The Court of Appeals for the Eleventh Circuit issued an opinion yesterday that HIPAA trumps Florida state law concerning the release of deceased nursing home residents’ records.
From the opinion:
The issue before us is whether § 400.145 of the Florida Statutes—which provides for the release of medical records of deceased residents of nursing homes to certain specified individuals—is preempted by the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 U.S.C. § 1320d to d-9, and its implementing regulations. As it stands, § 400.145 and HIPAA cannot be reconciled, and we agree with the district court that the Florida statute stands as an obstacle to the accomplishment and execution of the full purposes and objectives of HIPAA in keeping an individual’s protected health information strictly confidential. Accordingly, we affirm.
Under HIPAA, the records may be released to a “personal representative” of the deceased. Florida law, however, requires licensed nursing homes to release a former resident’s medical records to the spouse, guardian, surrogate, or attorney-in-fact of any such resident. Although the state argued that the statute simply clarifies who should be considered a “personal representative” for purposes of access to records of deceased residents, the court rejected their analysis
The fatal flaw in the State Agency’s argument is that the plain language of § 400.145 does not empower or require an individual to act on behalf of a deceased resident. The unadorned text of the state statute authorizes sweeping disclosures, making a deceased resident’s protected health information available to a spouse or other enumerated party upon request, without any need for authorization, for any conceivable reason, and without regard to the authority of the individual making the request to act in a deceased resident’s stead.
You can read the full opinion in Opis Management Resources, LLC, et al. v. Secretary, Florida Agency for Health Care Administration here.