United States ex rel. Kaplan v. Metropolitan Ambulance & First-Aid Corp.

MEMORANDUM AND ORDER

AZRACK, United States Magistrate Judge.

This is a qui tam action in which relator, Larry Kaplan, seeks to recover damages on behalf of himself and the United States pursuant to the False Claims Act, 31 U.S.C. § 3729. The Complaint alleges that defendants defrauded the federal government by falsifying documents to obtain reimbursement for ambulance transportation services it provided to Medicare patients. The United States Department of Justice issued subpoenas to several non-party health care providers for patient medical records pursuant to Rule 45 of the Federal Rules of Civil Procedure. The current dispute between the parties concerns the terms of a protective order sought by defendants governing the use of these confidential medical records. The issue is whether defendants can limit the government’s use of these medical records to this litigation. On September 6, 2005, I ordered the parties to submit authority for their respective positions. Having reviewed the parties’ submissions, as well as the applicable law, I find that *2any protective order may not restrict the government’s use of the confidential patient medical records solely to purposes of this litigation.

I. FACTS

Defendants seek a protective order pursuant to 45 C.F.R. § 164.512(e)(l)(ii)(B), restricting the government’s use of confidential medical records obtained during the pendency of this action to purposes solely related to this litigation. The relevant section of defendants’ proposed protective order states:

materials can only be used for purposes related to this litigation, except that nothing contained in this Protective Order shall limit or circumscribe the United States from carrying out its role as health oversight agency for oversight activities authorized by law under 45 C.F.R. § 164.512(d)(1) or from carrying out any obligation under law. At the end of the litigation, the protected health information ... will be returned to the covered entities or will be destroyed.

(Defendants’ Proposed Protective Order ¶ 1.)

The government, however, argues that this language is too restrictive and interferes with its functions as a “health oversight agency” under 45 C.F.R. § 164.512(d). The government argues that 45 C.F.R. § 164.512(d) is the applicable regulation in this case, not 45 C.F.R. § 164.512(e)(l)(ii)(B), and that the protective order cannot limit the government’s use of confidential patient medical records to purposes of this litigation.1 The government has proposed a protective order that includes provisions allowing it to disclose patient medical records to various agencies or departments of the United States and Congress.

Thus, the issue is whether, pursuant to § 164.512(e)(l)(ii)(B), the protective order must include a provision restricting the government’s use of confidential patient information to purposes related to this litigation, or alternatively, whether the government must be permitted to disclose the confidential patient information to various agencies and departments of the United States and Congress in its role as a “health oversight agency.” This issue has not been previously addressed in the Second Circuit.

II. DISCUSSION

One of the purposes of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Pub.L. No. 104-191 §§ 261-264, 110 Stat. 1936 is to “ensure the integrity and confidentiality of [patient] information.” 42 U.S.C. § 1320d-2(d)(2)(A); see also 65 Fed.Reg. 82462, 82469 (Dec. 28, 2000) (stating that “Congress recognized the challenges to the confidentiality of health information presented by the increasing complexity of the health care industry, and by advances in health information systems technology and communications.”). To accomplish this objective, Congress delegated authority to the Secretary of the United States Department of Health and Human Services to promulgate rules and regulations governing the disclosure of confidential patient information. See HIPAA § 264(c)®, 110 Stat.1936, 2033. In accordance with this rule-making authority, the Secretary *3adopted regulations which became effective on April 14, 2001. See 66 Fed.Reg. 12434 (Feb. 26, 2001); 45 C.F.R. §§ 164.500-535.

Section 164.512(d) sets forth the standards for uses and disclosures of confidential patient information for health oversight activities. This regulation permits disclosures of protected health information to a “health oversight agency for oversight activities authorized by law ... including ... civil ... proceedings .... ” 45 C.F.R. § 164.512(d)(1). Disclosure of confidential patient information, however, is limited to “activities necessary for appropriate oversight of:”

(i) The health care system;
(ii) Government benefit programs for which health information is relevant to beneficiary eligibility;
(iii) Entities subject to government regulatory programs for which health information is necessary for determining compliance with program standards; or
(iv) Entities subject to civil rights laws for which health information is necessary for determining compliance.

45 C.F.R. § 164.512(d)(l)(i)-(iv).

In contrast, § 164.512(e) sets forth the standards for disclosures in judicial and administrative proceedings. This section permits a “covered entity”2 to disclose confidential patient information under certain circumstances. Disclosures are permitted in response to a court order, whereby “only the protected health information expressly authorized by such an order” may be disclosed. 45 C.F.R. § 164.512(e)(l)(i). A “covered entity” is also permitted to disclose confidential patient information in response to a subpoena or discovery request if it has received adequate assurance that reasonable efforts have been made to either “ensure that the individual who is the subject of the protected information that has been requested has been given notice of the request” or to “secure a qualified protective order .... ” 45 C.F.R. § 164.512(e)(l)(i), (ii). A qualified protective order entered into pursuant to § 164.512(e)(l)(ii) must satisfy two requirements. First, it must “prohibit the parties from using or disclosing the protected health information for any purpose other than the litigation or proceeding for which such information was requested.” 45 C.F.R. § 164.512(e)(l)(v)(A). Second, the protective order must require that the parties return or destroy all protected health information, including any copies, at the end of the litigation. See 45 C.F.R. § 164.512(e)(l)(v)(B).

The government, citing United States ex rel. Stewart v. Louisiana Clinic, No. Civ. A. 99-1767, 2002 WL 31819130 (E.D.La. Dec. 12, 2002), argues that it may use confidential patient information obtained during discovery in connection with “health oversight activities” and not solely for purposes related to this litigation. Stewart, like this case, was a qui tam action in which defendants were alleged to have submitted “false claims for reimbursement for medical services provided to Medicare and Medicaid.” Id. at *1. The government declined to intervene in the action; therefore, defendants argued that the government was a “nonparty with no rights to participate in ... discovery and that it must be ordered to use the documents, if it receives them, solely for purposes of this litigation.” Id. at *7. The *4court, however, disagreed and held that the language in § 164.512(d)(1) was “clear and unambiguous” and that the government may use the nonparty medical records it obtained through discovery “in connection with its legitimate governmental health oversight activities, and not solely for the purposes of this litigation.” Id. at *10.

Defendants’ rebuttal to the government’s reliance on Stewart is simply, “[w]e do not believe [this case] is dispositive on whether plaintiffs broad language should be ordered by the Court.” Defendants also urge that its proposed protective order is consistent with the holding in Stewart because it “recognizes the [Department of Justice’s] function as a health oversight agency.” (See Letter to Court, Jay G. Safer, dated Sept. 30, 2005, at 3.) The defendants’ argument is unpersuasive.

As mentioned above, the defendants’ proposed order would limit use of confidential patient information to purposes related to this litigation, “except that nothing contained in this Protective Order shall limit or circumscribe the United States from carrying out its role as health oversight agency for oversight activities authorized by law under 45 C.F.R. § 164.512(d)(1) or from carrying out any obligation under law.” (Defendants’ Proposed Protective Order ¶ 1.) However, the provision in the proposed order that requires the protected health information to be returned to the covered entities or destroyed at the end of the litigation appears to make it virtually impossible for the government to carry out its oversight activities, unless, of course, some provision is made for them to retain a copy of the records. Therefore, it is clear that defendants’ proposed protective order limits the government’s ability to perform its functions as a health oversight agency.

Because defendants’ proposed protective order would limit the use of confidential patient information obtained during discovery, it conflicts with § 164.512(d). In contrast to § 164.512(e), which is premised on the existence of a prior judicial or administrative proceeding, § 164.512(d) permits a “covered entity” to disclose confidential patient information to health oversight agencies in connection with health oversight activities. “Health oversight agency means an agency or authority of the United States ... that is authorized by law to oversee the health care system (whether public or private) or government programs in which health information is necessary to determine eligibility or compliance, or to enforce civil rights laws for which health information is relevant.” 45 C.F.R. § 164.501. The United States Department of Justice is a health oversight agency as defined in this regulation. See 65 Fed. Reg. 82462, 82492 (Dec. 28, 2000); Stewart, 2002 WL 31819130, at *9-10. Accordingly, the provision in defendants’ proposed protective order may not restrict the government’s functions as a “health oversight agency” under § 164.512(d).

As noted by the government, § 164.512(e) is inapplicable to the facts of this case. The comments to § 164.512(e) state in relevant part:

[w]e clarify that the provisions of [§ 164.512(e) ] do not supersede or otherwise invalidate other provisions of this rule that permit uses and disclosures of protected health information. For example, the fact that protected health information is the subject of a matter before a court or tribunal does not prevent its disclosure under another provision of the rule, such as §§ 164.512(b), 161.512(d), or 164.512(f), even if a public agency’s method of requesting the information is pursuant to an administrative proceeding. For example, where a public agency com-*5menees a disciplinary action against a health professional, and requests protected health information as part of its investigation, the disclosure [must] be made to the agency under paragraph (d) of this section (relating to health oversight) even if the method of making the request is through the proceeding.

65 Fed.Reg. 82462, 82530 (emphasis added).

Finally, a review of the comments to § 164.512(d) also supports the government’s position. The relevant part states that a “covered entity” may disclose protected health information pursuant to § 164.512(d)(1) “[w]here the individual is not the subject of the activity or investigation, or where the investigation or activity relates to[:]”

(a) [t]he receipt of health care; (b) a claim for public benefits related to health; or (c) qualification for, or receipt of public benefits or services where a patient’s health is integral to the claim of benefits or services.

65 Fed.Reg. 82462, 82529. In this case, the government’s investigation of defendants’ alleged fraudulent acts clearly relates to “qualification for, or receipt of public benefits or services where a patients health is integral to the claim of benefits or services.” Whether defendants were entitled to payments from Medicare for the ambulance services it provided depends on whether the patients’ medical conditions were such that they satisfied the threshold requirements for this service. Furthermore, the comments state that “[f]or purposes of this rule, we intend for investigations regarding issues (a) through (c) above to mean investigations of health care fraud.” Id. Defendants are being investigated for allegedly defrauding the federal government by falsifying documents to obtain reimbursement for ambulance transportation services it provided to Medicare patients. Defendants’ proposed protective order clearly conflicts with the government’s ability to carry out its role as a “health oversight agency” pursuant to § 164.512(d) by restricting the use of confidential patient information obtained during discovery solely to purposes of this litigation.

III. CONCLUSION

For the foregoing reasons, I find that the protective order may not restrict the government’s use of confidential patient medical records solely to purposes of this litigation. Accordingly, the parties are hereby ordered to submit a final protective order incorporating paragraphs (10) and (11) of the government’s proposed protective order.

SO ORDERED.

. The government maintains that a protective order is not required when it subpoenas medical records in its capacity as a “health oversight agency” pursuant to § 164.512(d). It has, however, agreed to enter into a protective order in an effort to protect confidential patient information and to facilitate discovery. (See Letter to Court, Edward K. Newman, Assistant United States Attorney, dated Sept. 30, 2005, at 2.)

. A "covered entity” is defined as:

(1) A health plan.
(2) A healthcare clearinghouse.
(3) A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter.

45 C.F.R. § 160.103.