HIPAA as an Evidentiary Rule? an Analysis of Miguel M. and Its Impact
Clark, Jennifer, Journal of Law and Health
INTRODUCTION I. PRIOR LAW: A. The HIPAA Privacy Rule B. Suppression C. Prior Cases Addressing the Applicability of Suppression to HIPAA Violations II. IN RE MIGUEL M A. Background B. Trial Court Ruling C. Second Department Decision D. Court of Appeals Decision III. ANALYSIS A. Criminal Trials B. Civil Trials C. Administrative Hearings IV. CONCLUSION
Since the implementation of the Health Insurance Portability and Accountability Act Privacy Rule (1) ("HIPAA Privacy Rule") in 2000, attorneys and courts have been scrambling to determine its impact on the admissibility of various types of medical evidence. This is particularly the case where parties have obtained medical evidence without a HIPAA authorization form which they seek to introduce in court. In New York, most courts have avoided addressing such HIPAA violations by falling back on the physician-patient privilege. (2) Of the handful of New York's lower courts which have addressed the issue, most have followed the majority opinion of other states, finding suppression for violations to be inappropriate. (3)
On May 19, 2011, New York's highest court reached a different conclusion. (4) In the case In re Miguel M., after a party introduced medical records it had obtained from hospitals without the patient's authorization in a hearing to compel that patient to receive assisted outpatient treatment, the Court of Appeals found those records should have been suppressed. While the Court of Appeals found suppression appropriate for the HIPAA violations in Miguel M., it provided scant analysis of the issue and limited its decision to the facts of the case. Accordingly, Miguel M. should not be construed as creating a bright line rule of evidence prohibiting all evidence obtained without the requisite HIPAA authorization. It is, however, the first decision by the Court of Appeals on the issue, and necessarily will be looked to as precedent. This Article puts Miguel M. into the context of pre-existing caselaw and suggests how it can be used as guidance in determining whether suppression is appropriate in various types of cases.
Part I of this Article explains the requirements of the HIPAA Privacy Rule, provides a background on suppression of evidence, and reviews the prior cases which have addressed whether suppression is an appropriate remedy for HIPAA violations. Part II describes the trial court, appellate court, and Court of Appeals decisions in Miguel M. The Court of Appeals decision is then analyzed in Part III, which also proposes how the holding of the case should be applied in civil, criminal, and administrative hearings. Finally, this Article concludes that In re Miguel M. should be narrowly applied and should not create a new rule of evidence dictating that evidence obtained in violation of HIPAA be per se inadmissible in New York courts.
I. PRIOR LAW:
A. The HIPAA Privacy Rule
In 1996, the legislature enacted the Health Insurance Portability and Accountability Act (HIPAA). (5) HIPAA's stated purpose is "to improve the Medicare program under title XVIII of the Social Security Act, the Medicaid program under title XIX of such Act, and the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information." (6) Indeed, one of the Parts added to the United States Code under HIPAA is titled "Administrative Simplification." (7) Prior to HIPAA's enactment healthcare providers and insurance companies had to follow a complex patchwork of privacy laws that differed from state to state. (8) In order to accomplish its goal of administrative simplification, the Secretary of the united States Department of Health and Human Services ("HHS") created "a national framework for health privacy protection" (9) which has become known as the HIPAA "Privacy Rule. …