The opinion of the court was delivered by: JOAN AZRACK, Chief Magistrate Judge
This is a qui tam action in which relator, Larry Kaplan,
seeks to recover damages on behalf of himself and the United
States pursuant to the False Claims Act, 31 U.S.C. § 3729. The Complaint alleges that defendants defrauded the federal
government by falsifying documents to obtain reimbursement for
ambulance transportation services it provided to Medicare
patients. The United States Department of Justice issued
subpoenas to several non-party health care providers for patient
medical records pursuant to Rule 45 of the Federal Rules of Civil
Procedure. The current dispute between the parties concerns the
terms of a protective order sought by defendants governing the
use of these confidential medical records. The issue is whether
defendants can limit the government's use of these medical
records to this litigation. On September 6, 2005, I ordered the
parties to submit authority for their respective positions.
Having reviewed the parties' submissions, as well as the
applicable law, I find that any protective order may not restrict
the government's use of the confidential patient medical records
solely to purposes of this litigation.
Defendants seek a protective order pursuant to
45 C.F.R. § 164.512(e)(1)(ii)(B), restricting the government's use of
confidential medical records obtained during the pendency of this
action to purposes solely related to this litigation. The
relevant section of defendants' proposed protective order states:
materials can only be used for purposes related to
this litigation, except that nothing contained in
this Protective Order shall limit or circumscribe the
United States from carrying out its role as health
oversight agency for oversight activities authorized
by law under 45 C.F.R. § 164.512(d)(1) or from
carrying out any obligation under law. At the end of
the litigation, the protected health information . . .
will be returned to the covered entities or will be
(Defendants' Proposed Protective Order ¶ 1.)
The government, however, argues that this language is too
restrictive and interferes with its functions as a "health oversight agency" under
45 C.F.R. § 164.512(d). The government argues that 45 C.F.R. § 164.512(d) is
the applicable regulation in this case, not
45 C.F.R. § 164.512(e)(1)(ii)(B), and that the protective order cannot limit
the government's use of confidential patient medical records to
purposes of this litigation.*fn1 The government has proposed
a protective order that includes provisions allowing it to
disclose patient medical records to various agencies or
departments of the United States and Congress.
Thus, the issue is whether, pursuant to § 164.512(e)(1)(ii)(B),
the protective order must include a provision restricting the
government's use of confidential patient information to purposes
related to this litigation, or alternatively, whether the
government must be permitted to disclose the confidential patient
information to various agencies and departments of the United
States and Congress in its role as a "health oversight agency."
This issue has not been previously addressed in the Second
One of the purposes of the Health Insurance Portability and
Accountability Act of 1996 ("HIPAA"), Pub.L. No. 104-191 §§
261-264, 110 Stat. 1936 is to "ensure the integrity and
confidentiality of [patient] information."
42 U.S.C. § 1320d-2(d)(2)(A); see also 65 Fed. Reg. 82462, 82469 (Dec.
28, 2000) (stating that "Congress recognized the challenges to
the confidentiality of health information presented by the
increasing complexity of the health care industry, and by
advances in health information systems technology and
communications."). To accomplish this objective, Congress delegated authority to the
Secretary of the United States Department of Health and Human
Services to promulgate rules and regulations governing the
disclosure of confidential patient information. See HIPAA §
264(c)(i), 110 Stat. 1936, 2033. In accordance with this
rule-making authority, the Secretary adopted regulations which
became effective on April 14, 2001. See 66 Fed. Reg. 12434
(Feb. 26, 2001); 45 C.F.R. §§ 164.500-535.
Section 164.512(d) sets forth the standards for uses and
disclosures of confidential patient information for health
oversight activities. This regulation permits disclosures of
protected health information to a "health oversight agency for
oversight activities authorized by law . . . including . . .
civil . . . proceedings. . . ." 45 C.F.R. § 164.512(d)(1).
Disclosure of confidential patient information, however, is
limited to "activities necessary for appropriate oversight of:"
(i) The health care system;
(ii) Government benefit programs for which health
information is relevant to beneficiary eligibility;
(iii) Entities subject to government regulatory
programs for which health information is necessary
for determining compliance with program standards; or
(iv) Entities subject to civil rights laws for which
health information is necessary for determining
45 C.F.R. § 164.512(d)(1)(i)-(iv).
In contrast, § 164.512(e) sets forth the standards for
disclosures in judicial and administrative proceedings. This
section permits a "covered entity"*fn2 to disclose
confidential patient information under certain circumstances. Disclosures are
permitted in response to a court order, whereby "only the
protected health information expressly authorized by such an
order" may be disclosed. 45 C.F.R. § 164.512(e)(1)(i). A "covered
entity" is also permitted to disclose confidential patient
information in response to a subpoena or discovery request if it
has received adequate assurance that reasonable efforts have been
made to either "ensure that the individual who is the subject of
the protected information that has been requested has been given
notice of the request" or to "secure a qualified protective
order. . . ." 45 C.F.R. § 164.512(e)(1)(i), (ii). A qualified
protective order entered into pursuant to § 164.512(e)(1)(ii)
must satisfy two requirements. First, it must "prohibit the
parties from using or disclosing the protected health information
for any purpose other than the litigation or proceeding for which
such information was requested." 45 C.F.R. § 164.512(e)(1)(v)(A).
Second, the protective order must require that the parties return
or destroy all protected health information, including any
copies, at the end of the litigation. See
45 C.F.R. § 164.512(e)(1)(v)(B).
The government, citing United States ex rel. Stewart v.
Louisiana Clinic, No. Civ. A. 99-1767, 2002 WL 31819130 (E.D.
La. Dec. 12, 2002), argues that it may use confidential patient
information obtained during discovery in connection with "health
oversight activities" and not solely for purposes related to this
litigation. Stewart, like this case, was a qui tam action
in which defendants were alleged to have submitted "false claims
for reimbursement for medical services provided to Medicare and
Medicaid." Id. at *1. The government declined to intervene in
the action; therefore, defendants argued that the government was
a "nonparty with no rights to participate in . . . discovery and
that it must be ordered to use the documents, if it receives
them, solely for purposes of this litigation." Id. at *7. The
court, however, disagreed and held that the language in § 164.512(d)(1) was "clear and unambiguous" and that
the government may use the nonparty medical records it obtained
through discovery "in connection with its legitimate governmental
health oversight activities, and not solely for the purposes of
this litigation." Id. at *10.
Defendants' rebuttal to the government's reliance on Stewart
is simply, "[w]e do not believe [this case] is dispositive on
whether plaintiff's broad language should be ordered by the
Court." Defendants also urge that its proposed protective order
is consistent with the holding in Stewart because it
"recognizes the [Department of Justice's] function as a health
oversight agency." (See ...