HIPAA authorization deemed compliant despite return of no records.

Where plaintiffs filed an Tennesseee medical malpractice (HCLA) claim on behalf of their stillborn child and made no claims “for damages for harm or injury to Savannah Jackson (‘Mother’),” the HIPAA authorization form provided by plaintiffs that identified the stillborn child as the patient and released records in his name was proper, and the claims commission was correct to deny summary judgment to defendants. The fact that the health care providers did not have records under the child’s name and thus did not disclose any records in response to defendants’ request did not change that analysis. In Jackson v. State, No. E2020-01232-COA-R9-CV (Tenn. Ct. App. April 20, 2021), plaintiffs were the parents of a stillborn child. Plaintiffs sent proper pre-suit notice with a HIPAA authorization to defendant, and the authorization stated that the patient name was “Branson Vance Jackson,” the name of the deceased child. Plaintiff mother signed the authorization in her capacity as the mother, but no HIPAA authorization was sent regarding the mother’s files, as no “claim was presented for damages for harm or injury” to the mother.

The State sent the HIPAA authorization to four medical providers who were sent notice and identified by plaintiff, and none of the providers produced any medical records in response to the request. Two providers specifically responded that they had no record of a patient with that name or date of birth on file.

After it failed to procure medical records, defendant filed a motion for summary judgment, asserting that plaintiffs had failed to comply with Tenn. Code Ann. § 29-26-121(a)(2)(E). The Claims Commission denied summary judgment, ruling that there were no “errors or omissions that defeat substantial compliance” in the HIPAA authorization, and that “the fact that the records custodian did not turn up records showing ‘Branson Jackson’ does not necessarily conclude that the release was substantially defective, especially where there is no indication in the hospital’s response that the search encompassed the mother Savannah Jackson.” On appeal, denial of the motion for summary judgment was affirmed.

The HCLA requires that a plaintiff’s pre-suit notice be accompanied by a HIPAA authorization “that is sufficient to allow the defendant to obtain…medical records from the other providers being sent the notice.” (internal citation omitted). Defendant claimed that plaintiffs did not satisfy this requirement because “the medical authorization expressly applies only to Decedent’s records and not to Mother’s records,” and that “Mother [was] the relevant patient” here. While the complaint did refer to the mother’s medical treatment, asserting that she was admitted to the ICU rather than labor and delivery and that she “had a known history of diabetes and of a prior hospitalization for diabetic ketoacidosis,” the Court did not accept defendant’s argument that the mother was the relevant patient.

In its analysis, the Court took note of plaintiffs’ argument that the HCLA differentiates between the “claimant” and the “patient,” and that the statute requires the HIPAA authorization to include the name and date of birth of the patient, who in this case was the deceased child. Plaintiffs also pointed out that “under Tennessee law governing wrongful death claims, a viable fetus is deemed to be a person,” and thus asserted that “Decedent was a separate and distinct person and patient from Mother,” and that “[t]he only patient and person for whom damages are sought is Decedent.” After noting these arguments, the Court reasoned:

As noted by Parents, in the matter at hand, there are no allegations that the authorization permits release to an incorrect party, that the information is in error, that the wording of the authorization does not comport with HIPAA, or that there is no capacity on the part of the signer. Parents observe that a letter from State’s counsel to Erlanger provides: ‘Enclosed you will find a copy of a properly executed HIPAA Authorization…in compliance with T.C.A. § 29-26-121.’ Parents contend that the problem in this case is that the records custodians for Erlanger Medical Center and Regional Obstetrical did not archive records based upon Decedent’s name. …It is unreasonable to place upon Parents the burden of predicting how a medical provider will identify and archive its records and to anticipate how a records custodian will respond to an otherwise properly executed medical authorization. Because it is impossible to sever an infant’s prenatal history from a mother’s history, the prenatal care records bearing Mother’s name during the period Decedent was in utero were, for all purposes, the medical records of decedent.

(internal citations omitted). Because it found no error in the HIPAA authorization, the Court ruled that summary judgment was properly denied because “Plaintiffs substantially complied with the requirements of Tennessee Code Annotated section 29-26-121(a)(2)(E).”

The Court was correct to affirm the Claims Commission and hold that plaintiffs substantially complied with the HIPAA authorization requirement in this case, as defendant failed to point out any alleged deficiencies in the authorizations. As the Commissioner wrote, “the fact that the records custodian did not turn up records showing ‘Branson Jackson’ does not necessarily conclude that the release was substantially defective…[.]”

Contact Information