Where plaintiff sent a HIPAA authorization with her HCLA pre-suit notice that failed to include one of the six core elements required on a HIPAA-compliant authorization, dismissal was affirmed, and plaintiff was not entitled to conduct discovery to attempt to show that defendant was not prejudiced by the incomplete HIPAA authorization.
In Reese v. The Waters of Clinton, LLC, No. E2020-01466-COA-R3-CV (Tenn. Ct. App. Aug. 4, 2021), plaintiff, who was the patient’s power of attorney, filed an HCLA case based on treatment the patient received at a skilled nursing facility. Plaintiff sent pre-suit notice to multiple providers, and the complaint alleged that plaintiff had complied with the requirements of Tenn. Code Ann. § 29-26-121(a). The HPAA medical authorizations sent to the providers, however, “left blank the identity of the person or entity to whom the provider may make the disclosure,” which is one of the six core elements required by federal regulations for a HIPAA-compliant authorization. Defendant filed a motion to dismiss, which the trial court granted and the Court of Appeals affirmed.
Plaintiff’s argument on appeal was essentially that she should have been allowed to conduct discovery before the motion was decided for two reasons. First, she argued that “our Supreme Court’s opinion in Martin entitles Plaintiff to conduct discovery because the burden of proof lies with her to prove substantial compliance with pre-suit notice.” (See Martin v. Rolling Hills Hosp., LLC, 600 S.W.3d 322 (Tenn. 2020)). While Martin did outline a burden shifting framework for both establishing and challenging compliance with HCLA pre-suit notice requirements, the Court rejected plaintiff’s argument that this equated to a right for plaintiff to conduct discovery before a dismissal is granted. The Court pointed out that the motion in Martin was a motion for summary judgment, which is why the Court therein cited Rule 56, but that the Martin opinion held that “a Rule 12.02(6) motion is the correct vehicle to challenge compliance with the requirement of pre-suit notice in a healthcare liability action.” (internal citation omitted).
In this case, the Court pointed out that “neither party presented any evidence outside the pleadings involving the Rule 12.02(6) motion to dismiss that would require the Trial Court to treat the motion as a Rule 56 summary judgment motion.” While plaintiff had attached “unrelated examples of medical releases and discovery requests from other cases” to her response to the motion to dismiss, there was “nothing in the record to suggest that the Trial Court considered these…in making its decision.” Because there were no “affidavits or other documentary evidence outside the pleadings” here, the Court ruled that it was not error to analyze this motion to dismiss as a Rule 12.02(6) motion.
Second, plaintiff asserted that she should have been allowed “to conduct discovery in order to demonstrate that Defendant was not prejudiced by her noncompliance with pre-suit notice because Defendant could have obtained Patient’s medical records with the medical authorizations provided in combination with the entire pre-suit notice packet.” The Court stated, though, that since “there was no HIPAA-complaint medical authorization in this case because a core element was missing, [it saw] no possible benefit to allowing Plaintiff discovery.” The Court explained that “one way a defendant can satisfy its burden of demonstrating prejudice in a motion to dismiss is by alleging that the plaintiff’s medical authorization furnished as part of his or her pre-suit notice lacks one of more of the six core elements required for HIPAA compliance under federal law,” which is what defendant did here. (internal citation omitted). Pursuant to recent Tennessee case law, a defendant who receives a non-compliant HIPAA authorization “would ordinarily be deprived of a benefit Section 121 confers because the defendant would be unable to obtain medical records from any other provider receiving the pre-suit notice.” (internal citation and quotation omitted). Further, “defendant has no duty to aid the plaintiff” in complying with HIPAA requirements and “is not required to notify the plaintiff of a missing core element or to ‘test’ an incomplete and facially-noncompliant authorization.” (internal citation omitted).
Explaining why discovery was not warranted here, the Court reasoned:
Plaintiff essentially argues that because Defendant could have obtained Patient’s medical records with the entire pre-suit notice packet provided…, Defendant was not prejudiced and she should be permitted to conduct discovery to establish that defense. We disagree. Plaintiff’s failure to include a completed medical authorization with all the required core elements precluded the provided medical authorization from being HIPAA compliant. …Considering the incomplete medical authorizations in conjunction with the remaining pre-suit notice packet did not make the authorization HIPAA compliant. …Even if Plaintiff were permitted to conduct discovery, we know of nothing that Plaintiff possibly could learn during discovery that would permit her to succeed in establishing substantial compliance under these circumstances… The blank on the authorization form still would remain empty.
Because plaintiff’s pre-suit notice did not comply with the HCLA requirements, she was not entitled to the 120-day extension of the statute of limitations thereunder, and dismissal of the case as time-barred was affirmed.
As we have now seen several times, failure to include one of the six core elements required on a HIPAA-compliant authorization will likely lead to dismissal of an HCLA case. Plaintiff here attempted to argue that discovery was warranted to show that defendant could have in fact still obtained the relevant medical records, but that argument was rejected.
NOTE: This opinion was released two months after oral arguments in this case.