Risks and Responsibilities of Record Retrieval During Discovery

POSTED MAY 23, 2016

Written by Heather L. Hughes, J.D., CHPC of U.S. Legal Support for the Spring/Summer 2016 issue of USLAW Magazine

Obtaining medical, billing, employment and other types of records during discovery has become instrumental in successful case resolution. Records are often needed for employment cases, insurance claims, personal injury, mass tort and workers’ compensation claims. The custodians of these records have to comply with HIPAA (The Health Insurance Portability and Accountability Act of 1996), HITECH (The Health Information Technology for Economic and Clinical Health Act of 2009) and various state Data Breach Notification laws. HIPAA and HITECH require that custodians only release medical records with a valid authorization or subpoena. Constant follow-up by the requestor is usually needed to ensure that records are obtained in time for depositions, settlement meetings or other discovery deadlines.

Some law firms and corporations choose to do all record retrieval in-house while many outsource to record retrieval companies. In addition to HIPAA and HITECH regulations, law firms and corporations as well as their vendors must now maintain compliance with Data Breach Notification laws to protect their clients’ personal/sensitive and financial information from potential cybercriminals. While HIPAA and HITECH only apply to certain types of corporations and their outside counsel, Data Breach Notification laws apply to nearly all types of businesses….READ MORE.

Designed & Developed by Peak Seven