Sign In
  • WisBar News
    August 31, 2016

    Patient Loses Appeal on Confidential Health Records, Access Not a “Release”

    Joe Forward

    Health Records

    Aug. 31, 2016 – A state appeals court has clarified what it means to “release” confidential health care records in violation of state law, rejecting a patient’s claim that a health care provider’s employees violated the law when accessing his medical records.

    Daniel Wall sued Gunderson Lutheran Health System and two of its employees, arguing the employees accessed his confidential health records without informed consent and Gunderson blocked and hindered his investigation of the alleged unauthorized access.

    Wall had learned that the two Gunderson employees “accessed and observed” his health records through an audit that Gunderson provided to Wall. The audit allowed Wall to see every person or entity that was allowed to view his health records.​

    The defendants moved to dismiss for failure to state a claim on which relief could be granted. The circuit court in Trempealeau County granted the motion. Wall appealed.

    But in Wall v. Pahl, 2015AP1230 (Aug. 30, 2016), a three-judge panel for the District III Court of Appeals affirmed, concluding that Wall’s allegations, even if true, did not violate the state law that restricts the release of patient health care records.

    Wis. Stat section 146.82 requires all patient health care records to remain confidential and says they may only be “released” to persons with informed consent, to persons authorized by the patient, or to certain entities or persons enumerated by statute.

    Wall argued that Gunderson’s employees “released” his records in violation of section 146.82 because the employees accessed the records without his consent. But the employees argued that accessing internal records is not the same as releasing them.

    The three-judge panel noted that “release” is not defined in the statute, but clarified that release does not mean “access” by employees within a patient’s health care provider.

    “Here, interpreting Wis. Stat. § 146.82 to apply to the dissemination of patient health care records from the organization holding the records to its own employees would assuredly lead to unreasonable results,” wrote Appeals Court Judge Lisa Stark.

    But the panel noted that the question was not easily resolved. The dictionary definition of “release” did not help, and looking to definitions of “use” and “disclosure” in closely related statutes on protected health information created other “potential weaknesses.”

    Joe ForwardJoe Forward, Saint Louis Univ. School of Law 2010, is a legal writer for the State Bar of Wisconsin, Madison. He can be reached by email or by phone at (608) 250-6161.

    For instance, Wis. Stat. section 146.816 (uses and disclosures of protected health information), enacted in 2013, tracks more closely with federal confidentiality rules under the Health Insurance Portability and Accountability Act (HIPAA).

    But the definition of “disclosure” under HIPAA, which includes the term “release,” can be read in two ways, the panel explained. That is, it could prohibit “release” of protected health information inside an organization holding the records, as well as outside.

    The panel however, ruled that “release” under state law does not mean release within an organization that is holding the medical records, such as health care organizations, because employees of health care organizations routinely access patient records.

    Judge Stark noted that if patients had a private right of action each time an employee accessed patient health records, “health care employees would be liable not only for intentionally accessing patient health care records without informed consent or a valid purpose, but also for merely accidentally accessing a patient’s records.”

    Stark also noted that it would be nearly impossible, years after the fact, for employees to prove they had a permissible reason for accessing a patient health care record. In addition, Stark explained, health care organizations would be forced to use systems that verified an employee’s access was permissible every time, an unreasonable burden.

    The panel noted that internal use of protected health information by covered entities is still regulated by HIPAA, which imposes civil and criminal penalties for violations.

    “We merely hold that an employee’s internal access to patient records is not the type of conduct governed by § 146.82,” Judge Stark wrote.

    Finally, the panel dismissed Wall’s claim that Gunderson blocked and hindered Wall from investigating why its employees accessed Wall’s records without consent.

    The panel noted that section 146.83(4)(b) applies to the concealment or withholding of “patient health care records,” which are records prepared by a health care provider that are related to the health of a patient. Wall was seeking records outside this category.

    “[A]ny records Gunderson might have kept regarding its internal investigation would not have related to Wall’s health or any treatment or services Wall received,” Judge Stark wrote. “Accordingly, such information, even if reduced to a record, would not have constituted a patient health care record as that term is defined by statute.”

Join the conversation! Log in to leave a comment.

News & Pubs Search

Format: MM/DD/YYYY