Search
  Share Print Page
Search


Filter results:
Dates: to

Apply Filters

People

 

Alerts/Articles

Release of Behavioral Health, Developmental Disabilities, HIV, and Substance Abuse Information: Guidelines for Legal Compliance
December 1, 2000
Health Care Law Monthly
Author(s): Lynn Gordon

Individuals involved in health information management should be well-informed about patient confidentiality requirements overall and should also track these areas carefully to develop and implement appropriate policies and procedures governing the release of patient information.

Download PDF

Hospitals, physician practices, and other health care facilities are repositories for much medical information. Safeguarding the confidentiality of such information is a significant issue for any hospital or other health care entity that keeps patient medical records to maintain patient confidence and to avoid liability. Because damages could ensue should inappropriate disclosure occur, patient records containing behavioral health, developmental disabilities, HIV, and substance abuse information must be handled with special attention, in accordance with state and federal laws, rules, and regulations. Individuals involved in health information management should be well-informed about patient confidentiality requirements overall and should also track these areas carefully to develop and implement appropriate policies and procedures governing the release of patient information.

The purpose of this paper is to provide such individuals with an overview of the applicable state and federal rules and regulations for these highly protected areas to assist in policy and procedure. While federal laws are consistent for all states, individual state rules and regulations do vary to some extent. For this overview, we have included relevant federal laws and focused on state laws for Illinois. Although Illinois laws on medical information will have commonalties with other states’ laws, and should therefore be helpful in an overview, health care providers should be aware of the particular legal requirements of their respective states.

Overview of the Law 

Patient records generally

Before addressing the specific rules and regulations for behavioral health, HIV, and substance abuse information, the starting point for any policy and procedure making in patient records management should be the applicable state’s patient rights act. In Illinois, this law is referred to as the Illinois Medical Patient Rights Act.1 This Act provides that each physician, health care provider, health services corporation, and insurance company must refrain from disclosing the nature or details of services provided to patients, except that such information may be disclosed to the patient, the party making treatment decisions if the patient is incapable of making decisions regarding the health services provided, those parties directly involved with providing treatment to the patient or processing the payment for that treatment, those parties responsible for peer review, utilization review, and quality assurance, and those parties required to be notified under the Abused and Neglected Child Reporting Act2 or where otherwise authorized or required by law. Pursuant to this Act, general medical records are confidential and cannot be released by a hospital or other provider unless otherwise authorized by the patient or the patient’s legal representative pursuant to a specific statutory or regulatory provision or based on receipt of a valid subpoena or court order. Any records concerning behavioral health, developmental disabilities, or HIV and substance abuse information should only be released in accordance with rules and regulations specific to these areas, as further discussed below.

To whom patient records may be released

The following is an overview of the parties to whom medical records other than behavioral health, developmental disabilities, HIV, and substance abuse information may be released.

  • Patient or patient’s attorney
    Although a physical medical record is the property of a hospital or other health care entity, the information contained in the record is the property of the patient. Accordingly, the Illinois Inspection of Records Law requires that such an entity must permit a patient, or the patient’s attorney, to examine and copy the patient’s medical records after discharge. Requests are to be submitted in writing, and the entity must comply within 60 days of receipt of a request.
  • Treatment decision makers
    A patient’s file may be disclosed to a party making treatment decisions on behalf of a patient who is incapable of making his or her own medical decisions. Treatment decision makers include a designated health care surrogate decision maker or an agent designated pursuant to a durable power of attorney for health care. In either case, evidence of these designations should be found in the patient’s medical records.
  • Parties providing treatment
    Although the Medical Patient Rights Act does not specify when consent of the patient or his or her legal representative is required, the intent of the Act implies that hospitals and other providers do not need a written waiver from the patient or his or her representative to reveal records to parties providing treatment, such as nursing personnel.
  • Parties processing payment for treatment
    The Medical Patients Rights Act indicates that medical records may be released for the purposes of processing payment for treatment. A health care facility should include a provision in its consent form that gives it express permission (from the patient) to disclose patient information to outside billing and collection agencies and other contracted agents.
  • Third party payors
    Hospitals and other health care providers must receive consent from the patient prior to releasing a patient’s medical record to any third party payor. This is generally done through a “release of information statement” in the patient registration materials that a patient completes prior to receiving services. Where Medicare is to be billed for the servicesrendered, patients or their representatives should, upon admission to a hospital or other health care facility, sign the appropriate Medicare form which includes a “release of information” statement. This form provides an alternative method for acquiring a patient’s consent to release the records to Medicare.
    The patient’s waiver of the Patient-Physician Privilege3 is also typically found in the subscription agreement the patient signs with his or her insurance company. Therefore, if there is ever a question as to the appropriateness of releasing medical information to a third party payor, a health care facility may request a copy of the patient’s general consent from the third party payor. However, a hospital may avoid this step by specifying that it may also release patient information to its designated agents, such as outside billing and collection services.
  • Peer review, quality assurance and utilization review committees
    Those parties responsible for performing peer review, utilization review, and quality assurances for a health care facility are permitted access to a patient’s general medical records without acquiring prior consent from the patient.
  • Parties required to be notified pursuant to specific legal provisions
    Those parties required to be notified pursuant to such laws as the Illinois Abused and Neglected Child Reporting Act or the Illinois Sexually Transmissible Disease Control Act may have a patient’s general medical record released to them absent consent from the patient.
  • Third parties pursuant to litigation or criminal proceeding
    In the context of certain civil or criminal cases, consent of the patient or his or her legal representative is not required in order to release general medical records in response to a court order or valid subpoena duces tecum (submit requested documents). For example, a patient’s consent will not be required under the following circumstances: in homicide trials when the disclosure relates directly to the fact or immediate circumstances of the homicide; in civil or criminal actions against the physician or hospital for malpractice; in almost all actions in which the patient’s physical or mental condition is in issue; when there is an issue as to the
    validity of a document, such as a will; in any criminal action concerning abortion; in criminal or civil actions stemming from a report of child abuse; and in prosecutions where written blood alcohol test results are admissible pursuant to Illinois law.
    Note that when reconciling the Patient-Physician Privilege with other laws that provide a higher level of protection for certain records, such as mental health records, substance abuse and HIV test results, a hospital or other health care provider should only release such sensitive information based on the specific disclosure requirements set forth in federal and state laws, rather than in response to a general subpoena duces tecum.
  • Custodial facility, department, agency or institution
    The Physician-Patient Privilege permits disclosing patient medical records to any department, agency, institution, or facility that has custody of the patient pursuant to state statute or a court order of commitment. The Privilege expressly states that, in the event of conflict, Illinois law regarding release of mental health records shall apply. This requirement indicates that the Illinois legislature intends to provide a level of protection for the release of highly sensitive information, such as mental health records, that exceeds the protections given to general medical information.Contents of a valid consent: Upon receipt of a consent form properly executed by the patient or a legal representative, a hospital or other provider may release a patient’s medical records. In such an instance, the consent form must contain the following information:

(1) the person or agency to whom the disclosure is to be made;
(2) the purpose for which disclosure is to be made (e.g., treatment, legal proceedings);
(3) the nature of the information to be disclosed;
(4) the right to inspect and copy the information to be disclosed;
(5) the date on which the consent expires (i.e., if not stated, the consent is only valid for the day when received); and
(6) the right to revoke the consent at any time.

The consent form must also be witnessed by someone who can attest to the identity of the person giving authorization to release the records.

What information may be released

Only such information as reasonably believed necessary should be released and disclosed in order to satisfy the persons or organizations requesting or needing the information or records. When releasing a record, any behavioral health, developmental disabilities, substance abuse, or AIDS/HIV information should be omitted unless the legal standards for disclosing such information are also met, as described below.

Behavioral health and developmental disabilities records and communications

Beyond the general patient rights protections with respect to medical records, most states have further protections applicable to behavioral health information pursuant to a mental or behavioral health act or code. In Illinois, this code is referred to as the Illinois Mental Health and Developmental Disabilities Confidentiality Act,4 which provides that all records and communications regarding a person who receives mental health or developmental disabilities services are confidential and may not be disclosed, except as provided for in the Act. Except as expressly authorized in the Act, records and communications may be disclosed to someone other than those persons described in the Act only with the written consent of those persons who are entitled to inspect and copy a recipient’s record. Revocation of consent must be in writing and witnessed. However, written revocation of consent is not effective until received by the person authorized to disclose the records and communications. Any agreement purporting to waive any provision of the Act is void.

The requirements for a valid consent and the restrictions on disclosure and redisclosure do not apply to, and are not construed to limit (1) insurance companies writing life, accident, or health insurance under the Illinois Insurance Code; or (2) non-profit health care services plan corporations writing health care service contracts under the Illinois Non-profit Health Care Services Plan Act. These entities may obtain general consents for release to them or their designated representatives of any and all confidential communications and records kept by agencies, hospitals, therapists, or record custodians; and use such policies or contracts in connection with evaluating claims or liability under such policies or contracts, or for purposes of coordinating benefits pursuant to policy or contract provisions.

Any person aggrieved by a violation of this Act may sue for damages, an injunction or other appropriate relief. Reasonable attorney’s fees and costs may be awarded to a successful plaintiff in any action under this Act. Any person who knowingly and willfully violates any provision of this Act is guilty of a Class A misdemeanor.

To whom behavioral health or developmental disabilities records may be released

Under the Mental Health Confidentiality Act, a hospital or other treatment facility may only permit the following parties to inspect and copy a patient’s mental health records or communications:

  • Patient
    Mental health records may be released to the patient if he or she is 12 years of age or older. This patient also has the authority to consent to the disclosure of his or her records to third parties.
  • Parent or legal guardian
    A patient’s mental health records may be released to the patient’s parent or legally-appointed guardian if the patient is under 12 years old. If the patient is between 12 and 18 years old, a health care facility must first inform the patient and receive no objection to the disclosure in return, and the patient’s therapist must find no compelling reason for denying the parent or guardian access. Similarly, the parent or guardian, subject to the above-referenced rules, may consent to the disclosure of the minor patient’s records.
    Mental health records may also be released to the court-appointed guardian of a patient who is 18 years of age or older. In such an instance, the guardian has the authority to release the patient’s records to third parties. However, it is advisable to require written evidence of the guardian’s legal appointment, such as a court order, to verify the person’s authority to consent to the release of mental health records.
  • Attorney or guardian ad litem
    Mental health records may also be released to a patient’s attorney or his or her guardian ad litem pursuant to court order.
  • Agent of patient
    Mental health records may be released to an agent of the patient appointed under a durable power of attorney, provided that the power of attorney specifically authorizes access to mental health information.
  • Governmental agencies
    The Mental Health Confidentiality Act also permits a health care facility to release mental health records to governmental agencies, as requested by such agencies, without acquiring the consent of the patient or his or her legal representatives set forth above.
  • Third party payors
    The Mental Health Confidentiality Act also permits health care facilities to disclose mental health records to third party payors without the consent of the patient or the patient’s legal representative when every effort has been made to obtain that person’s consent and the person is unable or unavailable to consent. In such a case, the patient must be informed of the disclosure, and the disclosure shall be limited to the patient’s and therapist’s identities and a description of the nature, purpose, quantity, and date of services provided. Moreover, the efforts to acquire the consent should be clearly documented in the patient’s medical record, as well as the fact that notice was given to the patient and the information released was restricted to that set forth above. Any request for additional information must state the information sought with particularity. Further, a health care facility should document its efforts to acquire the patient’s consent; notice to the patient of the request; and the type of information released. Refusal to consent to the disclosure of more information than is necessary to apply for or receive direct benefits is not grounds for denying, limiting, or canceling such benefits or refusing to accept an application or to renew such benefits. Such information may not be redisclosed except with the consent of the person entitled to give consent. Third parties pursuant to civil, criminal, or administrative proceedings
    Mental health records may be sought as evidence in certain civil, criminal, or administrative proceedings, as set forth in Section 10 of the Mental Health Confidentiality Act. For example, records may be sought for a malpractice claim against a therapist who provided services to the patient, or in homicide trials. Section 10 requires that a court order be presented to obtain such information. Accordingly, a health care facility should only release mental health records for use in a civil, criminal, or administrative proceeding upon receipt of either the written consent of the patient or his or her legal representative or a court order.

Contents of a valid consent
Upon receipt of a consent form properly executed by the patient or a legal representative, a health care facility may release a patient’s mental health records. In such an instance, the consent form must contain the following information:

(1) the person or agency to whom the disclosure is to be made;
(2) the purpose for which disclosure is to be made (e.g., treatment, legal proceedings);
(3) the nature of the information to be disclosed;
(4) the right to inspect and copy the information to be disclosed;
(5) the consequences of a refusal to consent, if any (e.g., possible denial of insurance benefits and responsibility of the patient to pay);
(6) the date on which the consent expires (i.e., if not stated, the consent is only valid for the day when received); and
(7) the right to revoke the consent at any time.

The consent form must also be witnessed by someone who can attest to the identity of the person giving authorization to release the records.
A health care facility may not know mental health records will be generated from a patient’s hospitalization when the patient is first admitted to the facility and completes a general consent form. It may be burdensome to later acquire an additional consent to release those records. Therefore, when possible, it is advisable to include a separate consent form during the discharge process if a patient has received mental health care or services.
If a health care facility needs to submit the mental health data for reimbursement purposes, the third party payor may supply the facility with a general consent executed by the patient or legal representative. Under the Mental Health Confidentiality Act, this form will suffice for the release of records. Many third party payors require the execution of a general release from their enrollees or insured, and the payor should, therefore, have such a form in its records.

What information may be released
A consent form may not be a blanket consent to the disclosure of unspecified information. Only information relevant to the purpose for which disclosure is sought may be disclosed. Further, a consent signed in advance of services is valid only if the nature of the information to be disclosed is specified in detail and the form clearly indicates the duration of the consent. Accordingly, we recommend that health care facilities use a separate consent form for the release of mental health information, rather than attempting to use a general consent form.

When releasing a record with mental health information, any substance abuse and AIDS/HIV information should be omitted unless the legal standards for disclosing such information are also met.

AIDS/HIV information
As with mental or behavioral health information, many states have legislated additional protections beyond the general patient rights protections with respect to medical records regarding AIDS/HIV. In Illinois, this code is referred to as the Illinois AIDS Confidentiality Act,5 which provides that no person may order an HIV test without first receiving the written informed consent of the test subject or of the test subject’s legally authorized representative. The Act further provides that no person may disclose or be compelled to disclose the identity of any person upon whom an HIV test is performed or the results of such a test in a manner that permits identification of the subject of the test, except to persons enumerated by the statute and any person designated in a legally effective release executed by the subject of the test or the subject’s legally authorized representative. A legally effective release is a written release of medical information specific to HIV test results, signed by the test subject. A general release is not sufficient. A single form may be used to authorize the release of medical records, including HIV information, provided such form specifically authorizes the release of any HIV information.6

The Act also provides that no person to whom the results of a test have been disclosed may redisclose the results to another person, except as authorized by the statute.7 Any person aggrieved by a violation of the Act may recover for each violation (1) liquidated damages of $1,000 or actual damages, whichever is greater, against any person who negligently violates the Act; (2) liquidated damages of $5,000 or actual damages, whichever is greater, against any person who intentionally or recklessly violates the Act; (3) reasonable attorney fees; and (4) other relief the court may deem appropriate.8 Intentional or reckless violation of this Act or any regulation issued under the Act constitutes a Class A misdemeanor.

The Act provides that none of its provisions limit the right of the subject of an HIV test to recover damages or other relief under any other applicable law. The confidentiality provisions of the Act do not apply to health maintenance organizations nor to any insurance company, fraternal benefit society, or other insurer regulated under the Illinois Insurance Code.

When a test may be ordered without consent

(1) For the purpose of research, if the testing is performed in such a way that the identity of the test subject is not known and may not be retrieved by the researcher;
(2) When, in the judgement of the treating physician, such testing is medically indicated to provide appropriate diagnosis and treatment of the subject of the test, provided that the test subject has otherwise provided his or her consent for medical treatment;
(3) For reference by a health care facility which procures, processes or distributes blood, human body parts, or semen (donor should be notified of test prior to procurement); and
(4) By a physician when any health care provider, firefighter, EMT, or law enforcement officer is involved in accidental direct skin or mucous membrane contact with blood or bloody fluids that may transmit HIV (without patient identification) and thus has a need to know.

To whom AIDS/HIV test results may be released
Based on the terms of the AIDS Confidentiality Act, a health care facility should disclose HIV test results only to the following parties:

(1) the patient or the patient’s legally authorized representative;
(2) the spouse of the test subject, or the parent of a minor under 18 years of age, if the test is positive and has been confirmed by a Western Blot Assay or more reliable test, provided that the physician has first sought unsuccessfully to persuade the patient to notify the spouse or parent (as applicable) or that a reasonable time after the patient has agreed to make the notification, the physician has reason to believe that the patient has not provided the notification (no duty to do so/no liability for acting in good faith);
(3) any person designated in a legally effective written release specifically permitting the release of AIDS/HIV information, which is signed by the patient or the patient’s authorized representative;
(4) an authorized agent or employee of a health care provider if the provider itself is authorized to obtain test results and the agent or employee has a “need to know,” as set forth in the Act;
(5) the Illinois Department of Public Health (for disease prevention and control), which will then, for children of school age, give prompt and confidential notice of the identity of the child to the principal of the school in which the child is enrolled or, for public schools, to the district superintendent;
(6) health facility staff committees (with anonymity);
(7) any health care provider, firefighter, EMT, or law enforcement officer involved in accidental direct skin or mucous membrane contact with blood or bloody fluids that may transmit HIV (without patient identification);9 or
(8) a temporary caretaker of a child taken into temporary protective custody by the Department of Children and Family Services in accordance with the Illinois Abused and Neglected Child Reporting Act.

The AIDS Confidentiality Regulations define a “legally authorized representative” as a parent, legal guardian, or other court-appointed representative or adult next-of kin for a child under the age of 18. For an incompetent or deceased adult, these regulations state that a legal representative may be an agent authorized under a durable power of attorney for health care; a legal guardian or other court-appointed personal representative; a spouse, an adult child; a parent; or an adult next-of-kin.

Substance abuse records

Finally, most states also have further protections applicable to substance abuse information, pursuant to legislation intended to encourage individuals to seek appropriate treatment for substance abuse without fear of public disclosure. In Illinois, this code is referred to as the Illinois Alcoholism and Other Drug Abuse and Dependency Act,10 which provides that records of the identity, diagnosis, prognosis, or treatment of any patient maintained in connection with the performance of any program relating to alcohol or other drug abuse or dependency education, early intervention, training, treatment or rehabilitation which is regulated, authorized or directly or indirectly assisted by any department or agency of the state must be confidential and may be disclosed only in accordance with federal law and regulations. Each program must establish a written policy and procedure detailing how confidentiality is maintained. Any person who discloses the content of any protected record, except as authorized, is guilty of a Class A misdemeanor.

The Federal Drug Abuse Act provides that records of the identity, diagnosis, prognosis, or treatment of any patient maintained in connection with any federally assisted program or activity relating to alcoholism or drug abuse prevention are confidential and are only to be disclosed as expressly authorized by the statute.11 This statute is consistent with the general public policy that society wants drug or alcohol abusers to seek treatment without fear of disclosure. Pursuant to this Act, the treatment records of diagnosed drug or alcohol patients in a program must remain confidential.

Due to the use rate of drugs and alcohol among criminals, this protective area of the law is controversial. For example, a federal court held in 1989 that the medical records of a patient who sought treatment in an emergency room for a drug overdose were confidential and therefore protected from disclosure in a criminal proceeding based on the Federal Drug Abuse Act.12 In reaching this conclusion, the court determined that a hospital emergency room, while performing functions unrelated to drug abuse, also serves as the first link in drug abuse diagnosis, treatment, and referral.13

This decision caused a stir within the federal government because it shielded a criminal’s treatment records from discovery. The Secretary of HHS apparently did not agree with this decision and, in 1995, amended the relevant Drug Abuse Act regulations that defined “drug treatment program” to narrow the definition of “program” so that persons seeking drug treatment in an emergency room would not be protected under these regulations. Specifically, the regulations now define “program” as:

(a) An individual or entity (other than a general medical care facility) who holds itself out as providing, and provides, alcohol or drug abuse diagnosis, treatment or referral for treatment; or
(b) An identified unit within a general medical facility which holds itself out as providing, and provides, alcohol or drug abuse diagnosis, treatment or referral for treatment; or
(c) Medical personnel or other staff in a general medical care facility whose primary function is the provision of alcohol or drug abuse diagnosis, treatment or referral for treatment and who are identified as such providers.14

In sum, if an individual appears in a hospital’s emergency room for treatment of a drug overdose and the patient is referred to the hospital’s intensive care unit, the patient’s medical records are not protected unless (1) the primary function of the personnel treating the patient is the provision of drug or alcohol abuse diagnosis or treatment; or (2) the emergency room has promoted itself to the community as a provider of such treatment services.

However, it is unclear how the law will address the inevitable — when a patient comes into an emergency room and is then referred to a hospital’s substance abuse treatment program. The regulations do not specify whether the entire medical record, including the emergency room portion of the record, is protected by the Federal Drug Abuse Act, or whether only the substance abuse treatment program of the record is protected.

Release of substance abuse records to third parties

  • Patient consent
    A health care facility may release a patient’s substance abuse records to third parties with the patient’s or the patient’s legal representative’s written consent. Federal regulations15 require the patient’s consent form to include the following information:

    (1) the specific name or general designation of the program or person permitted to make the disclosure;
    (2) the name or title of the individual or the name of the organization to which disclosure is to be made;
    (3) the patient’s name;
    (4) the signature of the patient or the patient’s legal representative;
    (7) the date on which the consent is signed;
    (8) a statement that the consent may be revoked at any time except to the extent that a health care facility has already acted upon it, including the provision of treatment services in reliance on a valid consent to disclose information to a third-party payor; and
    (9) the date, event, or condition upon which the consent expires, and that the consent will last no longer.

If a patient’s legal representative signs a written consent form that meets these criteria, then a health care facility may also release the drug abuse records to a third party. The regulations also specify that, where a patient is adjudicated as incompetent, the patient’s guardian may act on the patient’s behalf to consent to the release of the records.16 Where a patient is determined to be temporarily incompetent because of a medical condition, the program director may exercise the right of the patient and consent to the disclosure of the records.17

  • Federal prohibition of redisclosure notice
    Federal regulations require that a health care facility’s disclosure made with the patient’s written consent also include the following statement: This information has been disclosed to you from records protected by Federal confidentiality rules (42 CFR part 2). The Federal rules prohibit you from making any further disclosure of this information unless further disclosure is expressly permitted by the written consent of the person to whom it pertains or as otherwise permitted by 42 CFR part 2. A general authorization for the release of medical or other information is NOT sufficient for this purpose. The Federal rules restrict any use of the information to criminally investigate or prosecute any alcohol or drug abuse patient.18
  • Exemptions from confidentiality protections
    Under the federal regulations,19 restrictions on disclosure do not apply to the following information or communications:

    (1) Veteran’s Administration records;
    (2) Information obtained by the Armed Forces;
    (3) Information given to qualified service organizations;
    (4) Communications within a program or between a program and an entity having direct administrative control over that program;
    (5) Information given to law enforcement personnel investigating a patient’s commission of a crime on the program premises or against program personnel; and
    (6) Reports under state law of incidents of suspected child abuse and neglect; however, confidentiality restrictions continue to apply to the records and any follow-up information for disclosure and use in civil or criminal proceedings arising from the report of suspected child abuse or neglect.

  • Other permissible disclosures
    Federal regulations20 also permit disclosures without patient consent under the following circumstances:

    (1) For medical emergencies (“need to know”);
    (2) For research activities, per specific parameters;
    (3) For audit evaluation activities (e.g., agency review or PRO); or
    (4) With a court order and subpoena, if

    (a) disclosure is necessary to protect against existing threat to life or of serious bodily injury, including circumstances which constitute suspected child abuse and neglect and verbal threats against third parties;
    (b) disclosure is necessary in connection with investigation or prosecution of an extremely serious crime, such as one that directly threatens loss of life or serious bodily injury, including rape, homicide, kidnapping, armed robbery, assault with a deadly weapon, or child abuse and neglect; or
    (c) disclosure is made in connection with litigation or an administrative proceeding in which the patient offers testimony or other evidence pertaining to the content of the confidential communications.

Conclusion

Release of medical records is subject to a number of rules and regulations that vary depending on the type of records involved. Given the liability that may ensue as well as the breach of trust a health care facility may face with its patient population if inappropriate disclosure occurs, all health care providers and facilities should have specific policies governing release of patient records. Such policies should account for the differing laws that protect specific areas such as behavioral health, developmental disabilities, HIV, and substance abuse information. Individuals who are in the position to release medical records should be fully informed about who may access records with or without authorization; what constitutes appropriate authorization; what information may be released; and what constitutes a valid consent. Moreover, given how frequently laws are amended, revoked, or newly enacted, health care providers and facilities need to establish a mechanism to ensure that their policies and procedures are up-to-date. Trade associations, trade newsletters, and other publications, as well as legal counsel experienced in health law, are all good resources for drafting, implementing, and updating policies and procedures governing the release of confidential medical records.

1. 410 ILCS 50/0.01 et seq.

2. 325 ILCS 325/1 et seq.

3. Illinois Code of Civil Procedure 5/802.

4. 740 ILCS 110/1 et seq.

5. 410 ILSC 305/1 et seq.

6. Ill. Admin. Code Title 77 § 697.140(a)(2) (1994).

7. 410 ILCS 305/10.

8. 410 ILCS 305/13.

9. 210 ILCS 85/6.08.

10. 20 ILCS 301/30 et seq

11. 42 U.S.C. § 290ee-3(a).

12. U.S. v. Eide, 875 F.2d 1429 (9th Cir. 1989).

13. 875 F.2d at 1436.

14. 42 C.F.R. § 2.11 (1995).

15. 42 C.F.R. § 2.31.

16. 42 C.F.R § 2.15(a)(1).

17. 42 C.F.R. § 2.15(a)(2).

18. 42 C.F.R. § 2.32.

19. 42 C.F.R. § 2.12(c).

20. 42 CFR § 2.51-63.

To contact the author, please click here.


The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.