Expert Deposition Sharing After HIPAA

CHARLOTTESVILLE – When a doctor faces a medical malpractice lawsuit, the lawyer defending her will want the lowdown about the plaintiff’s expert.

Lawyers always want the goods on the other side’s guy – who is he, where is he from and what are his credentials? But how do lawyers find the smoking gun on the “hired gun?”

In the past 20 years, the search for answers has progressed from casual conversations with like-minded lawyers to sophisticated databases that track an expert’s trail across the country.

Organizations such as the Defense Research Institute, the national organization for defense lawyers, and Kansas-based IDEX maintain extensive libraries of electronic documents – depositions, trial transcripts and briefs – that can be searched to allow members to construct a profile of a plaintiff’s expert witness.

For plaintiff’s lawyers, similar services are offered by the American Trial Lawyers Association and DepoConnect.

But lawyers feared they might have to tighten up on their information-sharing practices in response to new patient privacy restrictions under the federal Health Insurance Portability & Accountability Act of 1996, 110 Stat. 936.

Attorneys who were coaching their healthcare clients on HIPAA compliance began to question whether and how the defense bar could continue to circulate depositions and transcripts that provided clues on how to attack expert witnesses who testify against doctors and hospitals.

Even if a particular patient’s name and other explicit identifiers are redacted from an expert’s deposition, excising other specifics of the patient’s case, in order to protect the patient’s privacy, could undercut or confuse the expert’s discussion of the facts.

HIPAA hasn’t necessarily put the brakes on the popular practice of sharing expert deposition transcripts, according to Norfolk lawyer Nicole H. Duke. Duke spoke at a May 12 meeting of the Virginia Association of Defense Attorneys.

Duke acknowledged that HIPAA’s patient privacy provisions have prompted lawyers to ask whether they can “send, receive or share expert testimony with colleagues and through [commercial] services.”

“Absolutely not,” was Duke’s “initial reaction.”

After some study, Duke tempered that first response.

Lawyers need to keep in mind that, as attorneys representing hospitals and physicians, they are “business associates” under HIPAA, who must follow the requirements for protecting patient privacy attendant to that status, Duke indicated.

The business associate rules covering “protected health information” (PHI) must be followed when others are hired, Duke said. Lawyers have to “make sure your agents follow the same rules.”

Among the relevant restrictions, business associates can use or disclose PHI only as allowed by the business associate contract or by law, and must employ safeguards to prevent unauthorized disclosure of PHI, according to Duke’s prepared materials.

When operating as a “business associate,” a lawyer “can’t use or disclose [PHI] except as outlined in the contract with the client. You weren’t hired to send that testimony out to other people,” Duke said.

Yet, after further review of the practice, Duke said she has “come full circle” in her opinion about the practice of sharing depositions of experts, because “there are some great arguments to be made for allowing you to disclose and receive” such materials.

Probably the best argument, according to Duke, is that you’ve “got an individual who has put medical state at issue in civil litigation, so that the information is no longer private, unless you go through the process of closing” or sealing the records.

If a deposition is part of a court record, it is “probably fair game. If I have a case number, I can go right into the clerk’s office and see the information,” if it’s not under seal, Duke said. “So these transcripts are ok.”

But trial court records often do not include complete depositions, they use extracts.

In order to redact the protected health information from the excerpt or the longer document, the lawyer may have to remove information on symptoms, illnesses, the dates of medical treatment, and other “biometric indicators,” in addition to the more obvious identifiers such as age, gender, and date of birth. This process can be “pretty burdensome,” but necessary in order to maintain patient privacy, Duke said.

Ultimately, lawyers will have to make case-by-case determinations on deposition sharing, considering factors such as who wants the information and why, where are they located and how readily can identifying information be removed.

The DRI Expert Witness Database carries its own disclaimer, advising users that generally speaking, “deposition transcripts and trial testimony are in the public domain and therefore not subject to privacy protections.” But lawyers wishing to submit transcripts to the DRI database “must determine for themselves whether disclosure of the transcript is lawful under privacy laws,” including HIPAA, the disclaimer says.

“When HIPAA first came out, there was quite an uproar in the healthcare community, and some physicians still go way overboard” in what they think is required under the statute, Duke said.

Among lawyers, there has been a similar cautious approach.

“There was the same type reaction. People didn’t fully understand. But people have gradually come around,” Duke said.

Lawyers who initially thought HIPAA threatened the intelligence network they had built up in recent years, have begun to relax and again channel materials into defense databases.

For defense lawyers who dream about discovering the Achilles’ heel that lets them demolish an opposing expert, the information is just too irresistible.