Second HIPAA authorization sent after statute of limitations had run could not cure previous defects.

Where plaintiff’s initial HCLA pre-suit notice included HIPAA authorizations that were left blank, and plaintiff’s supplemental authorization that attempted to correct the problem was sent after the one-year statute of limitations on his claim had run, dismissal was affirmed.

In Carrasco v. North Surgery Center, LP, No. W2019-00558-COA-R3-CV (Tenn. Ct. App. May 28, 2020), plaintiff filed a health care liability suit against defendants based on “injuries sustained by a guidewire left in the plaintiff’s neck following a procedure.” Prior to filing his suit, plaintiff sent defendants a pre-suit notice letter on August 31 and September 1, 2016, that was accompanied by the HIPAA authorizations required by Tenn. Code Ann. § 29-26-121(a)(2)(E). The authorizations, however, contained blanks that were not filled in, and “plaintiff concede[d] that the authorizations did not substantially comply with the requirements of the [HCLA].” Later, on November 2, 2016, plaintiff sent new authorizations which purportedly corrected the issues with the first set of authorizations. In paragraph three of the new authorizations, however, the information to be used or disclosed named “Narinder Sanwal, Deceased,” instead of plaintiff.

Defendants filed a motion to dismiss based on the noncompliant HIPAA authorizations, which the trial court granted, and the Court of Appeals affirmed.

The HCLA requires that a plaintiff’s pre-suit notice to defendants be accompanied by a HIPAA compliant authorization allowing defendants to obtain plaintiff’s medical records. While only substantial compliance with this portion of the HCLA is required, “substantial compliance requires a degree of compliance that provides the defendant with the ability to access and use the medical records for the purpose of mounting a defense.” (internal citation omitted).

Here, the first set of forms was timely sent but had blanks and incorrect dates, and plaintiff conceded that these forms did not comply with the HCLA requirements. The Court did not decide whether the second authorizations substantially complied with the statute. Instead, the Court of Appeals ruled that because the second authorization forms sent in November were sent to defendants after the one-year statute of limitations had run, they “could not be used to supplement the admittedly defective authorizations that were provided within the statute of limitations.” Because the HIPAA authorizations sent within the statute of limitations were not compliant, plaintiff was not entitled to the 120-day extension of the limitation period, and his claim was thus untimely. Dismissal was affirmed.

Once again we see an HCLA plaintiff thwarted by the HIPAA authorization portion of the pre-suit notice requirement. Plaintiffs planning to file a health care liability claim must pay special attention to their HIPAA authorizations forms, as failure to send a compliant form puts an end to many potentially meritorious claims.

NOTE: This opinion was published four and a half months after oral arguments.

Contact Information