Physician-patient privilege waived in fraud probe
■ Physicians worry the Ohio Supreme Court ruling could open patient records in other types of cases and create additional risk for doctors.
By Amy Lynn Sorrel — Posted July 6, 2009
An Ohio Supreme Court ruling could erode certain confidentiality protections afforded to patients' medical records, physicians say.
The case centered on whether a health insurer could discover patient records to support a billing fraud claim it brought against a doctor. Family physician William Schlotterer, DO, objected to providing his patients' records to Medical Mutual of Ohio, saying the documents were protected by the physician-patient privilege unless the insurer obtained the patients' consent. The physician denied any wrongdoing.
The patients involved were not a party to the lawsuit, and the high court affirmed that, absent patients' authorization, medical records are generally protected from disclosure under state law. Because Dr. Schlotterer's patients already consented to release their medical information to Medical Mutual when they signed on for coverage, however, judges found the physician-patient privilege did not apply.
Dr. Schlotterer had argued the consent forms did not authorize Medical Mutual to investigate fraud; rather, it allowed the company to review records for the sole purpose of making coverage and payment determinations.
But the court said that Medical Mutual's probe into whether Dr. Schlotterer received proper reimbursement fell within the claims review process and found the patients' consent broad enough to authorize the release of any related records. As an added safeguard, trial courts may use a protective order to shield confidential information from unnecessary disclosure, the court said.
The case heads back to a trial court to sort out the discovery issues.
Broader privacy implications
Physicians worry the court's interpretation could allow various consent forms to be used as a pretext to access patients' confidential medical records beyond fraud cases.
"The question is, how broadly will not just insurance companies, but anyone writing a consent form, use that provision [in the privilege statute] to seek records," said Nancy Gillette, general counsel to the Ohio State Medical Assn. The organization, along with the Litigation Center of the American Medical Association and State Medical Societies, filed a neutral brief in the case.
The court noted that patients voluntarily signed the insurance consent forms.
Nevertheless, "patients don't necessarily have reason to think through all of the implications when they sign a consent form to have their information released. And in this case, most of us would sign that form thinking it goes to the issue of having our claims paid, but not releasing information in litigation," Gillette said.
The decision also means physicians have to decipher whether they can appropriately disclose patient information without facing liability.
Medical Mutual attorney Stephen F. Gladstone said the company already had much of the confidential patient information from the doctor's billing claims.
"All we were seeking was information from the medical records that backed up what services the doctor said he provided and Medical Mutual covered," he said. "It's not like we were going on a wild goose chase, and we took steps to make sure patients' confidentiality was protected," Gladstone said, noting the insurer requested the patient records under a protective order.
He said state law requires health plans to establish programs for detecting potential fraud, which is how the case evolved. "This is in everyone's interest, especially patients'."
Dr. Schlotterer's attorney did not return calls for comment.
Balancing competing interests
In their brief, physicians agreed that insurance companies should have appropriate access to relevant patient information for purposes of fighting fraud. But doctors argued for a narrow exception to the physician-patient privilege that would ensure patients' private records remained safe from expansive discovery requests.
Organized medicine suggested that a carve-out requiring insurers first to demonstrate they could not, by other means or within a certain time frame, substantiate a reasonable fraud allegation and could not obtain the non-party patients' authorization.
The ruling as it stands, however, "could give insurance companies the ability to rely on a general consent form to investigate fraud, rather than showing some specific need or purpose for requesting the information," Gillette said.
A lone dissenting judge agreed that the majority's interpretation was "much too broad" and likely would result in further litigation over the scope of the consent provision in the privilege statute.
"Now that the claims have been paid, Medical Mutual is attempting to contort a specific, single-purpose consent to release into a general all-purpose consent to release," Justice Paul E. Pfeifer wrote. "One thing is abundantly clear: the insureds in this case did not consent to the release of their medical information for any purpose other than to determine whether their claims would be paid."
Siding with physicians, Pfeifer said that adopting a limited exception would allow insurance companies to pursue claims against allegedly fraudulent doctors "without eroding the physician-patient privilege."