Providers Beware: Take Care When Producing Mental Health Records in Response to Nonparty Subpoenas
Get Know How
Stay up-to-date with industry knowledge!
A recent decision by the Supreme Court of Appeals of West Virginia draws a sharp line of distinction for hospitals responding to nonparty subpoenas against the unauthorized disclosure of confidential mental health records. In Barber v. Camden Clark Memorial Hospital, No. 17-0643, the Court reversed the circuit court’s dismissal of Barber’s case against the hospital for its unauthorized disclosure of her mental health records in its response to a nonparty subpoena duces tecum. The Court highlighted the straight guidelines for disclosure of confidential mental health information in W. Va. Code § 27-3-1, which provide that only written authorization by the patient or a court order allows hospitals and other health care providers to release this type of protected health information. This decision opens the door, albeit briefly, for liability for hospitals and health care providers who may inadvertently release confidential mental health information while otherwise lawfully complying with a subpoena.
In the case below, Barber filed a complaint against the hospital alleging unauthorized disclosure of mental health treatment Barber underwent as a teenager. The hospital produced this information in response to a nonparty "subpoena duces tecum" in a federal court matter where it was not a party. Barber did not move to quash or otherwise object to the subpoena in the federal court case and only became aware of the unauthorized disclosure when she was confronted with the information during her deposition.
The hospital moved to dismiss Barber’s complaint on the basis that Barber had authorized the disclosure of her mental health treatment information because she did not move to quash the subpoena or object to the subpoena. The hospital further argued that because it had complied with the Medical Records Act, W. Va. Code §§ 57-5-4a through -4j, and the Health Insurance Portability and Accountability Act (“HIPAA”), Barber could not pursue her cause of action.
The court disagreed with the hospital and reversed the circuit court’s dismissal of Barber’s complaint, finding that failure to object to a subpoena requesting medical records did not constitute a written authorization. The court also found that the confidentiality provisions of W. Va. Code § 27-3-1 controlled for two reasons. First, the statute is “more specific” than the Medical Records Act, which mandates that all health information must be provided in response to a subpoena. Second, the statute provides greater privacy protections than HIPAA, and thus is not federally preempted.
The Barber decision highlights the critical importance of compliance with all protected health information privacy laws and regulations, especially when mental health treatment records are at issue. West Virginia law provides very narrow and specific instances when mental health treatment records may be produced in response to a subpoena or request, and health care providers and hospitals should take care in production of a patient’s care records without the patient’s written consent or a court order, especially if the records could contain any protected mental health treatment information. It is important to note, however, that the narrow requirements for the disclosure of protected mental health information enumerated in West Virginia Code § 27-3-1 has recently been amended and now provides that compliance with HIPAA (in this case, disclosure pursuant to a judicial proceeding in response to a subpoena) permits disclosure of mental health information. This amendment will take effect on June 6, 2018, but the Court’s holding in Barber is a reminder that hospitals and health care providers should revisit their compliance policies and procedures to ensure lawful disclosure of protected health information.
Chief Justice Margaret Workman authored a pointed dissent, opining that the majority “post-hoc burdened” the Hospital “with the impossible task of complying with an incongruous and inapplicable statutory provision regarding mental health records.” Chief Justice Workman’s dissent notes the creation of liability for unsuspecting hospitals and health care providers which otherwise appropriately and meaningfully comply with medical records subpoenas.
Click here for Justice Workman’s dissenting opinion.
Please contact the authors of this alert with any questions regarding this decision and its effect on health care providers’ compliance with privacy laws and regulations.