Privacy & Cybersecurity Law Blog

Rejecting a defense based on compliance with the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), a federal court in Ohio denied a medical clinic’s motion to dismiss invasion of privacy claims following the clinic’s disclosure of medical records to a grand jury.  In Turk v. Oiler, No. 09-CV-381 (N.D. Ohio Feb. 1, 2010), plaintiff Turk had been under investigation for illegally carrying a concealed weapon and for having a weapon while under disability in violation of an Ohio law which provides that “no person shall knowingly acquire, have, carry, or use any firearm” if “[t]he person is drug dependent, in danger of drug dependence, or a chronic alcoholic.”  Defendant Cleveland Clinic, where Turk was a patient, received a grand jury subpoena requesting “medical records to include but not be limited to drug and alcohol counseling and mental issues regarding James G. Turk.”  When the Cleveland Clinic disclosed Turk’s medical records in response to this subpoena, Turk sued the clinic for violating his privacy rights.

It its defense, the clinic argued that a specific exemption in HIPAA permits such disclosure of medical records in response to a grand jury subpoena.  Ohio’s physician-patient privilege, however, provides that a physician cannot testify as to “a communication made to the physician . . . by a patient in that relation or the physician’s . . . advice to a patient.”  The court found that the term “communication,” as used in the statute, includes hospital records “and is sufficiently broad to cover any confidential information gathered or recorded within them during the treatment of a patient at the hospital.”  Because the HIPAA provision exempting the disclosure would not preempt this more restrictive state law, the court denied the clinic’s motion and refused to dismiss Turk’s privacy claim.  That decision may have prompted a settlement, as this week, the court granted a request by Turk to dismiss all of his claims against the clinic.