Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Official citation and/or docket number and footnotes (if any) for this case available with purchase.

Learn more about what you receive with purchase of this case.


United States District Court, S.D. New York

March 18, 2004.

NATIONAL ABORTION FEDERATION, MARK I. EVANS, M.D., CAROLYN WESTHOFF, M.D., M.Sc., CASSING HAMMOND, M.D., MARC HELLER, M.D., TIMOTHY R.B. JOHNSON, M.D., STEPHEN CHASEN, M.D., GERSON WEISS, M.D., on behalf of themselves and their patients, Plaintiffs, -against- JOHN ASHCROFT, in his capacity as Attorney General of the United States, along with his officers, agents, servants, employees, and successors in office, Defendant.

The opinion of the court was delivered by: RICHARD CASEY, District Judge.


Now before the Court is Defendant's motion to enforce a subpoena against the New York and Presbyterian Hospital pursuant to Federal Rule of Civil Procedure 45(c)(2)(B). For the reasons stated below, the motion is GRANTED.


  Plaintiffs, a group of physicians and medical providers, filed this action on November 4, 2003, to challenge the constitutionality of the Partial-Birth Abortion Ban Act of 2003 ("the Act"), 18 U.S.C. § 1531, which imposes criminal and civil sanctions on physicians who perform certain abortion procedures. This Court temporarily enjoined enforcement of the Act on November 6,2003, and set the matter for trial to commence March 29, 2004. Plaintiffs assert that the Act is unconstitutional, among other reasons, because it lacks an exception to protect a woman's health as required under the Supreme Court's decision in Stenberg v. Carhart, 530 U.S. 914 (2000).

  During the discovery process, the Attorney General of the United States ("Defendant") issued Page 2 subpoenas to a number of hospitals throughout the country seeking medical records of women on whom the plaintiff physicians performed certain abortion procedures. One of those hospitals is the New York and Presbyterian Hospital ("the Hospital").

  On December 18, 2003, this Court issued an order that authorized, but did not require, the Hospital to produce the records. On December 22, Defendant served a subpoena on the Hospital, accompanied by the Court order, demanding production of "all medical records associated with those medical record numbers to be identified by plaintiffs Carolyn Westhoff, M.D. and Stephen Chasen, M.D. in response to the discovery demands served upon them in" this case. Drs. Westhoff and Chasen, both plaintiffs in this suit, are employed on the faculties of Columbia and Cornell medical schools, which are both affiliated with the Hospital. According to the Hospital, both are attending physicians at, but not employees of, the Hospital. (Memorandum of Law of Non-Party the New York and Presbyterian Hospital in Opposition to Defendant's Motion to Enforce Subpoena, at 2.)

  Defendant also issued similar subpoenas to other hospitals. One such institution, Northwestern University Hospital in Illinois, moved to quash the subpoena in the United States District Court for the Northern District of Illinois. Chief Judge Charles P. Kocoras granted Northwestern's motion on February 4,2004. See Nat'l Abortion Fed'n v. Ashcroft, No. 04 C 55, 2004 WL 292079 (N.D. Ill. Feb. 4, 2004). In a parallel case challenging the Act, Judge Phyllis Hamilton of the Northern District of California denied Defendant's motion to compel discovery seeking similar medical records from health care providers in California and elsewhere. See Planned Parenthood Fed'n of Am. Inc. v. Ashcroft, No. C 03-4872, 2004 WL 432222 (N.D. Cal. Mar. 5, 2004). Defendant has appealed Judge Kocoras's decision to the Seventh Circuit Court of Appeals.*fn1 Page 3 The Court is unaware whether Defendant has also appealed Judge Hamilton's order to the Ninth Circuit.

  In this case, Defendant brought a motion to enforce the subpoena and compel production of the documents. By stipulation of the parties in this case, the Court issued a protective order on January 23, 2004, that requires redaction of individual identification material prior to disclosure. The Hospital argues that the protective order is insufficient under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Pub.L. No. 104-191, §§ 261-264, 110 Stat. 1936 (Aug. 21, 1996), because HIPAA incorporates New York State law requiring patient consent before disclosure. Defendant responds that disclosure is required because the protective order complies with administrative regulations promulgated pursuant to HIPAA. See 45 C.F.R. § 164.512(e) (providing conditions for disclosure of protected health information in judicial proceedings).


  This issue brings into conflict two profoundly important interests: respect for the sanctity of the physician-patient relationship, and the search for truth at the heart of the litigation process. Resolution of the issue requires careful attention to HIPAA and the regulatory framework promulgated to implement it.

 A. The Statutory and Regulatory Framework

  HIPAA is a complex piece of legislation that addresses the exchange of health-related information. Title II of HIPAA includes provisions entitled "Administrative Simplification." See 110 Stat. 1936, 2021-2034 (codified at 42 U.S.C. § 1320d-1320d-8). In one of the Administrative Simplification provisions, Congress delegated to the Secretary of Health and Human Services ("HHS") the authority to make final regulations concerning the privacy of individually identifiable Page 4 health information.*fn2 See HIPAA, § 264(b), (c)(1), 110 Stat. 1936,2033. Those regulations were to address, among other things, the rights of individuals with regard to their health information, the procedures by which individuals may exercise their rights, and the uses and disclosures of health information that may be authorized or required. Id. § 264(b).

  In accordance with this rulemaking authority, in February 2001, HHS promulgated regulations to protect the privacy of protected health information. See 45 C.F.R. § 164.500-.534; South Carolina Medical Ass'n v. Thompson, 327 F.3d 346, 349 (4th Cir. 2003). Protected health information means individually identifiable health information transmitted or maintained in any form or medium. 45 C.F.R. § 160.103. HHS explicitly addressed disclosure of protected health information during judicial or administrative proceedings. See id. § 164.512(e). That provision permits health care providers and other covered entities to disclose protected health information without patient consent: (1) in response to a court order, provided only the information specified in the court order is disclosed; or (2) in response to a subpoena or discovery request if the health care provider receives adequate assurance that the individual whose records are requested has been given sufficient notice of the request, or if reasonable efforts have been made to secure a protective order. Id. § 164.512(e)(1)(i), (ii). Protective orders must (1) prohibit use of the protected health Page 5 information outside the litigation process; and (2) require the return or destruction of the records, including all copies made, at the conclusion of the litigation. Id. § 164.512(e)(1)(v).

  The regulations also provide that health records are not considered individually identifiable, and thus not "protected health information," if certain information is redacted. HHS determined that "[h]ealth information that does not identify an individual and with respect to which there is no reasonable basis to believe that information can be used to identify an individual is not individually identifiable health information." Id. § 164.514(a). The following identifiers must be removed to render medical records not individually identifiable: names; geographic subdivisions smaller than a state (including addresses and full zip codes); all dates except years; telephone and fax numbers; email addresses; social security numbers; medical record numbers; health plan beneficiary numbers; account numbers; license numbers; vehicle identifiers; device identifiers; internet addresses; biometric identifiers such as finger and voice prints; photographs of the individual's full face; and any other unique identifying number, characteristic, or code. Id. § 164.514(b)(2)(i). Records without this data are not considered to be individually identifiable, and therefore are not protected health information.

  Recognizing that HIPAA's privacy provisions might differ from state regulations, Congress directed that all state laws contrary to the regulations promulgated by HHS be preempted, unless the state laws fall within the exception created by HIPAA section 264(c)(2). See 42 U.S.C. § 1320d-7(a)(2)(B). Section 264(c)(2) states: "PREEMPTION. — A regulation promulgated under . . . [HHS's rulemaking authority] shall not supercede a contrary provision of State law, if the State law imposes requirements, standards, or implementation specifications that are more stringent than the requirements, standards, or implementation specifications imposed under the [HHS] regulation." Page 6 110 Stat. 1936, 2033-2034. This antipreemption exception is echoed in the implementing regulations:

A standard, requirement, or implementation specification adopted under this subchapter that is contrary to a provision of State law preempts the provision of State law. . . . except if . . . [t]he provision of State law relates to the privacy of individually identifiable health information and is more stringent than a standard, requirement, or implementation specification adopted under [HIPAA]. . . .
45 C.F.R. § 160.203. A state privacy standard is more stringent than the HHS regulations if the state law "prohibits or restricts a use or disclosure in circumstances upon which such use or disclosure otherwise would be permitted" under HIPAA. Id. § 160.202.

 B. The Issues Before the Court

  The fundamental disagreement between the parties to this dispute revolves around the meaning of HIPAA's antipreemption provision. The Hospital reads the antipreemption provision to incorporate "more stringent" state laws into federal law.*fn3 Because New York law requires patient consent before disclosure and HIPAA provides for certain exceptions to that rule, New York law is Page 7 more stringent.*fn4 See N.Y. C.P.L.R. 4504(a).*fn5 According to the Hospital's interpretation, the enforceability of the subpoena is therefore governed by New York law.

  Defendant argues that HIPAA's antipreemption clause does not provide for incorporation of more stringent state laws; rather the antipreemption clause simply permits more stringent state laws to retain the same force that they had before HIPAA was enacted, but no more. Because state medical privacy regulations lacked any effect on rules of discovery and evidence in federal court proceedings before HIPAA, Defendant contends that those state regulations have no such effect after HIPAA. Instead, he submits that the disclosure of health information in federal court proceedings is governed by Federal Rule of Evidence 501, and that the rule creates no physician-patient privilege that would protect the records from a subpoena.

 C. The Purpose of HIPAA's Antipreemption Provision

  The doctrine of preemption arises from the Supremacy Clause of the U.S. Constitution. See Page 8 U.S. Const. art. VI, cl. 2; Allis-Chambers Corp. v. Lueck, 471 U.S. 202,208 (1985). "[T]he question whether a certain state action is pre-empted by federal law is one of congressional intent." Allis-Chambers, 471 U.S. at 208 (internal quotation marks omitted). In HIPAA, Congress expressly provided for preemption of inconsistent state medical privacy laws except when those laws are more stringent than the standards that HIPAA gives HHS the authority to promulgate. HIPAA § 264(c)(2), 110 Stat. 1936, 2033-2034.

  There is a difference, however, between a federal law that does not preempt a state law and a federal law that incorporates a state rule of law. The latter gives the state law the force of federal law and makes it binding where it would not otherwise be; the former merely allows the state law to continue to operate in its sphere of influence, unaffected by the federal statute. The negative language in section 264(c)(2) does not equate to the positive power to create binding law in the federal domain — here, a case arising under federal law brought in federal court. See Blonder-Tongue Labs., Inc. v. Univ. of Ill. Found., 402 U.S. 313, 324 n.12 (1971) ("In federal-question cases, the law applied is federal law.").

  The Hospital quarrels with this reasoning, maintaining that HIPAA's antipreemption provision requires federal courts to apply more stringent state standards because, in effect, those state standards preempt the HHS regulations. Congress has been more explicit when it intended such a result. For example, the Occupational Safety and Health Act of 1970 ("OSHA"), 29 U.S.C. § 251 et seq., includes a provision that permits state standards to preempt federal law. See id. § 667(b); see also Gade v. Nat'l Solid Wastes Mgmt.Ass'n, 505 U.S. 88,97 (1992). That section is entitled, "Submission for state plan for development and enforcement of State standards to preempt applicable Federal standards." 29 U.S.C. § 667(b) (emphasis added). Page 9

  Similarly, Congress has explicitly incorporated state standards into federal law when it so intends. See, e.g., Individuals with Disabilities in Education Act, 20 U.S.C. § 1401(8)(B) (defining "free appropriate public education" to include special education services that meet standards set by state educational agencies); Assimilative Crimes Act of 1948, 18 U.S.C. § 13 (making violations of state or local criminal laws federal crimes when committed on federal territory); Outer Continental Shelf Lands Act ("OCSLA"), 43 U.S.C. § 1333(a)(2)(A) ("[T]he civil and criminal laws of each adjacent State . . . are declared to be the law of the United States. . . .") (emphasis added).

  No such language of incorporation is present in HIPAA. The language of section 264(c)(2) evinces no congressional intent to adopt state law as federal law, thereby placing the power of the Supremacy Clause behind more stringent state medical privacy laws.

  In contrast, Defendant's interpretation of the antipreemption clause is in harmony with that of HHS. As part of the notice-and-comment process used by administrative agencies when Congress gives them rulemaking power, HHS interpreted section 264(c)(2), HIPAA's antipreemption provision. HHS stated:

  We considered whether the preemption provision of section 264(c)(2) . . . would give effect to State laws that would otherwise be preempted by federal law. For example, we considered whether section 264(c)(2) could be read to make the Medicare program subject to State laws relating to information disclosures that are more stringent than the requirements proposed in this rule, where such laws are presently preempted by the Medicare statute. We also considered whether section 264(c)(2) could be read to apply such State laws to procedures and activities of federal agencies, such as administrative subpoenas and summons, that are prescribed under the authority of federal law. In general, we do not think that section 264(c)(2) would work to apply State law provisions to federal programs or activities with respect to which the State law provisions do not presently apply. Rather, the effect of section 264(c)(2) is to give preemptive effect to State laws that would otherwise be in effect, to the extent they conflict with and are more stringent than the requirements promulgated under the Administrative Simplification authority of HIPAA. Thus. we do not believe that it is the intent of section 264(c)(2) to give an effect to State law that it would not otherwise have in the absence of section 264(c)(2). Page 10

 64 Fed. Reg. 59918, 6000 (Nov. 3, 1999) (emphasis added). Thus, HHS interpreted the antipreemption provision to merely maintain the status quo in states in which more stringent privacy regulations existed prior to HIPAA.

  The Court must defer to HHS's reasonable interpretation of HIPAA. See Chevron USA. Inc. v. Natural Res. Def. Council, 467 U.S. 837, 843-44 (1984). In Chevron, the Supreme Court held that courts must defer to reasonable constructions of a statute, ambiguous or silent on an issue, made by the administrative agency responsible for administering it. Id. at 843. Here, HIPAA is at best ambiguous about the effect of more stringent state laws in areas controlled by federal law prior to HIPAA. HHS reasonably construed section 264(c)(2) not to give any more effect to state law than it would have had in the absence of HIPAA.

  Under the Hospital's interpretation, on the other hand, HIPAA would give to state legislatures a sword when it really provides a shield. If not for HIPAA's antipreemption exception, the Supremacy Clause would sweep away all contrary state medical privacy regulations. Instead, Congress spared more stringent state statutes from preemptive effect. It did not, however, give more stringent state regulations the force of federal law. Thus, N.Y. C.P.L.R. 4504(a) remains the law in areas in which New York State has the authority to regulate, but it has not become the law in areas within the federal domain. Accordingly, New York law does not apply here.

 D. Privilege of the Medical Records Under Federal Law

  In cases arising under federal law such as this one, privileges against disclosure are governed by principles of federal law. See Von Bulow v. Von Bulow, 811 F.2d 136, 141 (2d Cir. 1987) (holding federal law of privileges applies in cases presenting a federal question); Ehrich v. Binghampton City Sch. Dist., 210 F.R.D. 17, 21 (2002) ("[W]hen a complaint asserts a federal Page 11 question . . . the federal law of privilege applies."). Federal Rule of Civil Procedure 45(c)(3)(A)(iii) permits a court to quash or modify a subpoena that requires disclosure of privileged material. The Court must look to the Federal Rules of Evidence to determine when materials are privileged. See Memorial Hosp. v. Shadur, 664 F.2d 1058, 1061 (7th Cir. 1981). Rule 501 provides:

Except as otherwise required by the Constitution of the United States or provided by Act of Congress or in rules prescribed by the Supreme Court pursuant to statutory authority, the privilege of a witness, person, government, State, or political subdivision thereof shall be governed by the principles of the common law as they may be interpreted by the courts of the United States in the light of reason and experience. However, in civil actions and proceedings, with respect to an element of a claim or defense as to which State law supplies the rule of decision, the privilege of a witness, person, government, State, or political subdivision thereof shall be determined in accordance with State law.
Fed.R.Evid. 501 (emphasis added).

  Defendant argues that HIPAA is not intended to affect the application of Rule 501, and therefore does not constitute an exception provided by Congress. However, this argument ignores the plain language of Rule 501 as well as provisions of the HHS regulations.

  Rule 501's savings clause requires federal courts to fashion common law in the light of reason and experience only when the Constitution and federal statutes are silent on the issue. The Rule reflects the general principle that courts develop federal common law only "[w]hen Congress has not spoken to a particular issue." City of Milwaukee v. Illinois, 451 U.S. 304, 313 (1981). Congress has spoken on the privacy of medical records through HIPAA. Thus, this Court agrees with Judge Kocoras that "HIPAA and the regulations promulgated thereunder, not Federal Rule of Evidence 501, control the protections provided to patient medical records held by hospitals." Nat'l Abortion Fed'n, 2004 WL 292079, at *5. This conclusion is bolstered by the fact that the regulations include provisions specifically devoted to disclosure of patient health information during judicial proceedings. See 45 C.F.R. § 160.512(e). HIPAA, through its implementing regulations, speaks Page 12 directly to the privilege asserted in this case.

  The privacy provisions promulgated under HIPAA therefore control the enforceability of the subpoena. As explained above, the regulations permit disclosure of health information without patient consent pursuant to a qualified protective order. See 45 C.F.R. § 164.512(e)(ii), (v). The protective order in this case satisfies the HHS regulations because it permits the use of the health information solely for the purposes of this litigation and requires the destruction or return of the records, and all copies made, within sixty days of the resolution of the case.*fn6 (Agreed Protective Order, Jan. 23, 2004 ["Prot. Order"] ¶¶ 7, 16.)

  In addition, the protective order calls for redaction of at least the following identifying information:

[T]he patient's name; the name of any spouse, partner, child, and emergency contact (collectively `patient relatives'); the birth date, social security number, address, telephone number, fax number, and e-mail address of the patient and any patient relative; the patient and any patient's relative's insurance policy number or group number, and any medical record or chart number.
(Id. ¶ 3.) The Hospital must also redact any other information that might reasonably lead to individual identification as provided in the HHS regulations on de-identification of individual health records. See 45 C.F.R. § 164.514(b)(2)(i). Once redacted, the records are not considered under the regulations to be individually identifiable, and thus can be produced by the Hospital even without Page 13 a protective or court order. See id. HHS has determined that these redactions maintain the anonymity of patients and their families. This Court cannot impose an absolute privilege on health information when HHS, the federal agency which Congress has authorized to institute protections for the privacy of health information, has chosen a different course.

 E. Undue Burden on the Hospital

  The Hospital also argues that compelling production of the records places an undue burden on it under Federal Rule of Civil Procedure 45(c). According to the Hospital, the burdens that will unduly be placed upon it are dealing with the anger and mistrust of its patients, and damage to its reputation. However, production of the records will not be attributable to any misconduct or complicity by the Hospital, but is the direct result of this Court's order enforcing Defendant's subpoena. The Hospital's reputation as a provider of medical services will not be adversely affected by its compliance with a court order. In addition, the Court notes that the Hospital permitted Dr. Chasen to use the records in researching a study that he plans to publish in The American Journal of Obstetrics and Gynecology. Therefore, its arguments on undue burden are not persuasive.


  For the foregoing reasons, Defendant's motion to enforce the subpoena is GRANTED.

 So Ordered

Buy This Entire Record For $7.95

Official citation and/or docket number and footnotes (if any) for this case available with purchase.

Learn more about what you receive with purchase of this case.