September 18, 2018
Author: Blake D. Crocker, J.D., LL.M.
Organization: Crocker & Crocker, P.C.
Access to medical records and mental health records is a complex examination of the Michigan Access to Medical Records Act, the Michigan Mental Health Code, and HIPAA Privacy standards and applicable Federal or State case law. While the HIPAA Privacy Rule has garnered most of the attention in the area of medical information privacy regulation, the standards for access, implied authorization or the waiver of the various privileges are more likely controlled by Michigan law under the Michigan Access to Records Act, the Michigan Mental Health Code, Michigan Public Health Code and Michigan case law. This discussion focuses on access to records under Michigan law.
I. Michigan Medical Records Access Act.
A. What Providers Are Covered by the Medical Records Access Act? Access to a “medical record” under Michigan law is currently controlled by the Michigan Medical Records Access Act, MCL §333.26261 et. seq.
Under the Medical Records Access Act, “Medical Record" means information oral or recorded in any form or medium that pertains to a patient's health care, medical history, diagnosis, prognosis, or medical condition and that is maintained by a health care provider or health facility in the process of caring for the patient's health.” MCL § 333.26263(i)
A “health care provider” under the Medical Records Access Act means a person who is licensed or registered or otherwise authorized under article 15 of the public health code, 1978 PA 368, MCL 333.16101 to 333.18838, to provide health care in the ordinary course of business or practice of a health profession. Health care provider does not include a person who provides health care solely through the sale or dispensing of drugs or medical devices or a psychiatrist, psychologist, social worker, or professional counselor who provides only mental health services. MCL § 333.26263(e)
Because the definition of a “health care provider” under the Medical Records Access Act expressly excludes psychiatrist, psychologist, social worker, or professional counselor who provides only mental health services, the right to access the record depends upon which type of health care is provided to the patient. In this section, we will review access to medical records when the health care provided is “any care, service, or procedure provided by a health care provider or health facility to diagnose, treat, or maintain a patient's physical condition, or that affects the structure or a function of the human body.” MCL § 333.26263(d)
A health facility or agency shall comply with the medical records access act. MCL 333.20170
B. Who Is Authorized to Access the Medical Record Kept by a Provider?
Generally, competent adult patients have the right to access their own medical records, see MCL 333.26265(1). Minors who have the right to consent to treatment without a parent are also considered to be a “patient” and have the right to access his or her medical record.
Although it sounds obvious, third parties generally do not have the right to access medical records and historically, a court’s basis for denial of access to medical records are the various “privilege” statutes which recognize such information is privileged, including, but not limited to, MCL 600.2157:
“600.2157 Physician-patient privilege; waiver. Except as otherwise provided by law, a person duly authorized to practice medicine or surgery shall not disclose any information that the person has acquired in attending a patient in a professional character, if the information was necessary to enable the person to prescribe for the patient as a physician, or to do any act for the patient as a surgeon.” (Italics Added)
The Michigan Court of Appeals in Baker v. Oakwood Hospital Corporation, 239 Mich. App. 461 (Mich. Ct. App. 2000), summarized the status of a “privilege” which operates to deny a third party access to medical records as follows:
There is ample Michigan authority to support defendants' argument that the physician-patient privilege is an absolute bar that protects the medical information of nonparty patients, although no case is on all fours. Defendants rely on Schechet v. Kesten, 372 Mich. 346, 126 N.W.2d 718 (1964). In Schechet, the plaintiff, a physician, sued the defendant, a hospital administrator, for defamation, alleging that the defendant attacked his professional competence. Id., at 349, 126 N.W.2d 718. The plaintiff served interrogatories on the defendant that requested the defendant to identify the "cases" (presumably the names of patients and information about their treatments) that induced the defendant to make the censorious statements. Id., at 350, 126 N.W.2d 718. The Michigan Supreme Court held that the physician-patient privilege barred disclosure:
The statute imposes an absolute bar. It protects, "within the veil of
privilege," whatever in order to enable the physician to prescribe,
"was disclosed to any of his senses, and which in any way was
brought to his knowledge for that purpose." (Briggs v. Briggs, 20
Mich. 34, 41 .) Such veil of privilege is the patient's right. It
prohibits the physician from disclosing, in the course of any action
wherein his patient or patients are not involved and do not consent,
even the names of such noninvolved patients. [Id., at 351, 126
N.W.2d 718 (emphasis added).]
* * *
The language of § 2157 is clear in its prohibition of disclosure of
privileged information. In accordance with prior rulings of this
Court, particularly Schechet, that the purpose of the privilege is to
encourage patients' complete disclosure of all symptoms and
conditions by protecting the confidential relationship between
physician and patient, we find requiring the defendant hospitals to
disclose the identity of unknown patients would be in direct
contradiction of the language and established purpose of the
statute. [460 Mich. at 37, 594 N.W.2d 455.]
In 2004, determining who is authorized to access a medical record became a matter of interpreting the provisions of the Medical Records Access Act, MCL 333.26261 et seq. in conjunction with the HIPAA Privacy Rule Regulations issued in 2003. For the first time in Michigan, a statute provided a right of access to medical records.
In 2008, the Michigan legislature clarified the definition of “authorized individuals” who could access medical records to address some confusion relating to the application of the statute when a patient is deceased:
“Evidently, some health care providers found the law unclear with regard to application of Section 2157 of the RJA, and on the advice of legal counsel, denied surviving spouses or children access to the deceased's autopsy report in order to avoid violating the Medical Records Access Act or the Federal Health Insurance Portability and Accountability Act (HIPAA) (which allows state privacy protections that are more restrictive than the Federal requirements). It was suggested that terms in the definition of "authorized representative" should be subject to Section 2157 of the RJA only in the case of the beneficiary of a life insurance policy, and that certain people should be specifically allowed to obtain a copy of a deceased person's autopsy report.
* * *
Under the bill, if the patient is deceased, or for the purpose of obtaining a copy of an autopsy report regarding a deceased patient, "authorized representative" means any of the following:
-- His or her personal representative.
-- His or her heirs at law, including his or her spouse.
-- The beneficiary of his or her life insurance policy, to the extent provided by Section 2157 of the RJA.” Source: Senate Fiscal Agency Bill Analysis, April 17, 2009, Senate Bill 716, Public Act 124, 2008.
The definition of “authorized representative” for purposes of accessing a medical record under the current language law means any of the following:
- A person empowered by the patient by explicit written authorization to act on the patient's behalf to access, disclose, or consent to the disclosure of the patient's medical record, in accordance with this act.
- If the patient is deceased, any of the following:
- His or her personal representative.
- His or her heirs at law including, but not limited to, his or her spouse.
- The beneficiary of the patient's life insurance policy, to the extent provided by MCL 600.2157.
In Paul v. Glendale Neurological Associates, PC, 304 Mich App 357, (Mich. Ct. App., Docket No. 309927, February 20, 2014), in a majority decision, the Court of Appeals granted the defendant’s motion for summary judgment and dismissed the plaintiff’s complaint where the plaintiff sought access to her “medical record”.
In Paul, the plaintiff allegedly injured her shoulder while at work, and filed a worker’s compensation claim. The plaintiff’s employer’s insurance company, Citizens Management, Inc., hired Medicolegal Services, Inc. to obtain an independent medical evaluation (IME) of plaintiff. The plaintiff was examined by Dr. Joseph Salama, who had been contracted by Medicolegal Services. Salama ordered an MRI and an arthrogram of plaintiff’s left shoulder, for which Medicolegal Services hired defendant. The plaintiff received the MRI and arthrogram testing from defendant on January 4, 2011. A report was prepared by the defendant and then sent to Salama, who authored his own report and sent it to Citizens. On February 8, 2011, the plaintiff’s counsel wrote to defendant and requested copies of plaintiff’s “medical chart including office notes, diagnostic test results, consulting physician reports, correspondence, and related documents[.]” The defendant declined to send the requested records.
The plaintiff filed suit, alleging that the defendant denied her access to records of those procedures in violation of the Medical Records Access Act, MCL 333.26261 et seq., and that this denial also constituted “an unfair, unconscionable, or deceptive method, act or practice in the conduct of trade or commerce” in violation of the Michigan Consumer Protection Act. The trial court agreed with the defendant and granted defendant’s motion to dismiss, reasoning that the records plaintiff sought were not “medical records” as defined by the MRAA because plaintiff “present[ed] no evidence that [d]efendant performed any part of its evaluation, ordered the MRI, or created any medical records while caring for [p]laintiff’s health,” and, therefore, plaintiff did not “demonstrate that she has a right to access the records. Thus, [d]efendant [was] entitled to summary disposition of [p]laintiff’s MRAA claim.” The Michigan Court of Appeals, by majority opinion, agreed.
The Michigan Court of Appeals majority panel held that an IME differs significantly from the typical interaction between a physician and patient. “In the particularized setting of an IME, the physician’s goal is to gather information for the examinee or a third party to use in employment or related financial decisions. It is not to provide a diagnosis or treatment of medical conditions.” Dyer v Trachtman, 470 Mich 45, 51; 679 NW2d 311 (2004). The relationship is a “limited” one that “does not involve the full panoply of the physician’s typical responsibilities to diagnose and treat the examinee for medical conditions.” Id. at 50. “[T]he general duty of diagnosis and treatment is inappropriate in the IME setting given the purpose of the examination.” Id. at 52. The dissenting Court of Appeals Justice, Honorable Deborah A. Servitto, disagreed. She reasoned:
”. . . the MRAA contains a specific definition of medical records that the trial court and the majority unnecessarily limited. To qualify as a medical record within the scope of the MRAA, a record must have only two qualities:
(1) it must be “information oral or recorded in any form or medium that pertains to a patient’s health care, medical history, diagnosis, prognosis, or medical condition,” and (2) it must be “maintained by a health care provider or health facility in the process of caring for the patient’s health.” MCL 333.26263(i).
“That the requested records meet the first criterion is not seriously disputed. The doctor conducting the MRI and arthrogram, Dr. Steven Seidman, testified at his deposition that plaintiff’s medical procedures were performed to diagnose whether or not plaintiff had a problem with her shoulder and that his role in the context of his examination of plaintiff was the same as an independent medical examiner as it would have been outside of that context in that he was using the procedures to “[d]iagnose something wrong” with plaintiff.”
“I would further find that the requested records met the second criterion. Again, there is no dispute that the records were maintained by a health care provider. Where the majority and I part ways is our interpretation of the phrase “in the process of caring for the patient’s health.” “[C]aring for the patient’s health” is the verb form of “health care,” which the MRAA defines as “any care, service, or procedure provided by a health care provider or health facility to diagnose, treat, or maintain a patient’s physical condition, or that affects the structure or a function of the human body.” MCL 333.26263(d) (emphasis added). As Dr. Seidman indicated, he was performing the tests in order to diagnose plaintiff; he was performing tests in the process of caring for her health. I would thus find that the second criterion has been met.”
The plaintiff has filed an application for leave to appeal the decision to the Michigan Supreme Court and the application is currently pending.
II. Michigan Mental Health Code.
The Michigan Mental Health Code governs certain basic requirements pertaining to the creation, keeping, and disclosing of the records of mental health services and can be a little more complicated to apply than the Medical Records Access Act. The Mental Health Code requires that information in the record of a recipient of mental health services, and other information acquired in the course of providing mental health services to a recipient, shall be kept confidential. MCL §330.1748 This duty is tempered by the statutory obligation of the provider to involve the family, when appropriate, in the care and treatment of the recipient.
330.1711 Rights of family members.
Sec. 711. Family members of recipients shall be treated with dignity and respect. They shall be given an opportunity to provide information to the treating professionals. They shall also be provided an opportunity to request and receive educational information about the nature of disorders, medications and their side effects, available support services, advocacy and support groups, financial assistance and coping strategies.
History: Add. 1995, Act 290, Eff. Mar. 28, 1996.
The Michigan Administrative Code, Rule 330.7012, recognizes this possible conflict and provides this limited direction to the provider:
R 330.7012 Provider confidentiality obligations.
Rule 7012. Observing the rights of family members specified in section 711 [MCL 330.1711] of the act does not relieve the provider of observing the confidentiality obligations specified in sections 748 and 750 of the act.
History: 1998 AACS.
A complete and current record for each recipient of mental health services must be kept and maintained by the health care provider.
"A complete record shall be kept current for each recipient of mental health services. The record shall at least include information pertinent to the services provided to the recipient, pertinent to the legal status of the recipient, required by this chapter or other provision of law, and required by rules or policies. MCL §330.1746.
The recipient or patient “record” for a mental health services provider is more completely defined in the regulations and includes, for example, a written plan of services, which is described in detail in Rule 330.7199.
The identity of the individual to whom the records pertains shall be protected and shall not be disclosed by the provider unless it is germane to the authorized purpose for which disclosure was sought; and, when practicable, no other information shall be disclosed unless it is germane to the authorized purpose for which disclosure was sought. MCL §330.1748 (2)
Any individual receiving information made confidential by this section shall disclose the information to others only to the extent consistent with the authorized purpose for which the information was obtained. MCL §330.1748(3)
Information made confidential by section 1748 of the Mental Health Code shall be disclosed to an adult recipient, upon the recipient's request, if the recipient does not have a guardian and has not been adjudicated legally incompetent. The holder of the record shall comply with the adult recipient's request for disclosure as expeditiously as possible but in no event later than the earlier of 30 days after receipt of the request or, if the recipient is receiving treatment from the holder of the record, before the recipient is released from treatment. MCL §330.1748
Privileged Communications are afforded special protection. “Privileged Communication" means a communication made to a psychiatrist or psychologist in connection with the examination, diagnosis, or treatment of a patient, or to another person while the person is participating in the examination, diagnosis or treatment. MCL 330.1750 Disclosure of Privileged Communications, as defined by the Mental Health Code, is governed by MCL §330.1750.
Privileged communications shall not be disclosed in civil, criminal, legislative, or administrative cases or proceedings, or in proceedings preliminary to such cases or proceedings, unless the patient has waived the privilege, or unless any of the following apply:
1. If the privileged communication is relevant to a physical or mental condition of the patient that the patient has introduced as an element of the patient's claim or defense in a civil or administrative case or proceeding.
2. If the patient was first informed that such communications could be used in a legal proceeding, then the communications can be used (i) if the privileged communication is relevant to a matter under consideration in a proceeding governed Mental Health Code; (ii) in a legal competency or guardianship proceeding; or (iii) if a privileged communication was made during an examination ordered by a court, but only for that limited purpose.
3. In a civil action by or on behalf of the patient or a criminal action arising from the treatment of the patient against the mental health professional for malpractice.
4. If the privileged communication was made during treatment that the patient was ordered to undergo to render the patient competent to stand trial, but only on issue of competency.
5. For any of the above proceedings, the fact that the patient has been examined or treated or undergone a diagnosis also shall not be disclosed unless that fact is relevant to a determination by a health care insurer, health care corporation, nonprofit dental care corporation, or health maintenance organization of its rights and liabilities under a policy, contract, or certificate of insurance or health care benefits.
Licensed mental health professionals each have a statutory duty under the Mental Health Code to keep information confidential. Psychiatrists are governed by MCL 600.2157 as well as the Mental Health Code provisions discussed above. Below is a listing of the applicable statutory privileges.
Psychologist - MCL 333.18237
A psychologist licensed or allowed to use the title under this part or an individual under his; or her, supervision shall not be compelled to disclose confidential information acquired from an individual consulting the: psychologist in his, or her, professional capacity and which information is necessary to enable the psychologist to render mental health services. The information may be disclosed with the consent of the individual consulting, or if the individual consulting is a minor, with the consent of the minor’s guardian or pursuant to section 16222 if the psychologist reasonably believes it is necessary to disclose the information to comply with section 16222. In a contest on the admission of a deceased individual's will to probate, an heir at law of the decedent, whether a proponent or contestant of the will, and the personal representative of the decedent may waive the privilege created by this section.
Counselor - MCL 333.18117
For the purposes of this part, the confidential relations and communications between a licensed professional counselor or a limited licensed counselor and a client of the licensed professional counselor or a limited licensed counselor are privileged communications, and this part does not require a privileged communication to be disclosed, except as otherwise provided by law. Confidential information may be disclosed only upon consent of the client, pursuant to section 16222 if the licensee reasonably believes it is necessary to disclose the information to comply with section 16222, or under section 16281.
Social Worker - MCL 333.18513
(1) An individual registered or licensed under this part or an employee or officer of an organization that employs the registrant or licensee is not required to disclose a communication or a portion of a communication made by a client to the individual or advice given in the course of professional employment.
(2) Except as otherwise provided in this section, a communication between a registrant or licensee or an organization with which the registrant or licensee has an agency relationship and a client is a confidential communication. A confidential communication shall not be disclosed, except under either or both of the following circumstances:
(a) The disclosure is part of a required supervisory process within the organization that employs or otherwise has an agency relationship with the registrant or licensee.
(b) The privilege is waived by the client or a person authorized to act in the client's behalf.
Mental Health records are also to be disclosed under the following circumstances:
1. Pursuant to orders or subpoenas of a court of record unless the information is made privileged by law; to a prosecuting attorney as necessary for the prosecuting attorney to participate in a proceeding governed by this act;
2. To an attorney for the recipient, with the consent of the recipient, the recipient’s guardian with authority to consent, or the parent with legal and physical custody of a minor recipient;
3. If necessary in order to comply with another provision of law;
4. To the Department of Mental Health if the information is necessary in order for the department to discharge a responsibility placed upon it by law;
5. To the office of the auditor general if the information is necessary for that office to discharge its constitutional responsibility;
6. To a surviving spouse of the recipient or, if there is no surviving spouse, to the individual or individuals most closely related to the deceased recipient within the third degree of consanguinity as defined in civil law, for the purpose of applying for and receiving benefits.
NOTE: "The holder of an individual's record, when authorized to release information for clinical purposes by the individual or the individual's guardian or a parent of a minor, shall release a copy of the entire medical and clinical record to the provider of mental health services MCL 330.1748(10)."
Permitted Disclosures by the Custodian of the Mental Health Record - With Consent: Certain disclosures of confidential information are permitted with the consent of the holder of the record and the patient, guardian, parent with legal custody or court appointed personal representative to providers of mental health services to the recipient; the recipient or his or her guardian or the parent of a minor recipient or any other individual or agency unless in the written judgment of the holder the disclosure would be detrimental to the recipient or others.
Permitted Disclosures by the Custodian of the Mental Health Record - Without Consent:
1. to receive benefits;
2. for research;
3. for evaluation;
4. for accreditation;
5. to providers of mental or other health services or a public agency when there is a compelling need based on a substantial probability of harm to recipient or other individuals; and
6. if required by federal law to a protection and advocacy system designated by the governor. See statute for additional restrictions. MCL 330.1748 The Michigan Administrative Code provides additional guidance on disclosure of confidential information under state law.
“R 330.7051 Confidentiality and disclosure.
Rule 7051. (1) A summary of section 748 of the act shall be made a part of each recipient file.
(2) A record shall be kept of disclosures and shall include all of the following information:
(a). The information released.
(b). To whom the information is released.
(c). The purpose claimed by the person for requesting the information and a statement disclosing how the disclosed information is germane to the purpose.
(d). The subsection of section 748 of the act, or other state law, under which a disclosure was made.
(e). A statement that the receiver of disclosed information was informed that further disclosure shall be consistent with the authorized purpose for which the information was released. History: 1979 AC; 1981 AACS; 1986 AACS; 1990 AACS; 1998 AACS.
III. Access to Mental Health Records.
Section 748(4) of the Mental Health Code mandates disclosure of the Mental Health Record to an adult recipient, upon the recipient's request, if the recipient does not have a guardian and has not been adjudicated legally incompetent. The holder of the record shall comply with the adult recipient's request for disclosure as expeditiously as possible but in no event later than the earlier of 30 days after receipt of the request or, if the recipient is receiving treatment from the holder of the record, before the recipient is released from treatment.
If the recipient is a minor or has a guardian appointed, then the Mental Health Code permits withholding all or part of the Mental Health Record if such disclosure is detrimental to the recipient or others.
Rule 7051(3) of the Michigan Administrative Code, provides some clarification: “(3) Unless section 748(4) of the act applies to the request for information, the director of the provider may make a determination that disclosure of information may be detrimental to the recipient or others. If the director of the provider declines to disclose information because of possible detriment to the recipient or others, then the director of the provider shall determine whether part of the information may be released without detriment. A determination of detriment shall not be made if the benefit to the recipient from the disclosure outweighs the detriment. If the record of the recipient is located at the resident’s facility, then the director of the provider shall make a determination of detriment within 3 business days from the date of the request. If the record of the recipient is located at another location, then the director of the provider shall make a determination of detriment within 10 business days from the date of the request. The director of the provider shall provide written notification of the determination of detriment and justification for the determination to the person who requested the information. If a determination of detriment has been made and the person seeking the disclosure disagrees with that decision, he or she may file a recipient rights complaint with the office of recipient rights of the department, the community mental health services program, or licensed hospital, whichever was responsible for making the original determination. History: 1979 AC; 1981 AACS; 1986 AACS; 1990 AACS; 1998 AACS.
The Michigan Attorney General has issued the following opinion on where in the record is this decision to be recorded:
“Your second question is where must the judgment to withhold information be recorded. Pursuant to 1990 AACS, R 330.7051(6), information may be withheld only "for a documented reason." Although neither the statute nor the rules specifically provide where this documentation is to be kept, 1990 AACS, R 330.7051(2) and (3) require that a summary of section 748 of the Mental Health Code be kept in each recipient's file and that a record be kept of each disclosure.
Therefore, the judgment to withhold disclosure must likewise be recorded in the
file of the recipient of mental health services so that the judgment may be
reviewed by the appropriate administrative or judicial authority upon request.
Michigan Attorney General Opinion No. 6764, August 11, 1993 The Michigan Attorney General also described the appeal process under state law: “Your third question is whether there is any redress if mental health records are withheld under section 748(5)(b) of the Mental Health Code. 1990 AACS, R 330.7051(6) provides that "[a] decision not to disclose may be appealed to the director of the department by the person seeking disclosure, a recipient, a legally empowered guardian, or parents of a minor who consents to disclosure." The Director of the Department of Mental Health is not required to be either a licensed psychiatrist or psychologist. See section 106 of the Mental Health Code. The Director's decision may, of course, be reviewed by the courts. Const1963 art 6, Sec. 28. It is my opinion, therefore, in answer to your third question, that a decision to withhold mental health records may be appealed to the Director of the Department of Mental Health, and the Director's decision may be reviewed by the courts.” Michigan Attorney General Opinion No. 6764, August 11, 1993 R 330.7051(4) covers information to be provided to attorneys, other than prosecuting attorneys, as follows:
(a). An attorney who is retained or appointed by a court to represent a recipient and who presents identification and a consent or release executed by the recipient, by a legally empowered guardian, or by the parents of a minor shall be permitted to review, on the provider's premises, a record containing information concerning the recipient. An attorney who has been retained or appointed to represent a minor pursuant to an objection to hospitalization of a minor shall be allowed to review the records.
(b). Absent a valid consent or release, an attorney who does not represent a recipient shall not be allowed to review records, unless the attorney presents a certified copy of an order from a court directing disclosure of information concerning the recipient to the attorney.
(c). An attorney shall be refused written or telephoned requests for information, unless the request is accompanied or preceded by a certified copy of an order from a court ordering disclosure of information to that attorney or unless a consent or release has been appropriately executed. The attorney shall be advised of the procedures for reviewing and obtaining copies of recipient records. History: 1979 AC; 1981 AACS; 1986 AACS; 1990 AACS; 1998 AACS.
Rule 7051(3) of the Michigan Administrative Code, provides some clarification on the basis for determining the disclosure is detrimental and the procedure to utilize in that situation: “(3) Unless section 748(4) of the act applies to the request for information, the director of the provider may make a determination that disclosure of information may be detrimental to the recipient or others. If the director of the provider declines to disclose information because of possible detriment to the recipient or others, then the director of the provider shall determine whether part of the information may be released without detriment. A determination of detriment shall not be made if the benefit to the recipient from the disclosure outweighs the detriment. If the record of the recipient is located at the resident’s facility, then the director of the provider shall make a determination of detriment within 3 business days from the date of the request. If the record of the recipient is located at another location, then the director of the provider shall make a determination of detriment within 10 business days from the date of the request. The director of the provider shall provide written notification of the determination of detriment and justification for the determination to the person who requested the information. If a determination of detriment has been made and the person seeking the disclosure disagrees with that decision, he or she may file a recipient rights complaint with the office of recipient rights of the department, the community mental health services program, or licensed hospital, whichever was responsible for making the original determination. History: 1979 AC; 1981 AACS;
1986 AACS; 1990 AACS; 1998 AACS.
IV. Licensee’s Duties Which Abrogate the Professional Privilege:
Michigan law obligates health professionals to report suspected child abuse or neglect. This duty overrides the duty of privilege to keep medical information confidential.
A physician, dentist, physician's assistant, registered dental hygienist, medical examiner, nurse, person licensed to provide emergency medical care, audiologist, psychologist, marriage and family therapist, licensed professional counselor, social worker, licensed master's social worker, licensed bachelor's social worker, registered social service technician, social service technician, a person employed in a professional capacity in any office of the friend of the court, school administrator, school counselor or teacher, law enforcement officer, member of the clergy, or regulated child care provider who has reasonable cause to suspect child abuse or neglect shall make immediately, by telephone or otherwise, an oral report, or cause an oral report to be made, of the suspected child abuse or neglect to the department. MCL 722.623 In Lee v. Detroit Medical Center, 285 Mich. App. 51 (2009), leave to appeal denied, 454 Mich 41 (2010), the plaintiff filed suit against defendants, alleging that defendants breached their statutory duty to report suspected child abuse and neglect under MCL 722.623 and 722.633. The defendants argued this type of claim was a claim for malpractice and subject to the malpractice procedural rules. The trial court agreed with defendants and dismissed the plaintiff’s complaint and on appeal the Michigan Court of Appeals reversed, finding “it is clear that an action against a doctor for complying with, or failing to comply with, the act is entirely separate from an action against that doctor for medical malpractice in treating the child.” The court of appeals explained that if a child is presented to a doctor with an inherently non-suspicious injury, the caregiver's explanation is innocent, consistent, and reasonably explains the injury, and there are no other indicia of child abuse or neglect present, the doctor would not reasonably suspect child abuse or neglect and would not be under a duty to report. However, if a doctor reasonably suspected child abuse or neglect, that doctor would be statutorily required to report. As with all other mandated reports, the failure to report when required to do so would be judged by an ordinary negligence standard.
The Mental Health Code specifically directs a mental health professional to review all mental health records and information in the mental health professional's possession to determine if there are mental health records or information that is pertinent to that investigation. Within 14 days after receipt of a request made under this subsection, the mental health professional shall release those pertinent mental health records and information to the caseworker or administrator directly involved in the child abuse or neglect investigation.
The following privileges do not apply to mental health records or information to which access is given under section MCL 330.1748a:
(a). The physician-patient privilege created in section 2157 of the revised judicature act of 1961, 1961 PA 236, MCL 600.2157.
(b). The dentist-patient privilege created in section 16648 of the public health code, 1978 PA 368, MCL 333.16648.
(c). The licensed professional counselor-client and limited licensed counselorclient privilege created in section 18117 of the public health code, 1978 PA 368, MCL 333.18117.
(d). The psychologist-patient privilege created in section 18237 of the public health code, 1978 PA 368, MCL 333.18237.
(e). Any other health professional-patient privilege created or recognized by law.
To the extent not protected by the immunity conferred by MCL 691.1401 to 691.1415, an individual who in good faith gives access to mental health records or information under this section is immune from civil or administrative liability arising from that conduct, unless the conduct was gross negligence or willful and wanton misconduct. MCL 330.1749a(3) The mental health professional’s duty under MCL 330.1749a relating to child abuse and neglect does not alter a duty imposed under another statute, including the child protection law, 1975 PA 238, MCL 722.621 to 722.638, regarding the reporting or investigation of child abuse or neglect. However, the Michigan Attorney General has opined that there is no duty to report child abuse when an adult recipient discloses he or she was abused as a child or when an adult recipient discloses having abuse a child, who is now an adult:
“It is my opinion, therefore, that section 3 of the Child Protection Law does not
impose a duty on a community mental health professional to report child abuse
when an adult recipient of community mental health services discloses that he or
she was abused as a child or when an adult recipient discloses having abused a
child, who is now an adult, unless there is reasonable cause to suspect that there is
a threat of harm to a child.” MI AG Opinion No. 6934 (March 19, 1997).
Other reporting duties include:
(a). Suspected Abuse of Recipient or Resident: Report to Law Enforcement Agency. MCL 330.1723.
The identity of a mental health professional, employee or independent contractor, working for the Department or a provider, who makes a report of suspected criminal abuse of a patient is confidential and is not subject to disclosure without the consent of that individual or by order or subpoena of a court of record. Before the required report becomes part of the recipient's clinical record, the names of the reporting individual and the individual accused of committing the criminal abuse, if contained in the report, shall be deleted. The individual making the report is not required to disclose confidential information or privileged communication unless the suspect is in a DSS operated, sponsored or licensed facility.
(b). Reports to the State of Michigan. MCL 333.16222.
(1) A licensee or registrant having knowledge that another licensee or registrant has committed a violation under section 16221 or article 7 or a rule promulgated under article 7 shall report the conduct and the name of the subject of the report to the department. Information obtained by the department under this subsection is confidential and is subject to sections 16238 and 16244. Failure of a licensee or registrant to make a report under this subsection does not give rise to a civil cause of action for damages against the licensee or registrant, but the licensee or registrant is subject to administrative action under sections 16221 and 16226. This subsection does not apply to a licensee or registrant who obtains the knowledge of a violation while providing professional services to the licensee or registrant to whom the knowledge applies, who is serving on a duly constituted ethics or peer review committee of a professional association, or who is serving on a committee assigned a professional review function in a health facility or agency.
(c). Threat of physical violence against third person. MCL 330.1946
(1) If a patient communicates to a mental health professional who is treating the patient a threat of physical violence against a reasonably identifiable third person and the recipient has the apparent intent and ability to carry out that threat in the foreseeable future, the mental health professional has a duty to take action as prescribed in subsection (2). Except as provided in this section, a mental health professional does not have a duty to warn a third person of a threat as described in this subsection or to protect the third person.
(2) A mental health professional has discharged the duty created under subsection
(1) if the mental health professional, subsequent to the threat, does 1 or more of the following in a timely manner:
(a) Hospitalizes the patient or initiates proceedings to hospitalize the patient under chapter 4 or 4a.
(b) Makes a reasonable attempt to communicate the threat to the third person and communicates the threat to the local police department or county sheriff for the area where the third person resides or for the area where the patient resides, or to the state police.
(c) If the mental health professional has reason to believe that the third person who is threatened is a minor or is incompetent by other than age, takes the steps set forth in subdivision (b) and communicates the threat to the department of social services in the county where the minor resides and to the third person's custodial parent, noncustodial parent, or legal guardian, whoever is appropriate in the best interests of the third person.
(3) If a patient described in subsection (1) is being treated through team treatment in a hospital, and if the individual in charge of the patient's treatment decides to discharge the duty created in subsection (1) by a means described in subsection
(2)(b) or (c), the hospital shall designate an individual to communicate the threat to the necessary persons.
(4) A mental health professional who determines in good faith that a particular situation presents a duty under this section and who complies with the duty does not violate section 750.
• A psychiatrist who determines in good faith that a particular situation presents a duty under this section and who complies with the duty does not violate the physician-patient privilege established under section 2157 of the revised judicature act of 1961, Act No. 236 of the Public Acts of 1961, being section 600.2157 of the Michigan Compiled Laws.
• A psychologist who determines in good faith that a particular situation presents a duty under this section and who complies with the duty does not violate section 18237 of the public health code, Act No. 368 of the Public Acts of 1978, being section 333.18237 of the Michigan Compiled Laws.
• A certified social worker, social worker, or social worker technician who determines in good faith that a particular situation presents a duty under this section and who complies with the duty does not violate section 1610 of the occupational code, Act No. 299 of the Public Acts of 1980, being section 339.1610 of the Michigan Compiled Laws.
• A licensed professional counselor who determines in good faith that a particular situation presents a duty under this section and who complies with the duty does not violate section 18117 of the public health code, Act No. 368 of the Public Acts of 1978, being section 333.18117 of the
Michigan Compiled Laws.
• A marriage and family therapist who determines in good faith that a particular situation presents a duty under this section and who complies with the duty does not violate section 1509 of the occupational code, Act No. 299 of the Public Acts of 1980, being section 339.1509 of the
Michigan Compiled Laws.
• A music therapist who determines in good faith that a particular situation presents a duty under this section and who complies with this duty does not violate section 4.11 of the professional code of ethics of the national association for music therapy, inc., or the clinical relationships section of the code of ethics of the certification board for music therapists.
The Michigan Supreme Court, in Dawe v. Dr Reuvan Bar-Levav & Assoc, PC, 483 Mich 999 (2009), held that MCL 330.1946(1) only modified a mental health professional’s common-law duty to warn or protect a third person when a “threat as described in MCL 330.1946(1) was communicated to the mental health professional because the statute only places a duty on mental health professionals to warn third persons of or protect them from the danger presented by a threat “as described” in MCL 330.1946(1). However, the court held that this statute did not completely abrogate a mental health professional’s separate common-law special relationship duty to protect his or her patients by exercising reasonable care. Therefore, while MCL 330.1946 did abrogate that portion of a mental health professional’s common-law duty to his or her patients that requires the mental health professional to warn one patient of threats by or protect that patient from a second patient to the extent that a second patient (1) makes a threat of physical violence, (2) the threat is against a reasonably identifiable third person (i.e., the first patient), and (3) the second patient has the apparent intent and ability to carry out the threat. MCL 330.1946(1). Under these limited circumstances, a mental health professional would only have a duty to his or her patient (in responding to the threat) to take the actions described in MCL 330.1946(2). Even in that situation, however, MCL 330.1946 would not abrogate the mental health professional’s other common-law special relationship duties to his or her patients,
i.e., duties unrelated to responding to such a threat.
The Director of the United States Office of Civil Rights also confirmed that fulfilling this duty is not a violation of HIPAA. Leon Rodriguez, on January 15, 2013, issued an open letter on this issue, which stated, in part:
“The HIPAA Privacy Rule protects the privacy of patients’ health information but
is balanced to ensure that appropriate uses and disclosures of the information still
may be made when necessary to treat a patient, to protect the nation’s public
health, and for other critical purposes, such as when a provider seeks to warn or
report that persons may be at risk of harm because of a patient. When a health
care provider believes in good faith that such a warning is necessary to prevent or
lessen a serious and imminent threat to the health or safety of the patient or others,
the Privacy Rule allows the provider, consistent with applicable law and standards
of ethical conduct, to alert those persons whom the provider believes are
reasonably able to prevent or lessen the threat. Further, the provider is presumed
to have had a good faith belief when his or her belief is based upon the provider’s
actual knowledge (i.e., based on the provider’s own interaction with the patient)
or in reliance on a credible representation by a person with apparent knowledge or
authority (i.e., based on a credible report from a family member of the patient or
other person). These provisions may be found in the Privacy Rule at 45 CFR §
V. Pre-Emption of Michigan Law by HIPAA?
A. The HIPAA Privacy Rule.
§ 160.203 General rule and exceptions.
A standard, requirement, or implementation specification adopted under this subchapter that is contrary to a provision of State law preempts the provision of State law. This general rule applies, except if one or more of the following conditions is met:
(a) A determination is made by the Secretary under § 160.204 that the provision of State law:
(1) Is necessary: (i) To prevent fraud and abuse related to the provision of or payment for health care; (ii) To ensure appropriate State regulation of insurance and health plans to the extent expressly authorized by statute or regulation; (iii) For State reporting on health care delivery or costs; or (iv) For purposes of serving a compelling need related to public health, safety, or welfare, and, if a standard, requirement, or implementation specification under part 164 of this subchapter is at issue, if the Secretary determines that the intrusion into privacy is warranted when balanced against the need to be served; or
(2) Has as its principal purpose the regulation of the manufacture, registration, distribution, dispensing, or other control of any controlled substances (as defined in 21 U.S.C. 802), or that is deemed a controlled substance by State law.
(b) The provision of State law relates to the privacy of health information and is more stringent than a standard, requirement, or implementation specification adopted under subpart E of part 164 of this subchapter.
(c) The provision of State law, including State procedures established under such law, as applicable, provides for the reporting of disease or injury, child abuse, birth, or death, or for the conduct of public health surveillance, investigation, or intervention.
(d) The provision of State law requires a health plan to report, or to provide access to, information for the purpose of management audits, financial audits, program monitoring and evaluation, or the licensure or certification of facilities or individuals.
The HIPAA Privacy Rule defines “contrary” to mean: (1) A covered entity or business associate would find it impossible to comply with both the State and Federal requirements; or (2) The provision of State law stands as an obstacle to the accomplishment and execution of the full purposes and objectives of part C of title XI of the Act, section 264 of Public Law 104–191, or sections 13400–13424 of Public Law 111–5, as applicable.3
The HIPAA Privacy Rule defines “more stringent”, “in the context of a comparison of a provision of State law and a standard, requirement, or implementation specification adopted under subpart E of part 164 of this subchapter, as when a State law that meets one or more of the following criteria:”
(1) Restricts Use of Disclosure. With respect to a use or disclosure, the law prohibits or restricts a use or disclosure in circumstances under which such use or disclosure otherwise would be permitted under this subchapter, except if the disclosure is:
(i) Required by the Secretary in connection with determining whether a covered entity or business associate is in compliance with this subchapter; or
(ii) To the individual who is the subject of the individually identifiable health information.
(2) Permits Greater Access. With respect to the rights of an individual, who is the subject of the individually identifiable health information, regarding access to or amendment of individually identifiable health information, permits greater rights of access or amendment, as applicable.
(3) Requires More Information Be Provided a Patient. With respect to information to be provided to an individual who is the subject of the individually identifiable health information about a use, a disclosure, rights, and remedies, provides the greater amount of information.
(4) Narrows Scope or Provides More Privacy Protections. With respect to the form, substance, or the need for express legal permission from an individual, who is the subject of the individually identifiable health information, for use or disclosure of individually identifiable health information, provides requirements that narrow the scope or duration, increase the privacy protections afforded (such as by expanding the criteria for), or reduce the coercive effect of the circumstances surrounding the express legal permission, as applicable.
(5) Requires More Detailed Records or Accounting. With respect to recordkeeping or requirements relating to accounting of disclosures, provides for the retention or reporting of more detailed information or for a longer duration. (6) Provides Greater Privacy Protection. With respect to any other matter, provides greater privacy protection for the individual who is the subject of the individually identifiable health information.”4
B. Michigan Case Law on Federal Pre-Emption By HIPAA.
In Meier et al. v. Awaad et al., Docket Number 310808, Michigan Court of Appeals, decided March 12, 2013, the Michigan Court of Appeals, after deciding Michigan law was more stringent, applied the physician-patient privilege, MCL 600.2157, to records of non-parties held by the Michigan Department of Community Health “MDCH”). Plaintiffs were a class of minors who alleged that Dr. Awaad had knowingly and willfully misdiagnosed the plaintiffs with either epilepsy or seizure disorder as part of an effort to maximize his billings. After filing suit, plaintiffs’ attorneys served a subpoena upon the MDCH in order to obtain the names and addresses of Medicaid beneficiaries whose records Dr. Awaad had coded with a diagnosis of epilepsy or sleep disorder. Plaintiffs also sought discovery from third party insurers and from defendant healthcare providers of approximately 600 nonparty patients in order to notify them of the allegations of the suit and increase the number of class members. The trial court ruled that MCL 600.2157 applied only to healthcare providers and not third parties such as MDCH. MDCH complied with the trial court order and disclosed the requested information, and the letters were sent to nonparty patients. The defendants applied for leave to appeal, which was granted. The primary argument of plaintiffs was that MDCH did not have standing to raise the physicianpatient privilege. The Court rejected that argument, finding that the privilege continues to protect against disclosure by parties other than a physician after the physician copies privileged communications obtained in the physician-patient relationship to those third parties. The Court concluded that “. . . the physician-patient privilege operates to bar to disclosure even when the disclosure is not sought directly from a physician or surgeon but rather from a third party who obtained protected information from a doctor.” Meier et al. v. Awaad et al., page 10.
In Isidore Steiner, DPM, PC, d/b/a Family Foot Center v. Bonanni, 292 Mich App 265 (2011), the plaintiff, Isidore Steiner, DPM, PC, claimed that defendant, Dr. Marc Bonanni, a former employee of the corporation, breached his employment contract with plaintiff and misappropriated property of the corporation. Plaintiff maintains that defendant stole its patients in violation of a clause in the employment agreement that prohibited defendant from soliciting or servicing any patients of the corporation after he left the practice. After defendant left the employment of plaintiff, plaintiff sued defendant and sought disclosure of defendant’s patient list to prove its case and damages. The Michigan Court of Appeals affirmed the trial court ruling that the patient information was not discoverable. The plaintiff appealed, arguing that under the HIPAA Privacy Rule the information was discoverable and that HIPAA preempts Michigan law regarding the physician-patient privilege. The Court of Appeal rejected the plaintiff’s argument, noting that the HIPAA Privacy Rule explicitly states that it does not preempt more stringent state laws. The Court of Appeals opined:
“By its language, HIPAA asserts supremacy in this area, but allows for the application of state law regarding physician-patient privilege if the state law is more protective of patients’ privacy rights. In the context of litigation which, as here, involves nonparty patients’ privacy, HIPAA requires only notice to the patient to effectuate disclosure whereas Michigan law grants the added protection of requiring patient consent before disclosure of patient information. Because Michigan law is more protective of patients’ privacy interests in the context of this litigation, Michigan law applies to plaintiff’s attempted discovery of defendant’s patient list. And, because Michigan law protects the very fact of the physician-patient relationship from disclosure, absent patient consent, the trial court properly rejected plaintiff’s efforts to obtain this confidential information and we affirm the trial court’s ruling.” (Emphasis added) page 264 The Court’s ruling was based upon a review of the language of the Michigan privilege statute, MCL 600.2157 which states that physicians “shall not” disclose information obtained from patients for purposes of medical treatment, except as otherwise provided in the law. The Court noted that this type of mandatory language is not found in HIPAA. Instead, under HIPAA a physician may disclose protected health information in response to a subpoena or discovery request when adequate assurances are given from the requesting party that the patients have been notified and informed of their right to deny the request. 45 CFR § 164.512(e).
The court concluded Michigan law applied because the language of HIPAA allows for permissive disclosure, whereas Michigan law generally prohibits disclosure, except as otherwise provided by law.
C. Federal Case law on Pre-emption.
In Murphy v. Dulay, 2013 WL 5498140 (N.D. Fla. Sept. 25, 2013) the plaintiff brought an action to enjoin the defendant-physician from conducting ex parte interviews of his other health care providers. Specifically, the plaintiff argued that Florida Statute § 766.1065 is preempted by federal law. The State of Florida intervened as a defendant in the case to assert its interest in defending the challenged statute. The issue in the case was whether a state, by statute, may require a patient, as a condition precedent to pursuing a medical negligence claim, to sign an authorization allowing the potential defendant to conduct ex parte interviews with the patient’s other health care providers. After concluding that the plaintiff had standing to bring the action and that the plaintiff had a private right of action under the Supremacy Clause and the Declaratory Judgment Act, Judge Hinkle found that the disclosure of a plaintiff’s healthcare information in an ex parte interview conducted pursuant to Florida Statute § 166.1065 is impermissible under HIPAA.
On April 9, 2013, the United States Court of Appeals for the Eleventh Circuit, in Opus Management Services et al. v. Secretary Florida Agency for Health Care Administration, No. 12-12593 (April 9. 2-13), held that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) preempted a Florida law regarding the disclosure of patient records by nursing homes. The Florida law required nursing homes in Florida to provide the medical records of a deceased nursing home resident to the “spouse, guardian, surrogate, proxy, or attorney in fact,” including “medical and psychiatric records and any records concerning the care and treatment of the resident performed by the facility, except progress notes and consultation report sections of a psychiatric nature.” The HIPAA Privacy Rule permits a covered entity, such as a nursing home, to disclose a deceased individual’s protected health information (“PHI”) to the individual’s “personal representative,” which could include the executor, administrator or other person acting on behalf of an individual or his or her estate. The Final Omnibus Rule added that a covered entity may disclose the PHI about a deceased individual to a family member or other person “involved in the individual’s care or payment for health care prior to the individual’s death” if the PHI is relevant to the person’s involvement and not inconsistent with an expressed preference of the deceased individual. The Court of Appeals held that the Florida law “impedes the accomplishment and execution of the full purposes and objectives of HIPAA and the Privacy Rule in keeping an individual’s protected health information confidential.” Specifically, the Court maintained that the Florida statute was too broad and made a deceased individual’s PHI “available to a spouse or other enumerated party upon request, without any need for authorization, for any conceivable reason, and without regard to the authority of the individual making the request to act in a deceased resident’s stead.” The Court left open the possibility that the Florida law could be revised to comply with HIPAA, but noted that “[a]mending the statute, however, is a task for the state legislature, not a panel of federal judges.
D. Other States.
In R.K. v. St. Mary’s Medical Center, No. 11-0924 (W.Va. Nov. 15, 2012), in a case of first impression in that state, the West Virginia Supreme Court reversed the dismissal of a complaint alleging breach of medical record confidentiality and held the action (1) was not preempted by HIPAA, and (2) not subject to the limitations of the West Virginia Medical Professional Liability Act. West Virginia, like many states, had recognized claims for breach of medical record confidentiality had long been allowed in West Virginia, but these cases occurred prior to the adoption of HIPAA. See, Morris v. Consolidation Coal Co., 191 W. Va. 426, 446 S.E.2d 648 (1994)(prohibiting ex parte contact with physicians);Allen v. Smith, 368 SE 2d 924, 179 W. Va.
360 (1988)(allowing suit for violation of statute providing confidentiality to psychiatric records). As to preemption of the right at common law to bring such a claim, the court stated, "[W]e conclude that state common-law claims for the wrongful disclosure of medical or personal health information are not inconsistent with HIPAA. Rather, […] such state-law claims compliment HIPAA by enhancing the penalties for its violation and thereby encouraging HIPAA compliance. Accordingly, we now hold that common-law tort claims based upon the wrongful disclosure of medical or personal health information are not preempted by the Health Insurance Portability and Accountability Act of 1996."
West Virginia is not alone in allowing these actions, as shown by the decisions cited in the opinion. In Pennsylvania, Baum v. Keystone Mercy Health Plan, 826 F. Supp. 2d 718, 721 (E.D. Pa. 2011) allowed a state-law tort case over medical records release. The Ohio Supreme Court reached the same conclusion, finding “in Ohio, an independent tort exists for the unauthorized, unprivileged disclosure to a third party of non-public medical information that a physician or hospital has learned within a physician-patient relationship” Biddle v. Warren Gen. Hosp., 86 Ohio St. 3d 395, 401, 715 N.E.2d 518, 523 (1999). In Virginia,Fairfax Hosp By and Through INOVA Health Sys. Hosps., Inc. v. Curtis, 254 Va. 437, 442, 492 S.E.2d 642, 645 (1997).
V. Practical Issues.
A. Form of Mental Health/Substance Abuse Treatment Record Authorization.
Sec. 141a. (1) On or before January 1, 2015, the department shall develop a standard release form for exchanging confidential mental health and substance use disorder information for use by all public and private agencies, departments, corporations, or individuals that are involved with treatment of an individual experiencing serious mental illness, serious emotional disturbance, developmental disability, or substance use disorder. All parties described in this subsection shall honor and accept the standard release form created by the department under this section for the purpose for which it was created unless the party is subject to a federal law or regulation that provides more stringent requirements, as defined under 45 CFR 160.202, for the protection of individually identifiable health information. (Emphasis Added)
The release form is to be developed using the following standards:
“(4) In developing the standard release form under subsection (1), the department shall comply with all federal and state laws relating to the protection of individually identifiable health information and shall consider all of the following:
(a) Existing and potential technologies that could be used to securely transmit a standard release form.
(b) The national standards pertaining to electronic release of confidential information, including protecting a patient's identity and privacy in accordance with the health insurance portability and accountability act of 1996, Public Law 104-191.
(c) Any prior release forms and methodologies used in this state.
(d) Any prior release forms and methodologies developed by federal agencies.
B. Responding to Requests for Records.
- Who: Determine who is requesting the record. A written request from the patient or recipient may have different implications than requests from an authorized representative.
- Documentation of Authority. Is the person requesting the record an authorized individual, if so, then it may be necessary to determine the basis of his or her authority. Letters of guardianship, Health Care Powers of Attorney, etc., may need to be obtained. Non-Custodial parents may not have the right to access records, so it may be necessary to obtain and review the divorce judgment or custody orders.
- Proper Authorization. Once it has been determined the requestor is the patient, recipient or properly authorized representative, then it is necessary to determine whether the form of the request meets HIPAA Privacy Standards and Michigan law. The written authorization must comply with both HIPAA Privacy Standards and Michigan law in its form and substance.
- Naked Subpoenas. Even if the request is in the form of a subpoena, then it is still necessary under Michigan law for it to be accompanied by a proper written authorization. A timely response to the subpoena is important, however, without an authorization, the records cannot be disclosed.
- Court Orders. Although it may seem like a similar document, a court order compelling a provider to produce the medical record must be complied with. Of course, it must be court order issued by a court in the proper jurisdiction. A court order from another jurisdiction cannot compel production of a record and should be treated as a “request” for a record which necessitates an authorization.
- Is a Denial of Access Appropriate. Both the Medical Records Access Act and the Mental Health Code provide for a denial of access to the record in certain circumstances, i.e. the release of all or part of the record would be detrimental to the patient or recipient. The provider should have a mechanism in place for determining whether a denial of access is appropriate under those circumstances.
- Access Denied. If access is denied on the basis for failure to provide a proper authorization or because it is detrimental to the patient, a written denial should be sent to the requestor outlining the basis for the denial of access. Under Michigan law, and under the HIPAA Privacy Rule, there may be a right to appeal the denial of access. Providers need to have in place a mechanism for handling such appeals.
- Produce Only What Has Been Requested. The authorization or court order must be read carefully and only the medical records which have been requested must be produced.
- Charges. It is not an unusual practice to require a reasonable deposit of some sort prior to releasing the records in response to a written request. The Medical Records Access Act permits withholding the record until the fee is paid in full. Charges should be limited to those permitted under Michigan law and the HIPAA Privacy Rule.
C. Charges for Records.
For 2014, charges for copies of medical records covered by the Medical Records Access Act, the charges are as described below:
- An initial fee of $23.42, $1.17 per page for the first 20 pages, $.59 per page for pages 21-50, and $.23 per page for over 51 pages.
- Unless it is a request by the patient5, then the initial fee cannot be charged. Providers cannot charge fees for providing one copy of a medical record for a medically indigent patient.
- If the medical record is in some form or medium other than paper, the actual cost of preparing a duplicate may be charged.
- Any postage or shipping costs incurred by the health care provider, health facility, or medical records company in providing the copies may be charged.
- Any actual costs incurred by the health care provider, health facility, or medical records company in retrieving medical records that are 7 years old or older and not maintained or accessible on-site may be charged.
For record requests not covered by the Medical Records Access Act, (i.e. Mental health Records) the HIPAA Privacy Rule applies, but Michigan law also applies.
When records were paper maybe calculating copying costs was simpler. The Michigan Court of Appeals in Graham v. Thompson, 167 Mich. App. 371 (1988) ruled on what is a reasonable method for calculating copying costs in response to a subpoena: “At a minimum, in the present case, NMH (Northern Michigan Hospital) should reveal how many copies are made per year in response to requests occasioned solely by paying requestors, as well as the total number of copies made per year by NMH for paying, nonpaying, and any other requestors. Once these amounts are revealed, they may be compared to the total, itemized labor and machine maintenance costs incurred by NMH. Those latter costs may be divided in proportion to the number of copies made for paying requestors and the number of copies made for nonpaying and other requestors. A reasonable per-page amount is then easily calculated by dividing the number of copies made for paying requestors into the pro rata amount of expenses incurred attributable to all paying requestors.” HIPAA says:
“45 CFR Sec. 164.524 (c) Access of individuals to protected health information. (4) Fees. If the individual requests a copy of the protected health information or agrees to a summary or explanation of such information, the covered entity may impose a reasonable, cost-based fee, provided that the fee includes only the cost of: (i) Copying, including the cost of supplies for and labor of copying, the protected health information requested by the individual;
(ii) Postage, when the individual has requested the copy, or the summary or explanation, be mailed; and
(iii) Preparing an explanation or summary of the protected health information, if agreed to by the individual as required by paragraph (c)(2)(ii) of this section.’ Although there has not been any recent case law on this issue, a provider not covered by the Michigan Medical Records Access Act, by complying with the HIPAA Privacy Rule regarding the calculation of copying costs, will likely be in compliance with the Michigan case law.
VI. Other Selected Michigan Cases:
In Harrison v. Munson Healthcare, Inc., Docket number 304512, Michigan Court of Appeals, January 30, 2014: The case involved the “peer review” privilege, MCL 331.531. The court held that the defendant-nurse's "preparation of a firsthand, contemporaneous factual report about a patient that she elected to place on a risk management form rather than within the patient's medical record did not trigger" the statutory peer review privilege. Further, defendant-Munson's "conduct in creating an 'accident' defense scenario despite its possession of direct evidence contrary to that position" was a violation of MCL 600.2591(3)(a)(ii), and the court concluded that Munson obstructed the plaintiff's search for the truth throughout discovery. The court also affirmed the trial court's determination that the appellee-attorney violated the Michigan Court Rules and Michigan Ethical Rules by pursuing an "accident" defense.
In Michigan Attorney General v. Gerard Robert Williams, Ph.D., Michigan Court of Appeals, Opinion issued March 5, 2009, the Department of Community Health sought a subpoena for Dr. Williams’ “billing records, medical records, emergency room records, documentation, treatment records, pathology, laboratory reports, radiology reports, pertaining to patient SEE ATTACHED EXHIBIT A, for all treatment dates.” A Bureau of Health Professions investigator had begun looking into allegations of “possible substandard practice” by Dr. Williams. The allegations included failure to maintain adequate records and possible billing fraud. MCL 16.235(1) was the basis for the AG to request a subpoena, to wit:
“A subpoena issued under this subsection may require a person to produce all books, papers, and documents pertaining to all of a licensee's or registrant's patients in a health facility on a particular day if the allegation that gave rise to the disciplinary proceeding was made by or pertains to 1 or more of those patients.” MCL 333.18237 covers the psychologist-patient privilege, to wit: “A psychologist licensed or allowed to use that title under this part or an individual under his or her supervision cannot be compelled to disclose confidential information acquired from an individual consulting the psychologist in his or her professional capacity if the information is necessary to enable the psychologist to render services.”
Another part of section 18237 permitted disclosure:
“Information may be disclosed with the consent of the individual consulting the psychologist, or if the individual consulting the psychologist is a minor, with the consent of the minor's guardian, pursuant to section 16222 if the psychologist reasonably believes it is necessary to disclose the information to comply with section, or under section 16281.” (emphasis added) The two exceptions noted in that section refer to MCL 333.16222 (Reports to the Department of violations of the Public Health Code by licensees.) and MCL 333.16281 (Reports to Child Protective Services of child abuse or neglect.)
Dr. Williams also contacted each patient and he found out that:
“My office has contacted each of the individuals whose files were subpoenaed and have advised that a request for records has been made to my office by way of subpoena . . . [E]ach patient contacted expressed a desire not to have the contents of their very personal psychological files produced.”
The Department relied upon In re Petition of the AG for Investigative Subpoenas, 274 Mich App 696, 698; 736 NW2d 594 (2007), where under similar circumstances the Department issued subpoenas to a dentist compelling the production of records and the dentist claimed privilege under MCL 333.16648. The dentist did not prevail. The Court of Appeals compelled the Dentist to disclose his patient records because:
“Under HIPAA, a health care provider ‘may disclose protected health information to a health oversight agency for oversight activities authorized by law, including . . . administrative . . . investigations.’"
However, in the Williams case, the trial court quashed the subpoenas and stated: “I mean it doesn’t take a rocket scientist to understand the kinds of communications a dentist is going to hear, for the most part, overwhelmingly are going to be of an entirely different character than communications to a psychologist.” No appeal was filed. In People v. Stanaway, 446 Mich. 643 (1994), this case presents the question whether, and under what circumstances, records of a psychologist, a sexual assault counselor, a social worker, or a juvenile diversion officer regarding a witness should be discoverable by the accused in a criminal trial. To the extent the records are privileged under MCL 330.1750; MSA 14.800(750), MCL 600.2157a(2); MSA 27A.2157(1)(2), MCL 339.1610; MSA 18.425(1610), and MCL 722.826- 722.829; MSA 25.243(56)-25.243(59), respectively, resolution requires a determination whether defendant's federal and state constitutional rights of due process require a pretrial review of the requested records before trial.
In People v. Wood, 447 Mich. 80 (1994), the Michigan Supreme Court refused to allow the defendant parent of a minor child to use the social worker statutory privilege, MCL 339.1610(2), to suppress statements made by his 11 year old daughter to her social worker. The affidavit of the social worker was used to obtain a search warrant for defendant's home where controlled substances, paraphernalia and cash were discovered and used to prosecute defendant. The court reversed the finding of the court of appeals that the social worker's duty of confidentiality had been breached. The court found the Michigan Child Protection Law required the social worker to report daily drug usage by defendant, unsupervised absences of the defendant's minor son, defendant's minor daughter having to care for herself, and the selling of large amounts of illegal drugs from the home. The report and affidavit of the social worker was necessary to prevent further abuses and enhance the welfare of the child and therefore the social worker's duty of confidentiality was abrogated. A parent does not have standing to assert the privilege of a minor child to suppress activity of the parent that could be harmful to the child.
A psychiatrist does have a duty to use reasonable care to protect a third person if the psychiatrist determines that his or her patient poses a serious danger of violence to a reasonable identifiable person. This is based upon the reasoning of the California Court in Tarasoff v. Regents of University of California, 17 Cal 3d 425, 431; 131 Cal Rptr. 14, 551 P2d 334 (1976), where the California court imposed a “duty to warn” on a psychiatrist where the existence of a target of the patient’s violence was identified or readily identifiable. [This is now codified in MCL 330.1946] See Swan v. Wedgwood Family Services, 230 Mich App 190, 583 NW2d 719 (1998) which limited the psychiatrist’s liability to those individuals with whom he or she had a special relationship.
In Re Rogers, 160 Mich. App. 500, 409 NW2d 486 (1987), the appellant argued that her counsel erred in not objecting to the introduction of alleged privileged communications between herself and the psychologists and social workers who testified as experts asserting that these communications were privileged under MCL 330.1750; MSA 14.800(750). However, the Child Protection Act, MCL 722.621 et seq. provides for abrogation of the privilege in connection with mental health professionals. Section 11 of the Act, MCL 722.631, provides: Any legally recognized privileged communication except that between attorney and client is abrogated and shall neither constitute grounds for excusing a report otherwise required to be made nor for excluding in a civil protective proceeding resulting form a report made pursuant to the Act. [This is now codified in MCL 330.1748a]
In Saur v. Probes, 190 Mich. App. 636, 476 NW2d 496 (1991), this medical malpractice case presents the issues whether a cause of action exists for a psychiatrist's disclosure of privileged communications and, if such an action exists, whether the disclosures in this case were exempted by statute or justified on the ground of public policy.
The Michigan Court of Appeals in Alar v Mercy Memorial Hospital, 208 Mich. App. 518; 529 NW2d 318 (1995), concluded that an emergency room physician who called the Air Force Academy and notified the Director of Cadet Selections that the plaintiff had been voluntarily admitted to a psychiatric hospital for treatment was not liable for damages. Plaintiff had been voluntarily admitted to a mental health facility after holding gun in his hand and stating his life was not worth living. Plaintiff sued claiming breach of the Public Health Code, the Mental Health Code and breach of the physician-patient privilege by defendant psychiatrist. The court found defendant psychiatrist was not liable for a breach of a professional confidence because plaintiff could not show a proximate cause between plaintiff’s loss and the breach of confidence.
Applicants to the Air Force Academy were required to disclose new illnesses or injuries since completing the final qualifying medical examination and failure to so comply may cause the applicant to be refused admission. The court assumed plaintiff would have reported his hospitalization. The court concluded that it was not defendant psychiatrist’s disclosure which resulted in the rescinding of plaintiff’s appointment to the Air Force Academy but that the rescission occurred as a result of the review of plaintiff’s medical records, the very same review would have occurred had plaintiff reported this hospitalization.
In Baker v. Oakwood Hospital Corporation, 239 Mich. App. 461, 608 NW2d 873 (2000), the plaintiff brought a wrongful discharge action against defendants claiming breach of contract, retaliation, and interference with contractual or advantageous relations, in connection with her employment as a research nurse coordinator of the experimental drug Sabeluzole conducted by the defendant physician. The plaintiff sought discovery of the medical records and research records relating to the study. The Court of Appeals held the records were absolutely privileged by the physician-patient and psychotherapist-patient privileges.
In Simmons v. Frigo, Michigan Court of Appeals (Docket No. 216541, May 5, 2000) held that the names of unknown patients are protected by the physician-patient privilege, MCL 600.2159; MSA 27A.2157, and that the defendant hospitals have a duty to refrain from disclosure. [Id. At 38-39, 48.] This case arose out of numerous instances of alleged assault, battery, and sexual abuse suffered by the plaintiffs, who are both mentally handicapped adults. In their complaint, the plaintiffs alleged that they were abused and sexually assaulted while in the care of defendants Frigo and Hitchcock, who were employees of Allegan County Community Mental Health. The plaintiffs' complaint further alleged that the other named defendants, who are also employees of Allegan County Community Mental Health, were aware of the sexual abuse, but neglected to protect plaintiffs from the abuse and failed to report the abuse to the appropriate authorities. During discovery, defendants objected on the grounds of statutory privilege to a number of interrogatories served on them by plaintiffs. Specifically, defendants objected to questions regarding four individuals who are not parties to this action but who are alleged to have been recipients of treatment at Allegan County Community Mental Health. Defendants argued that supplying the information requested would "violate statutory confidentiality as provided in the mental health code and penal code." The defendants relied upon the psychologist-patient privilege, MCL 333.18237, the social worker privilege, MCL 339.1610, and the professional counselor-client privilege under MCL 333.18117. The admissibility of privileged communications is governed by MCL 330.1750 which provides that such communications "shall not be disclosed in civil . . . cases or proceedings . . . unless the patient has waived the privilege . . . ." The defendants argued that the psychiatrist/psychologist-patient privilege prohibits disclosure of "the fact that the patient has been examined or treated or undergone a diagnosis" except where that information is relevant to a health care provider's or insurer's rights or liabilities unless the patient has waived the privilege. MCL 330.1750(3).
The Court of Appeals majority relied upon the Michigan Supreme Court ruling in Dorris v Detroit Osteopathic Hosp Corp, 460 Mich 26, 45 (1999), which held that the name of an unknown patient is privileged information, and that where a patient has neither voluntarily nor impliedly waived the privilege, there are strong public policy reasons for applying the privilege to disclosure of an unknown patient's name. The majority of the Dorris Court specifically held that "defendant hospitals have a duty to refrain from disclosure." Id. at 28 (emphasis added).
VII. Federal Cases of Interest:
In Nationwide Life Insurance Company v. Keene et al., Case No. 11-12422 (U.S. Dist. Ct. ED Mich. Jan. 30, 2013), the District Court applied Michigan law to enter an Order Denying Plaintiff Access to Mental Health Treatment Records. The plaintiff, Nationwide Life Insurance Company, filed a complaint for interpleader and declaratory relief to determine who was entitled to the proceeds of an insurance policy on the life of Gary Lupiloff. The defendants are a former business partner and primary policy beneficiary William Keene; the contingent beneficiary and William's spouse, Jennifer Keene; Lupiloff's daughters Nicole and Monica Lupiloff; and the estate of Gary Lupiloff. William Keene filed a claim to collect the proceeds of the life insurance policy after Gary Lupiloff's murder. Gary Lupiloff’s daughters also submitted a claim asserting that the Keenes murdered Gary Lupiloff and are therefore barred from recovery of life insurance proceeds by Michigan's "slayer statute," Mich. Comp. Laws § 700.2803.
The plaintiff insurer sought disclosure of Jennifer Keene’s mental health treatment records arguing that they were not privileged and were relevant to the issues in the case. The plaintiff insurer argued that Jennifer Keene is a named contingent beneficiary on the life insurance policy and argues that she, like her husband, had a motive to kill Gary Lupiloff. Plaintiff relied upon Jennifer Keene’s employment records to support its position that her mental health records are not privileged. Although Jennifer Keene was historically a model employee who regularly surpassed expectations, plaintiff insurer argued that after Gary Lupiloff’s murder, her performance declined and she was placed on a "Last Chance Agreement." Included in Jennifer Keene’s employment records are two mental health treatment records dated August 5 and 9, 2011 (these records were not claimed to be privileged). In the August 5 document, her psychologist, Dr. Riba, stated that, "[b]esides the bipolar depressed diagnoses, she [Jennifer Keene] has probably [sic] postpartum depression as well as multiple stressors related to her husband and work." In the August 9 document, Dr. Riba noted that Jennifer's sleeping was being interrupted by her children and that she was "very stressed at home." The Court held that even if the records are relevant, the Mental Health Code, MCL 330.1750, expressly made the Jennifer Keen’s mental health records privileged and not within any exception to the psychologist-patient privilege, and therefore denied the plaintiff insurer access to those records.
In Jaffee v. Redmond6, 518 US 1 (June 13, 1996), the United States Supreme Court recognized a federal basis for the psychiatrist-patient privilege. Prior to this decision, even though state law recognized a communication as privileged, a federal court may not have recognized that the privilege applied in a federal court proceeding.
In Jaffee, the plaintiff sued a police officer, Mary Lu Redmond, and her employer, the Village of Hoffman Estates, Illinois, as a result of the shooting death of Ricky Allen, Sr. Officer Redmond was the first officer to respond to a "fight in progress" call at an apartment complex. As she arrived at the scene, two of Allen's sisters ran toward her squad car, waving their arms and shouting that there had been a stabbing in one of the apartments. Redmond testified at trial that she relayed this information to her dispatcher and requested an ambulance. She then exited her car and walked toward the apartment building. Before Redmond reached the building, several men ran out, one waving a pipe. When the men ignored her order to get on the ground, Redmond drew her service revolver. Two other men then burst out of the building, one, Ricky Allen, chasing the other. According to Redmond, Allen was brandishing a butcher knife and disregarded her repeated commands to drop the weapon. Redmond shot Allen when she believed he was about to stab the man he was chasing. Allen died at the scene. Redmond testified that before other officers arrived to provide support, "people came pouring out of the buildings," and a threatening confrontation between her and the crowd ensued.
The plaintiff filed suit in Federal District Court alleging that officer Redmond had violated Allen's constitutional rights by using excessive force during the encounter at the apartment complex. At trial, the plaintiff presented testimony from members of Allen's family that conflicted with Redmond's version of the incident in several important respects. They testified, for example, that Redmond drew her gun before exiting her squad car and that Allen was unarmed when he emerged from the apartment building.
During pretrial discovery the plaintiff learned that after the shooting Redmond had participated in about 50 counseling sessions with Karen Beyer, a clinical social worker licensed by the State of Illinois and employed at that time by the Village of Hoffman Estates.
The plaintiff sought access to Beyer's notes concerning the sessions for use in cross examining Redmond. The defendants vigorously resisted the discovery. They asserted that the contents of the conversations between Beyer and Redmond were protected against involuntary disclosure by a psychotherapist patient privilege. The district judge rejected this argument. Neither Beyer nor Redmond, however, complied with his order to disclose the contents of Beyer's notes. At depositions and on the witness stand both either refused to answer certain questions or professed an inability to recall details of their conversations.
In his instructions at the end of the trial, the judge advised the jury that the refusal to turn over Beyer's notes had no "legal justification" and that the jury could therefore presume that the contents of the notes would have been unfavorable to defendants. The jury awarded the plaintiff $45,000 on the federal claim and $500,000 on her state law claim.
The US Supreme Court held:
“Because we agree with the judgment of the state legislatures and the Advisory Committee that a psychotherapist patient privilege will serve a "public good transcending the normally predominant principle of utilizing all rational means for ascertaining truth," Trammel, 445 U. S., at 50, we hold that confidential communications between a licensed psychotherapist and her patients in the course of diagnosis or treatment are protected from compelled disclosure under Rule 501 of the Federal Rules of Evidence.”
The use and/or disclosure of protected health information in Michigan continues to require an analysis of the applicable Michigan cases and statutory provisions and may require application of HIPAA and/or Federal law, depending on the circumstances of the proposed use or disclosure and the type of mental health information requested. Although the HIPAA Privacy Rule is the “floor”, in those areas where Michigan law provides a patient or recipient more protection or greater access, then it is the Michigan law that must be followed.
1 45 CFR 160, 162, and 164
2 “Health facility or agency”, except as provided in section 20115, means: (a) An ambulance operation, aircraft transport operation, nontransport prehospital life support operation, or medical first response service. (b) A clinical laboratory. (c) A county medical care facility. (d) A freestanding surgical outpatient facility. (e) A health maintenance organization. (f) A home for the aged. (g) A hospital. (h) A nursing home. (i) A hospice. (j) A hospice residence. (k) A facility or agency listed in subdivisions (a) to (h) located in a university, college, or other educational institution. MCL 333.20106(1)
3 45 CFR § 160.202
4 45 CFR § 160.202
5 "Patient" means an individual who receives or has received health care from a health care provider or health facility. Patient includes a guardian, if appointed, and a parent, guardian, or person acting in loco parentis, if the individual is a minor, unless the minor lawfully obtained health care without the consent or notification of a parent, guardian, or other person acting in loco parentis, in which case the minor has the exclusive right to exercise the rights of a patient under this act with respect to those medical records relating to that care.
6 - For interesting website see http://www.jaffee-redmond.org which is a collection of information relating to the study of the patient-psychotherapist privilege with the Jaffee opinion as the point of reference.