Non-compliant HIPAA Authorization Leads to Dismissal of Tennessee Malpractice Case

Where a Tennessee HCLA plaintiff sent a HIPAA authorization that failed to allow the defendants to obtain records from each other, the trial court’s finding that plaintiff did not comply with the statutory requirements and that the suit was thus time-barred was affirmed.

In Dial v. Klemis, No. W2019-02115-COA-R3-CV (Tenn. Ct. App. Nov. 2, 2020), plaintiff was the daughter of a patient who died after a cardiac stent procedure. The procedure was performed by defendant Dr. Klemis, who was an employee of defendant Stern Cardiovascular Foundation, and the procedure occurred at defendant Methodist Hospital, with defendant Methodist employees assisting.

Before filing this healthcare liability suit, plaintiff sent pre-suit notice as required by the HCLA, including a HIPAA authorization pursuant to Tenn. Code Ann. § 29-26-121(a)(2)(E). Plaintiff admitted, though, that the HIPAA forms she sent did “not allow each of the Defendants to obtain complete medical records from each other provider being sent notice,” which is a requirement of the HCLA. Defendants filed motions to dismiss asserting that because plaintiff’s HIPAA authorizations were non-compliant, she was not entitled to the 120-day extension of the statute of limitations granted by the HCLA, and that her suit which was filed more than one year after the allegedly negligent procedure was therefore time-barred. The trial court agreed, dismissing the case, and the Court of Appeals affirmed.

On appeal, plaintiff did not deny that the HIPAA authorizations she provided only allowed defendants to access their own records. Instead, she argued that defendants were not prejudiced by her “so-called technical violations,” arguing that “each medical care provider had access to all of the necessary medical records[.]”

Rejecting plaintiff’s argument, the Court of Appeals noted that while “prejudice, or lack thereof, is a relevant line of inquiry,” it is not a “separate and independent analytical element.” (internal citation omitted). Instead, prejudice is considered when evaluating whether a plaintiff has substantially complied with the statute. In this case, the Court found that the “demonstrated lack of access to records by both the Methodist and the Stern Defendants was evidence of prejudice because it showed that both were ‘deprived…of a benefit [the HCLA] confers.’” (internal citation omitted). The Court explained:

[W]e are of the opinion that [plaintiff] has not successfully demonstrated that no prejudice resulted from her noncompliance in this matter. …Such a proposition may have perhaps been established had [plaintiff] offered proof that the non-Methodist records were not, in fact, related to the decedent’s internal carotid stenosis, but this did not occur. …[T]he trial court was certainly free to reject the pure legal proposition that any non-hospital records were somehow irrelevant, as do we. Although we certainly agree that the Methodist records are relevant, these are not the only records that exist pertaining to the subject matter of the decedent’s internal carotid stenosis. …[Plaintiff’s] counsel conceded in this litigation that there were records other than those belonging to the Methodist Defendants.

…Here, there are clearly other records that both Defendants do not have access to, and we reject [plaintiff’s] apparent contention that records held by the Stern Defendants are somehow irrelevant just because the subject procedure involving the decedent took place at Methodist Hospital. Access should have been afforded to all of the decedent’s records concerning his internal carotid stenosis, and all Defendants should have been provided with a HIPAA authorization permitting them to effectuate a review of all of these records.

(internal citations omitted).

Because the HIPAA authorizations provided by plaintiff did not substantially comply with the HCLA, plaintiff was not entitled to an extension of the statute of limitations. The Court of Appeals therefore affirmed dismissal on the grounds that the suit was untimely.

The HIPAA authorization continues to be a problem for HCLA plaintiffs, resulting in the dismissal of many potentially meritorious claims. When sending pre-suit notice, care must be taken to ensure that the HIPAA authorization included with the pre-suit notice meets the statutory requirements.

NOTE:  this opinion was released six weeks after oral argument.

Contact Information