and has been modified or made inapplicable by the legislature in certain types of cases.17 Also, the patient cannot claim the privilege while pursuing a claim or defense in which his own physical, mental or emotional condition has been placed in issue by the patient, because the privilege is considered waived.18
To further complicate matters, Missouri courts have also held that the physician-patient privilege does not prevent disclosure of information that is unnecessary for treatment, such as the name of the patient or the time or place of treatment.19 However, these cases seem to focus on the statutory privilege, which is a testimonial privilege that only applies to formal discovery and trial. It is not clear whether these cases apply to the broader fiduciary duty. For instance, the Missouri Court of Appeals held that the privilege did not attach to testimony that a patient had been involuntarily committed to a mental hospital where a psychiatrist was employed. It does not protect against the disclosure of information acquired in the course of the physician-patient relationship that was not for the purpose of prescribing or providing treatment.20 Similarly, the Court of Appeals held that statements made by a defendant in response to a doctor's questions - in which defendant stated that he had been the driver, not the passenger, in a vehicle involved in a fatal accident - were not encompassed within the privilege because defendant's medical treatment did not depend on the answer.21 Finally, in State v. Henderson, the court held that there was no violation of the physician-patient privilege as pertaining to a nurse-counselor's testimony in court reciting defendant's gratuitous statements that he was going to kill his wife. The court reasoned that at the time of defendant's remarks to the nurse(s), the nurses were not working under the direction of a doctor or psychologist and the defendant was not then receiving treatment.22 These cases seem to be limited to the testimonial privilege and not the fiduciary duty. Based on the Fierstein case, providers may want to assume that the fiduciary duty applies to all information.
III. Who Must Assert the Privilege?
Hospitals, health care providers, and insurance companies are required to assert the privilege on the patient's behalf. The problem is deciding: (1) when to assert the privilege; (2) which privilege to assert; (3) what information is covered by the privilege; and (4) deciding when the privilege has been waived. With the expanding fiduciary duty, it is dangerous for providers not to assert the privilege for any request of information, because if a provider inappropriately discloses information the patient can sue the provider.
IV. Who Can Waive It?
The physician-patient "privilege belongs to the patient, and only [the patient] may waive it."23 The privilege may be waived in numerous ways. The patient may expressly authorize the release of his or her records. Once a patient places the matter of his physical or mental condition in issue in a lawsuit under the pleadings, the patient waives the privilege with respect to any information bearing on the issue.24 Furthermore, a patient can impliedly waive the privilege through an act showing a clear, unequivocal purpose to divulge the confidential information.25 However, "a denial of an allegation [in a lawsuit] cannot constitute a waiver of the physician-patient privilege because to do so would force the patient to choose between suffering judgment by default or waiving the physician-patient privilege."26 When a patient sues a provider for the care the patient received, the patient would waive the physician-patient privilege at trial when the plaintiff presented evidence to substantiate his or her claim.27 Missouri courts have held that the physician-patient privilege is waived once the matter of plaintiff's physical condition is in issue under the pleadings.28 This waiver is a full waiver. There are two reasons that have been articulated for the full waiver. "First, the [physician-patient] privilege only covers matters that are confidential. Once there is a disclosure of the information, . . . it is no longer confidential."29 Second, Missouri courts have prohibited plaintiffs from using the physician-patient "privilege both as a shield and a dagger at one and the same time."30 In essence, this prevents a plaintiff from strategically excluding unfavorable evidence while at the same time admitting favorable evidence.31 Further, the "plaintiff should not be entitled to maintain the privilege through the discovery" stage and prevent the defendant from having knowledge of the medical facts.32
Once the plaintiff makes a decision to enter into litigation, this decision carries with it the recognition that any information within the knowledge of the treating physician relevant to the litigated issues will no longer be confidential. On this point, McCormick states:
It is not human, natural, or understandable to claim protection from exposure by asserting a privilege for communications to doctors at the very same time when the patient is parading before the public the mental or physical condition as to which he consulted the doctor by bringing an action for damages arising from that same condition.33
However, the waiver of the privilege only applies to any information "relevant to the litigated issues."
34
V. HIPAA
HIPAA (the Health Insurance Portability and Accountability Act of 1996) and, more specifically its privacy regulations, have brought privacy and confidentiality issues to the forefront and have added a few new issues. The privacy regulations require that a patient be given access to the protected health information35 in their designated record set. A "designated record set" is defined as
(1) a group of records maintained by or for a covered entity [health plan, clearinghouse, or provider] that is:
(i) [t]he medical and billing records about individuals maintained by or for a covered healthcare provider;
(ii) [t]he enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or
(iii) [u]sed in whole or in part, by or for the covered entity to make decisions about individuals.36
To aid in complying with the privacy regulations, most providers have reviewed their records and decided which records are part of the designated record set. Historically, providers have not given patients access to medical records received from other providers that are contained in the provider's medical record. These records are called secondary medical records. The reasoning behind this decision stems from the fact that providers cannot attest to the completeness and accuracy of records from other providers. Now, arguably, those records are part of the designated record set and must be released. Included at the end of this article are a sample medical authorization and a medical records affidavit that include the release of secondary medical records.
A. Authorization
Another issue is authorizations for the release of medical records. If the authorization is not completely filled out, it should not be honored. If "the expiration date [listed on the authorization] has passed or the expiration event is known"37 to have occurred, then the authorization should not be honored. If the provider knows that material information in the authorization is false or the authorization has been revoked by the patient, then the authorization should not be honored. All authorizations for the release of medical records must meet the requirements listed below.
(i) A description of the information to be used or disclosed that identifies the information in a specific and meaningful fashion.
(ii) The name or other specific identification of the person(s), or class of persons, authorized to make the requested use or disclosure.
(iii) The name or other specific identification of the person(s), or class of persons, to whom the covered entity may make the requested use or disclosure;
(iv) A description of each purpose of the requested use or disclosure. . .
(v) An expiration date or an expiration event that relates to the individual or the purpose of the use or disclosure . . . 38
(vi) A statement that the information used or disclosed pursuant to the authorization may be subject to redisclosure by the recipient and no longer be protected by the Privacy Regulations;
(vii) "[S]ignature of the individual and [the] date. If the authorization is signed by a personal representative of the individual, a description of such representative's authority;"39
(viii) A statement of the patient's "right to revoke the authorization in writing, and either, (A) The exceptions to the right to revoke and a description of how the [patient] may revoke the authorization" or a reference to the Notice of Privacy Practices if the information of revocation of authorizations is contained in the Notice;40
(ix) A statement addressing whether the provider can "condition treatment, payment, enrollment, or eligibility for benefits on the authorization;"41
(x) If a provider "can condition treatment, payment, enrollment, or eligibility for benefits on the authorization," the authorization must list the consequences to the patient if the patient refuses to sign the authorization;42
(xi) A statement that there is the potential that information released pursuant to an authorization may be redisclosed "by the recipient and no longer be protected by" the Privacy Regulations.43
Finally, if a provider seeks an authorization from a patient for a use or disclosure of protected health information, the patient must be given a copy of the authorization. Included at the end of this article is a copy of an authorization that complies with the privacy regulations.
VI. Patient-Litigant Waiver
Even though the patient waives the physician-patient privilege once the petition is filed, most providers still require a signed authorization prior to releasing the records. Providers require authorizations, based on Missouri case law, that the privilege is waived only to the records and information relevant to the litigated issues.44 According to State ex rel. Stecher v. Dowd, authorizations for the release of medical records can be overly broad because (1) they are not "tailored to the pleadings"; (2) they are not limited in time; or (3) they are not addressed to specific health care providers.45 Therefore, "medical authorizations [should] be tailored to the pleadings."46 Anecdotal evidence is that some plaintiffs have failed to promptly provide signed authorizations, which puts the defendant at a distinct disadvantage in defending themselves. An alternative method for dealing with this situation is the process outline in the HIPAA Privacy Regulations.
The privacy regulations allow covered entities (a healthcare provider, plan, or clearing house) to disclose health information in the course of a judicial or administrative proceeding as follows:
(1) in response to an order of a court or tribunal
(2) "[i]n response to a subpoena, discovery request, or other lawful process, that is not accompanied by" a court order if:
(A) [t]he covered entity receives satisfactory assurance[s] . . . from the party seeking the information that reasonable efforts have been made by [the] party [seeking the information] to ensure that the" patient whose information is being requested "has been given notice of the request"; or
(B) [t]he covered entity receives satisfactory assurance . . . from the party seeking the information that reasonable efforts have been made . . . to secure a qualified protective order.47
VII. Law Enforcement
Some of the more difficult and controversial aspects of the merging of HIPAA and Missouri law relate to disclosure of medical information to police and prosecutors. These issues arise because the privacy regulations allow more lenient disclosure than Missouri law. If Missouri law is more stringent than HIPAA, Missouri law preempts HIPAA.48 The HIPAA Privacy Regulations create a floor of privacy protections, not a ceiling. Just because the privacy regulations permit disclosure of information or records does not mean that that disclosure is permissible under state law.
The privacy regulations provide that the following apply to disclosures to police officials if (1) the disclosure is required by law; or (2) the disclosure is
(ii) [i]n compliance with and as limited by the relevant requirements of: (A) A court order or court-ordered warrant, or a subpoena or summons issued by a judicial officer; (B) A grand jury subpoena; or (C) An administrative request, including an administrative subpoena or summons, a civil or an authorized investigative demand, or similar process authorized under law, provided that: (1) The information sought is relevant and material to a legitimate law enforcement inquiry, (2) The request is specific and limited in scope to the extent reasonably practicable in light of the purpose for which the information is sought; and (3) De-identified information could not reasonably be used.49
However, remember that in Missouri a subpoena
does not waive the privilege.
The privacy regulations provide that protected health information may be disclosed in response to a law enforcement official's request for such information for the purpose of identifying or locating a suspect, fugitive, material witness, or missing person provided that . . . only the following information [is] disclosed:
(A) Name and address;
(B) Date and place of birth;
(C) Social security number;
(D) ABO blood type and rh factor;
(E) Type of injury;
(F) Date and time of treatment;
(G) Date and time of death, if applicable; and
(H) A description of distinguishing physical characteristics, including height, weight, gender, race, hair and eye color, presence or absence of facial hair . . . scars, and tattoos.
(ii) Except as permitted [above] . . . protected health information related to the individual's DNA or DNA analysis, dental records, or typing, samples or analysis of body fluids or tissue[s may not be disclosed for the purpose of identification or location.]51
However, whether Missouri law - especially a provider's fiduciary duty of confidentiality - provides more protection than the privacy regulations and thus preempts the privacy regulations is very difficult to ascertain. Does a provider's fiduciary duty of confidentially extend to cover this information as well? The Missouri Court of Appeals in
Fierstein v. DePaul Health Ctr. stated that "[i]f a physician discloses
any information, without first obtaining the patient's waiver, then the patient may maintain an action for damages in tort against the physician."
52 Should providers, who are caught between law enforcement officials and patients, be forced to make this decision? Providers may want to take a conservative approach and assume this information is included in their fiduciary duty of confidentiality unless Missouri law requires or permits disclosure of the information.
The privacy regulations also provide that protected health information may be disclosed
in response to a law enforcement official's request for such information about an individual who is or is suspected to be a victim of crime [if:]
(ii) The individual agrees to the disclosure; or
(iii) [T]he individual's agreement [cannot be obtained] because of incapacity or other emergency circumstance provided that:
(A) The law enforcement official represents that such information is needed to determine whether a violation of law by [someone] other than the victim has occurred, and such information is not intended to be used against the victim;
(B) The law enforcement official represents the immediate law enforcement activity that depends upon the disclosure would be materially and adversely affected by waiting until the individual is able to agree to the disclosure; and
(C) The disclosure is in the best interests of the individual.53
If the circumstances permit, the patient should be asked if he or she wants information released to law enforcement. If the patient states that he or she does not want information disclosed, it should not be disclosed.
Protected health information may also be disclosed to a law enforcement official about a deceased individual "for the purpose of alerting law enforcement" about a suspicion that the death occurred from criminal conduct.54 Protected health information that "constitutes evidence of criminal conduct that occurred on the premises" may be disclosed to a law enforcement official. 55 Protected health information may be disclosed to a law enforcement official by "[a] covered health care provider providing emergency health care in response to a medical emergency, other than such emergency on the premises of the covered health care provider, . . . if such disclosure appears necessary to alert law enforcement to: (A) The commission and nature of a crime; (B) The location of [the] crime or victim(s) . . . ; and (C) The identity, description, and location of the perpetrator."56
Once again, how this list of permissible disclosures to law enforcement meshes with Missouri law is a mystery. Can the fiduciary duty of confidentiality be expanded to include this information? Prior to the case of Ingram v. Mutual of Omaha Ins. Co., no one thought the fiduciary duty of confidentiality would be expanded to include insurance companies. A provider or an attorney representing a provider must now decide whether to release this information or counsel a client to refuse to disclose it. It is impractical to require a small evidentiary hearing in the emergency department every time a police officer requests information. Attached to this article are draft guidelines on how to handle these issues. Absent case law or statutory guidance, the guidelines are conservative and err on the side of protecting patient confidentiality.
One of the more controversial aspects of the release of information involves when police request information about a patient involved in a motor vehicle accident. There are several statutes and a Supreme Court of Missouri case that address this issue. In Rodriguez v. Suzuki Motor Corp.,57 the Supreme Court of Missouri decided the admissibility of a blood alcohol test in a civil case where the patient had sued the vehicle manufacturer for a rollover. The manufacturer tried to get into evidence the patient's blood alcohol tests. The Court held that the "[b]lood alcohol tests that were necessary as part of [the patient's] treatment, [were] privileged; those that were not, are discoverable and admissible at trial."58 If the car manufacturer could produce evidence that the blood alcohol tests were not for treatment, then the blood alcohol tests could be admitted. The Court stated that "blood alcohol tests are different . . . [because] many blood alcohol tests are conducted not for purposes necessary for treatment of the patient, but for purposes of law enforcement."59 The Court went on to state that blood alcohol testing for purposes other than the patient's treatment and absent a request from law enforcement, "even when innocently conducted, may technically constitute an assault on the patient and a breach of medical ethics."60 According to the Court, although "an officer has the authority under [Missouri law] to order a blood alcohol test to be taken, that authority arises only when the person to be tested has been placed under arrest."61 The Supreme Court of Missouri in this case clearly states that the patient must be under arrest prior to a request for a drug/alcohol test. The guidelines drafted with this article try to take this additional case law into account.
Another issue involving the police is responding to cascade alerts. Cascade alerts are sent by law enforcement when they are looking for an individual. Usually the cascade alerts do not contain a name, only a description. Providers should carefully consider the cascade alerts to which they respond. Certainly, providers may respond to cascade alerts requesting information on a patient with gunshot wounds or an alert concerning elder or child abuse or neglect because the privilege is clearly waived. Providers may respond to cascade alerts that identify a patient by name and the patient is in the facility directory. Physicians may also respond to a cascade alert that involves a patient who appears intoxicated and was involved in a motor vehicle accident, because this is a disclosure allowed under Missouri law. Responding to other cascade alerts - such as (1) alerts with only a description that do not fall into a category above; and (2) alerts with a name but the patient has opted out of the facility directory that do not fall into a category above - should be carefully reviewed. According to the Fierstein case, the information is covered by the duty of confidentiality and should not be disclosed absent a waiver of the privilege (either by the patient or under Missouri law).
VII. Ex Parte Communications
Another interesting and more settled issue is ex parte communications with a physician. Within the formal discovery process, confidential information is precluded from discovery pursuant to the statutory duty.62 Outside of the formal discovery process, physicians are also obligated not to disclose confidential medical information because of the fiduciary duty.63 If a patient brings a personal injury case, the patient waives both the testimonial privilege and the fiduciary duty of confidentiality. However, these waivers only extend to information bearing on the medical issues in the personal injury case. If a physician engages in ex parte communications without a waiver of the privilege or discloses information beyond the scope of the waiver, then the patient may sue the physician for breach of fiduciary duty.64 A physician can refuse to be involved in ex parte discussions. If a physician refuses, then the only option is to take the physician's deposition.65
VIII. Conclusion
The privacy regulations caused providers to review their policies and procedures for releasing information about patients. Information that was routinely disclosed before may no longer be disclosed. Providers and their counsel may not mail medical records in response to a subpoena; a patient's authorization to release the records or a court order is required. Release to law enforcement of information about patients should be reexamined.
The legislature is in the best position to determine what information should be released to the police and in what circumstances. For instance, Missouri law requires reporting of gunshot wounds. The law could be expanded to include reporting stab wounds as well. The law could allow the release of information to police to help them in locating a suspect, fugitive, material witness, or missing person as allowed by the privacy regulations. Any legislation that is passed should provide immunity for any disclosure made in good faith. Until the law is clarified, providers should carefully review all disclosures of information.
Sample Medical Records Affidavit
Sample Authorization
Model Guidance - Law Enforcement
Footnotes
1 Ms. Sokol received her J.D. and M.H.A. from St. Louis University. She serves as the vice-president/general counsel of Carondelet Health and is also an adjunct professor at Rockhurst University, teaching health law. Ms. Sokol would like to thank Dolores Buchanan and Betty Sola for their invaluable assistance with this article.
2 Fierstein v. DePaul Health Ctr., 24 S.W.3d 220 (Mo. App. E.D. 2000).
3 Id. Missouri Court of Appeals stated that it is "irrelevant that there was a possibility that the medical records ultimately would have been released." Id.
4 State ex rel. Crowden v. Dandurand, 970 S.W.2d 340, 343 (Mo. banc 1998) (referring to Rule 4-8.4(d).) In Crowden, the plaintiff objected to the "overbroad" subpoena; however, the Court noted that the subpoena was just as broad as the plaintiff's petition and amended petition. Id.
5 Mo. R. Civ. P. 56.01(b)(1).
6 This article addresses the impact of the physician-patient privilege on medical records -excluding mental health treatment records, drug and alcohol treatment records, HIV/AIDS information, and genetic information. These types of information may have additional protections under federal and state laws. See, for example, § 191.656, RSMo Cum. Supp. 2002 (HIV/AIDS); § 375.1309, RSMo 2000 (genetic information); and. § 630.140, RSMo 2000 (mental health records).
7 Section 491.060(5), RSMo 2000. "The policy [supporting] the statute is to protect the patient by allowing him to make full disclosure without fear that the information will be used against him." Leritz v. Koehr, 844 S.W.2d 583, 584 (Mo. App. E.D. 1993).
8 State v. Shirley, 731 S.W.2d 49, 52 (Mo. App. S.D. 1987).
9 Id.
10 Leritz v Koehr, 844 S.W.2d 583, 584 (Mo. App. E.D. 1993).
11 St. Louis Little Rock Hosp., Inc., v. Gaertner, 682 S.W.2d 146, 151 (Mo. App. E.D. 1984).
12 Brandt v. Medical Defense Assocs., 856 S.W.2d 667, 669 (Mo. banc 1993).
13 Id.
14 See Ingram v. Mutual of Omaha Ins. Co., 170 F. Supp. 2d 907 (W.D. Mo. 2001).
15 Brandt, 856 S.W.2d. at 670.
16 See State ex rel. Woytus v. Ryan, 776 S.W.2d 389, 392-93 (Mo. banc 1989).
17 For example: (1) gunshot wounds (§ 578.353, RSMo 2000); (2) reporting child abuse or neglect, (§ 210.140, RSMo Cum. Supp. 2002); (3) reporting elder abuse or neglect (§ 565.188, RSMo 2000); (4) civil detention proceedings under (§ 632.425, RSMo 2000); and (5) proceedings in termination of parental rights (§ 431.062, RSMo 2000).
18 See State ex rel. McNutt v. Keet, 432 S.W.2d 597, 601 (Mo. banc 1968); State v. O'Toole, 884 S.W.2d 100, 103 (Mo. App. E.D. 1994). See Rule Mo. R. Civ. P. 60.01.
19 State ex rel. Husgen v. Stussie, 617 S.W.2d 414, 415-16 (Mo. App. E.D. 1981); Gozenbach v. Lasky, 641 S.W.2d 430, 432 (Mo. App. E.D. 1982) (furnishing identity of health care provider who had treated patient).
20 Price v. Price, 311 S.W.2d 341, 349 (Mo. App. S.D. 1958).
21 State v. Lewis, 735 S.W.2d 183, 187 (Mo. App. S.D. 1987).
22 824 S.W.2d 445 (Mo. App. E.D. 1991).
23 McClelland v. Ozenberger, 805 S.W.2d 264, 267 (Mo. App. W.D. 1991).
24 Brandt, 856 S.W.2d at 671, State ex rel. Husgen v. Stussie, 617 S.W.2d 414, 416 (Mo. App. E.D. 1981).
25 State ex rel. Gonzenbach v. Eberwein, 655 S.W.2d 794, 796 (Mo. App. E.D. 1983).
26 Rodriguez v. Suzuki Motor Corp., 996 S.W.2d 47, 63 (Mo. banc 1999) citing State ex rel. Hayter v. Griffin, 785 S.W.2d 590, 593 (Mo. App. W.D. 1990).
27 Brandt, 856 S.W.2d at 671.
28 Id. at 671.
29 Id.
30 Id. at 672 citing State ex rel. McNutt v. Keet, 432 S.W.2d 597, 601 (Mo. banc 1968).
31 Id. at 672.
32 Id. at 673.
33 Id. at 674 citing McCormick on Evidence § 103. The court went on to state: "A trial under our system is a public event; it is not unreasonable to require a plaintiff who is asserting a claim against a defendant in which the plaintiff's physical condition is at issue to forego the confidentiality that would otherwise prevent the disclosure of this information." Id.
34 State ex rel. Norman v. Dalton, 872 S.W.2d 888, 890 (Mo. App. E.D. 1994).
35 45 C.F.R. 160.103. Protected health information (PHI) is defined as any information that is transmitted or maintained "in any form or medium that - (A) [i]s created or received by a health care provider, health plan, . . . employer, . . . or health care clearinghouse; and (B) relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual"; and (C) identifies or reasonably could be used to identify the individual. Pub. L. No. 104-191, SEC 1171(c). PHI does not include de-identified information, education records covered by the Family Educational Rights and Privacy Act, education records described at 20 U.S.C. § 1232g(a)(4)(B)(iv), and employment records maintained by a covered entity in its role as an employer.
36 45 C.F.R. § 164.501.
37 45 C.F.R. § 164.508(b)(2)(i).
38 "The statement 'at the request of the individual' is a sufficient description . . . when [the patient] initiates the authorization and does not . . . [want to] provide a statement of the purpose." 45 C.F.R. § 164.508(c)(iv). "The statement 'end of the research study' [or] 'none' [can be used] if the authorization is for a use or disclosure of protected health information for research, including for the creation and maintenance of a research database or research repository." 45 C.F.R. § 164.508(c)(v).
39 45 C.F.R. § 164.508(c)(vi).
40 45 C.F.R. § 164.508(c)(vi)(2)(i)(A).
41 45 C.F.R. § 164.508(c)(2)(ii).
42 45 C.F.R. § 164.508(c)(2)(ii)(B).
43 45 C.F.R. § 164.508(c)(2)(B)(iii). There are additional issues dealing with the release of psychotherapy notes that are outside the scope of this article.
44 State ex rel. Stecher v. Dowd, 912 S.W.2d 462, 464 (Mo. banc 1995).
45 Id. at 464-65.
46 Id. at 464.
47 See 45 C.F.R. § 164.512(e)(1)(i) - § 164.512(e)(1)(ii)(B) for the definition of satisfactory assurances.
48 The privacy regulations were intended to provide a floor of protection. In instances where the state law was more stringent, the state law would preempt the privacy regulations. More stringent is defined by the privacy regulations to mean: "A state law that meets one of the following criteria: (1) With respect to a use or disclosure, the law prohibits or restricts a use or disclosure"; the privacy regulations allow the use or disclosure (however, the law cannot restrict access by the Secretary of DHHS or the patient); (2) permits greater rights to the patient to access or amend their information; "(3) With respect to information to be provided to [a patient,] . . . about a use, a disclosure, rights, and remedies, provides the greater amount of information[;] (4) With respect to the form," substance, or the requirement for express legal permission from a patient to use or disclose protected "health information, provides requirements that narrow the scope or duration" (e. g., authorizations expire after one year); "increase the privacy protections [for], or reduce the coercive effect of the circumstances surrounding" the express legal permission; "(5) With respect to recordkeeping or requirements relating to accounting of disclosures, provides for the retention or reporting of more detailed information or for a longer duration[; and] (6) With respect to any other matter, provides greater privacy protection for the [patient]. 45 C.F.R. § 160.202.
49 45 C.F.R. § 164.512(f)(1)(ii).
50 Section 56.085, RSMo Cum. Supp. 2002.
51 45 C.F.R. § 164.512(f)(2)(i) and 45 C.F.R. § 164.512(f)(2)(ii).
52 Fierstein, 949 S.W.2d at 92 (emphasis added).
53 45 C.F.R. § 164.512(f)(3).
54 45 C.F.R. § 164.512(f)(4). In Missouri, a suspicious death is reported directly to the coroner or the medical examiner and law enforcement may follow up on behalf of the coroner/medical examiner.
55 45 C.F.R. § 164.512(f)(5).
56 45 C.F.R. § 164.512(f)(6).
57 996 S.W.2d 47, 62 (Mo. banc 1999).
58 Id. at 62.
59 Id.
60 Id. at 63. Emphasis added.
61 Id. Emphasis added.
62 Section 491.060(5), RSMo 2000.
63 State ex rel. Norman v. Dalton, 872 S.W.2d 888, 890-91 (Mo. App. E.D. 1994).
64 Brandt, 856 S.W.2d at 674 (breach of fiduciary duty).
65 Id. at 674.