Domestic Relations And Health Information Post-Byrne

March 19, 2015Articles Law360

Reprinted with permission from Law360. (c) 2015 Portfolio Media. Further duplication without permission is prohibited. All rights reserved.

The November 2014 Connecticut Supreme Court opinion in the case of Byrne v. Avery Center for Obstetrics and Gynecology PC has been widely discussed. The main focus of such discussion has usually been the Byrne case’s recognition of the potential use of the Health Insurance Portability and Accountability Act's requirements as a standard of care in a state breach of privacy lawsuit, even though an individual cannot sue under HIPAA itself. Indeed, the Connecticut case is significant because it may spawn copycat lawsuits in other jurisdictions to use HIPAA the same way for state breaches of privacy, negligence and other causes of action.

However, the facts of the Byrne case are interesting because of some of their implications for privacy of individual health information in the context of domestic relations, both in the divorce or separation context and even in a less confrontational domestic environment. In a divorce or breakup context, consideration should be given to privacy issues of individual health information in settlement agreements and divorce decrees. While settlement agreements and divorce decrees often address health care and health insurance issues, especially where there are custodial children involved, addressing individual health information issues is much less common. The individual health information issues that may be addressed in the context of domestic relations go well beyond HIPAA and its privacy rules.

Facts in the Byrne Case Bearing on Domestic Relations

The Byrne case illustrates how individual health information issues may infiltrate the breakup of domestic relationships. Among other things, the plaintiff in the Byrne case complained that, upon the end of her five-month relationship with an individual, she instructed the defendant physician practice group that had provided her with medical services, as permitted under the notice of privacy practices of the group, not to release her medical records to the individual. Thereafter, the group was allegedly served with a subpoena requesting its presence, together with the plaintiff’s medical records, at a court proceeding. The group apparently did not alert the plaintiff as to the existence of the subpoena (thereby foreclosing any opportunity that she might have had to file an objection to the subpoena), file a motion to quash it or appear in court, but rather mailed a copy of the plaintiff’s medical file to the court. The individual later allegedly informed the plaintiff by telephone that he had reviewed the plaintiff’s medical file in the court file.

The Connecticut Supreme Court concluded the following in the Byrne case:


Assuming, without deciding, that Connecticut’s common law recognizes a negligence cause of action arising from health care providers’ breaches of patient privacy in the context of complying with subpoenas, we agree with the plaintiff and conclude that such an action is not preempted by HIPAA and, further, that the HIPAA regulations may well inform the applicable standard of care in certain circumstances.


Therefore, how individual health information may be used or misused in the domestic relations context is of significance to individuals, providers and insurers.

Tips on Dealing with Individual Health Information Issues in the Domestic Relations Context

The following list presents some of the considerations that may arise regarding individual health information in the domestic relations context, both in divorce or separation proceedings, as applicable, and in less acrimonious relationships.

1. Whether an individual is in a stable domestic relations environment or involved in the breakdown of a relationship, careful attention should be given the notice of privacy practices of the health care provider or health insurer or health plan as to: (i) who is entitled to access individual health information in the possession of such provider or insurer; and (ii) the extent to which a patient or subscriber has the right to block such access. For example, an employee subscriber of an employer health plan typically has access not only to all of his or her own claims information, but also to all of the claims information of a covered estranged spouse and of dependents, even if such subscriber is not the custodial parent.

2. To the extent that a notice of privacy practices of a provider or insurer does not answer a question about individual health information access and blocking in the domestic context, an individual should direct the specific question to the provider or insurer, as applicable. However, there may not be a clear answer forthcoming. Moreover, the notice of privacy practices may change in certain respects over time, and individuals should not ignore notices of those changes that can materially affect access and blocking of access to individual health information.

3. Most insurers permit a covered spouse to block access to his or her claims information from the other spouse, even if such other spouse is the employee subscriber or person responsible for paying for health care coverage. This is a matter that should be addressed in a domestic relations agreement or divorce order or agreement because the spouse that is paying for health care coverage may have his or her premiums, copays, deductibles and limits of coverage affected greatly by the claims of the other spouse. The desire to block access to individual health information by the other spouse may be heightened in the case of diagnosis and treatment for sensitive health matters, such as mental illness, substance abuse, infectious diseases, etc. (This last consideration can be present even in a stable domestic relationship where a spouse wants to avoid disclosure regarding such potential ailments, even perhaps to prevent undue anxiety by the other spouse.)

4. Similarly, many insurers will permit a spouse who has custody of children to block access to the claims information of such children from the other spouse, even if such other spouse is the employee subscriber or person who is paying for the health care coverage for the children. Again, consideration should be given to addressing this matter in a domestic relations agreement or divorce order or agreement because the spouse that is paying for health care coverage may have his or her premiums, copays, deductibles and coverage limits greatly affected by unknown claims of children with respect to whom he or she lacks custody over. Moreover, the custodial parent may wish to prevent access by the other parent to prevent what the custodial parent deems to be potential interference with the custodial parent’s discretion as to the appropriate course of treatment and provision of health care services to the children. The HIPAA privacy rule generally allows a parent to have access to the child’s medical records and claims information as the child’s personal representative,[1] as long as such access is not inconsistent with state or other applicable law. Regardless, however, of whether a parent is the personal representative of a minor child, the HIPAA privacy rule defers to state or other applicable laws that expressly address the ability of the parent to obtain health information about the minor child.[2]

5. Where there is shared custody of children, the issue can become even murkier. Without an agreement, there can be a new and unexpected domestic battlefield regarding access, control and blocking of individual health information. While HIPAA requires a covered entity insurer or provider to treat a person that has authority (under applicable law) to act on behalf of another individual as the individual’s personal representative (thereby treating the personal representative as the individual), a provider may choose not to treat a parent as a personal representative in certain circumstances, including where the provider reasonably believes, in his or her professional judgment, that the child has been or may be subjected to domestic violence, abuse or neglect or that treating the parent as the child’s personal representative could endanger the child.

6. The situation can be further complicated by the fact that the Affordable Care Act requires insurers that offer dependent coverage to make the coverage available until the adult child reaches the age of 26 to avoid loss of health insurance for students after they graduate from college.[3] Most insurers permit adult children of 18 or over (e.g., those emancipated under state law) to block access to claims information by their parents, regardless of the fact the parent is paying for the coverage. Such an adult child is typically not a party to divorce settlements or decrees. In some states even minor children below the age of 18 may be permitted to block access to claims information by their parents.

7. HIPAA permits an individual to require a provider to agree to the request of such individual to restrict disclosure to an insurer of protected health information, as defined in HIPAA, about such individual[4] if:


a. the disclosure is for the purpose of carrying out payment or health care operations (but not treatment) and is not otherwise required by law; and

b. the protected health information pertains solely to a health care item or service for which the individual, or person other than the insurer on behalf of the individual, has paid the provider in full.


Adopting this payment approach may allow an individual to prevent his or her spouse from learning about specific events of diagnosis and treatment relating to such individual or his or her custodial children that would otherwise be available by access to claims information through an insurer.


8. HIPAA provides[5] that individuals have the right to request restrictions on how a provider will use and disclose protected health information about them for treatment, payment and health care operations. A provider is not required to agree to an individual’s request for a restriction, but is bound by any restrictions to which it agrees. This type of self-help initiative may enhance efforts to block access to individual health information by a spouse or former spouse, either alone or in aid of other measures.

9. HIPAA also provides that individuals may request receiving confidential communications from a provider, either at alternative locations or by alternative means. For example, an individual may request that her provider call her at her office, rather than at her home. A provider must accommodate an individual’s reasonable request for such confidential communications. An insurer must accommodate an individual’s reasonable request for confidential communications, if the individual clearly states that not doing so could endanger him or her. Again, as in item eight above, this type of self-help initiative may enhance efforts to block access to individual health information by a spouse or former spouse, either alone or in aid of other measures.

10. A wide range of changes in circumstances, such as a change in employment and/or insurer, obtaining services from a new provider, relocation to a different state, changes in state law, reaching of majority age by children and/or life event changes that relate to provisions in a divorce or separation agreement or decree warrants revisiting these tips from time to time. HIPAA rights and responsibilities must be re-evaluated regularly in the context of the facts and circumstances involved at any given time.

Conclusion

The foregoing discussion refers to only a few of the many permutations of issues that may arise regarding individual health information in the domestic relations context. It is intended to indicate the wide diversity of challenges and opportunities that spouses and domestic partners may encounter regarding access and blocking access to individual health information. Individuals who need advice regarding legal aspects of their domestic relationships and/or disputes should seek counsel of professionals who have familiarity not only with the ramifications, complexities and continuous changes involving HIPAA, but also state privacy laws and individual health information.

Reprinted with permission from Law360. (c) 2015 Portfolio Media. Further duplication without permission is prohibited. All rights reserved.