Where a HIPAA authorization had blanks beside the names of all the providers listed under who was authorized to make disclosures, but none of the blanks were marked or checked, the HIPAA authorization was not compliant with the HCLA requirements.
In Crenshaw v. Methodist Healthcare- Memphis Hospitals, No. W2024-00682-COA-R3-CV (Tenn. Ct. App. May 7, 2025), the plaintiff filed a health care liability suit on behalf of her deceased mother. Per the HCLA statutory requirements, the plaintiff included a HIPAA authorization for the release of the decedent’s medical records with her pre-suit notice. Under the heading “The following individual or organization is authorized to make the disclosure,” the plaintiff listed thirteen providers. Beside each provider’s name there was a small blank. On the authorizations sent with the pre-suit notice, none of the small blanks were checked or marked in any way.
The defendants filed motions to dismiss asserting, among other arguments, that the HIPAA authorizations did not substantially comply with the HCLA statute. The trial court agreed and dismissed the plaintiff’s claims, and the Court of Appeals affirmed.