WALLACE, /.,
Presently before the Court is Plaintiff Mary Jane Simon’s Motion to Compel Defendant’s Discovery Responses.
Facts
Mary Jane Simon (Plaintiff) is an adult individual residing in Sharon, PA. Specialty Orthopaedics, P.C. (Defendant) is a corporation conducting business in Pennsylvania with a registered office in Hermitage, PA. On October 3, 2011, Plaintiff attended a therapy/exercise session with Defendant. She was being instructed by an employee, Robert Griffith. Mr. Griffith instructed Plaintiff to balance her leg on a large fitness ball. Plaintiff was 82 years old at the time and had only attended two prior [400]*400sessions with Defendant. While attempting to comply with Mr. Griffith’s instructions, Plaintiff fell into gym equipment located next to her. Plaintiff alleges that she sustained injuries as a result of the fall accident and has suffered numerous complications
On January 23, 2014, Plaintiff served upon Defendant Plaintiff’s First Set of Interrogatories and Requests for Production of Documents Directed to Defendant requesting the identities of any eye witnesses to the accident. Plaintiff filed a Motion to Compel Discovery Responses on March 10, 2014, and said motion was granted on March 17,2014. Defendant served its Answers to Plaintiff’s First Set of Interrogatories and Requests for Production of Documents upon Plaintiff’s counsel on April 7, 2014. In its Answers, Defendant objected to providing the identities of any witnesses to the accident on the grounds that their identities are protected by the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA). Plaintiff filed another Motion to Compel Discovery Responses on August 1, 2014 alleging that Defendant’s discovery responses were deficient. On August 4, 2014, this Court issued an Order reserving any ruling on the HIPAA issue pending Defendant’s briefing of said issue. Defendant was given seven days to submit a brief with respect to the HIPAA issue, and Plaintiff was given 10 days to file a reply brief.
However, Defendant did not brief the HIPAA issue. Instead, Defendant sent correspondence to Plaintiff’s counsel on August 8, 2014 amending its response to Interrogatory 20, claiming that Defendant was unaware of whether any other individuals present at the Wellness Center were eyewitnesses to the incident. On August 18, 2014, Plaintiff sent her Third Set of Interrogatories [401]*401and Second Request for Production of Documents to Defendant limited to the issue of identifying potential witnesses. Defendant objected to this discovery request on the grounds that the identities of the individuals at the Wellness Center are protected under HIPAA. Plaintiff then filed another Motion to Compel Discovery Responses on November 19, 2014. Defendant then filed an Omnibus Brief addressing the HIPAA issue. There was a hearing before this Court on December 22, 2014. In an Order issued on the same day, this Court noted that Defendant submitted a brief on the HIPAA issue concerning the identity of witnesses. This Court gave Plaintiff 30 days to submit her reply brief, and the parties were to notify the Court whether they wished to schedule argument in this matter. On February 2, 2015, Defendant filed a Praecipe for Argument Date to resolve the HIPAA dispute. Oral argument was held before this Court on April 6, 2015.
Law and Discussion
At issue in this case is whether the identities of potential eye witnesses to Plaintiff’s accident in Defendant’s Wellness Center is protected healthcare information under HIPAA. This Court will discuss the following issues: whether HIPAA creates an evidentiary privilege injudicial proceedings, whether Defendant is a healthcare provider under HIPAA and whether the information sought is protected health information under HIPAA? For the reasons discussed below, this Court finds that the identity of a potential witness is not protected under the HIPAA privacy provisions.1
[402]*402Whether HIPAA may be used as an Evidentiary Privilege?
First, this Court will examine whether the HIPAA privacy provisions create an evidentiary privilege in judicial proceedings. In T.M. v. Elwyn, Inc., 950 A.2d 1050 (Pa.Super. 2008), the plaintiff was a student at Elwyn Alternative School, which handled and educated children with mental health and behavioral issues. The plaintiff sued the school for a number of claims including negligent hiring, training and supervision after being assaulted on multiple occasions by one of the defendant’s employees. The plaintiff made several discovery requests, which the trial court granted. These discovery requests involved obtaining pleadings and discovery from other lawsuits against the school for sexual abuse by its employees. The defendant appealed raising a number of objections based on privilege. One of these obj ections was that the requested information was protected by HIPAA. The defendant argued that it was a covered entity under HIPAA and that it must comply with HIPAA and its associated regulations because it provides behavioral and mental health services. The Superior Court disagreed with the defendant and found that HIPAA does not create an evidentiary privilege in court proceedings. Id. at 1059-60. Additionally, the Superior Court noted that even if the defendant was a protected entity under HIPAA, section 164.512(e) of the privacy rule “indicates generally (with certain caveats and requirements for disclosure pursuant to a court order or [403]*403subpoena) that release of protected health information is permissible without patient authorization in judicial proceedings.” Id. 1060. (citing 45 C.F.R. § 164.512(e)). Thus, even protected health information may be obtained injudicial proceedings.
HIPAA outlines the steps to follow in order to obtain protected health information during a judicial proceeding in 45 CFR 164.512(e). There are three ways to obtain protected health information in judicial proceedings under HIPAA. First, a party may obtain a Court Order to acquire such information. 45 CFR 164.512(e)(l)(i). In the absence of a Court Order, 45 CFR 164.512(e)(1) (ii)(A) and (B) provide two additional methods available when used in conjunction with more traditional means of discovery. Specifically relevant to this case, § 164.512(e) permits disclosure of protected health information in the course of any judicial proceeding “[i]n response to an order of a court or administrative tribunal, provided that the covered entity discloses only the protected health information expressly authorized by such order . . .” 45 C.F.R. § 164.512(e)(l)(i). Therefore, Defendant cannot use HIPAA as a shield to avoid reasonable discovery requests injudicial proceedings.
Whether Defendant is a Healthcare Provider under HIPAA?
Next, this Court must determine whether Defendant is an entity covered by HIPAA’s privacy provisions.
Free access — add to your briefcase to read the full text and ask questions with AI
WALLACE, /.,
Presently before the Court is Plaintiff Mary Jane Simon’s Motion to Compel Defendant’s Discovery Responses.
Facts
Mary Jane Simon (Plaintiff) is an adult individual residing in Sharon, PA. Specialty Orthopaedics, P.C. (Defendant) is a corporation conducting business in Pennsylvania with a registered office in Hermitage, PA. On October 3, 2011, Plaintiff attended a therapy/exercise session with Defendant. She was being instructed by an employee, Robert Griffith. Mr. Griffith instructed Plaintiff to balance her leg on a large fitness ball. Plaintiff was 82 years old at the time and had only attended two prior [400]*400sessions with Defendant. While attempting to comply with Mr. Griffith’s instructions, Plaintiff fell into gym equipment located next to her. Plaintiff alleges that she sustained injuries as a result of the fall accident and has suffered numerous complications
On January 23, 2014, Plaintiff served upon Defendant Plaintiff’s First Set of Interrogatories and Requests for Production of Documents Directed to Defendant requesting the identities of any eye witnesses to the accident. Plaintiff filed a Motion to Compel Discovery Responses on March 10, 2014, and said motion was granted on March 17,2014. Defendant served its Answers to Plaintiff’s First Set of Interrogatories and Requests for Production of Documents upon Plaintiff’s counsel on April 7, 2014. In its Answers, Defendant objected to providing the identities of any witnesses to the accident on the grounds that their identities are protected by the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA). Plaintiff filed another Motion to Compel Discovery Responses on August 1, 2014 alleging that Defendant’s discovery responses were deficient. On August 4, 2014, this Court issued an Order reserving any ruling on the HIPAA issue pending Defendant’s briefing of said issue. Defendant was given seven days to submit a brief with respect to the HIPAA issue, and Plaintiff was given 10 days to file a reply brief.
However, Defendant did not brief the HIPAA issue. Instead, Defendant sent correspondence to Plaintiff’s counsel on August 8, 2014 amending its response to Interrogatory 20, claiming that Defendant was unaware of whether any other individuals present at the Wellness Center were eyewitnesses to the incident. On August 18, 2014, Plaintiff sent her Third Set of Interrogatories [401]*401and Second Request for Production of Documents to Defendant limited to the issue of identifying potential witnesses. Defendant objected to this discovery request on the grounds that the identities of the individuals at the Wellness Center are protected under HIPAA. Plaintiff then filed another Motion to Compel Discovery Responses on November 19, 2014. Defendant then filed an Omnibus Brief addressing the HIPAA issue. There was a hearing before this Court on December 22, 2014. In an Order issued on the same day, this Court noted that Defendant submitted a brief on the HIPAA issue concerning the identity of witnesses. This Court gave Plaintiff 30 days to submit her reply brief, and the parties were to notify the Court whether they wished to schedule argument in this matter. On February 2, 2015, Defendant filed a Praecipe for Argument Date to resolve the HIPAA dispute. Oral argument was held before this Court on April 6, 2015.
Law and Discussion
At issue in this case is whether the identities of potential eye witnesses to Plaintiff’s accident in Defendant’s Wellness Center is protected healthcare information under HIPAA. This Court will discuss the following issues: whether HIPAA creates an evidentiary privilege injudicial proceedings, whether Defendant is a healthcare provider under HIPAA and whether the information sought is protected health information under HIPAA? For the reasons discussed below, this Court finds that the identity of a potential witness is not protected under the HIPAA privacy provisions.1
[402]*402Whether HIPAA may be used as an Evidentiary Privilege?
First, this Court will examine whether the HIPAA privacy provisions create an evidentiary privilege in judicial proceedings. In T.M. v. Elwyn, Inc., 950 A.2d 1050 (Pa.Super. 2008), the plaintiff was a student at Elwyn Alternative School, which handled and educated children with mental health and behavioral issues. The plaintiff sued the school for a number of claims including negligent hiring, training and supervision after being assaulted on multiple occasions by one of the defendant’s employees. The plaintiff made several discovery requests, which the trial court granted. These discovery requests involved obtaining pleadings and discovery from other lawsuits against the school for sexual abuse by its employees. The defendant appealed raising a number of objections based on privilege. One of these obj ections was that the requested information was protected by HIPAA. The defendant argued that it was a covered entity under HIPAA and that it must comply with HIPAA and its associated regulations because it provides behavioral and mental health services. The Superior Court disagreed with the defendant and found that HIPAA does not create an evidentiary privilege in court proceedings. Id. at 1059-60. Additionally, the Superior Court noted that even if the defendant was a protected entity under HIPAA, section 164.512(e) of the privacy rule “indicates generally (with certain caveats and requirements for disclosure pursuant to a court order or [403]*403subpoena) that release of protected health information is permissible without patient authorization in judicial proceedings.” Id. 1060. (citing 45 C.F.R. § 164.512(e)). Thus, even protected health information may be obtained injudicial proceedings.
HIPAA outlines the steps to follow in order to obtain protected health information during a judicial proceeding in 45 CFR 164.512(e). There are three ways to obtain protected health information in judicial proceedings under HIPAA. First, a party may obtain a Court Order to acquire such information. 45 CFR 164.512(e)(l)(i). In the absence of a Court Order, 45 CFR 164.512(e)(1) (ii)(A) and (B) provide two additional methods available when used in conjunction with more traditional means of discovery. Specifically relevant to this case, § 164.512(e) permits disclosure of protected health information in the course of any judicial proceeding “[i]n response to an order of a court or administrative tribunal, provided that the covered entity discloses only the protected health information expressly authorized by such order . . .” 45 C.F.R. § 164.512(e)(l)(i). Therefore, Defendant cannot use HIPAA as a shield to avoid reasonable discovery requests injudicial proceedings.
Whether Defendant is a Healthcare Provider under HIPAA?
Next, this Court must determine whether Defendant is an entity covered by HIPAA’s privacy provisions. HIPAA applies to the following entities: a health plan, a healthcare clearinghouse and a healthcare provider who transmits any health information in electronic form in connection with a transaction. 45 C.F.R. § 160.102(a)(l)-(3). In order to understand what this entails, this Court must further examine the definitions of different terms within HIPAA.
[404]*404In order for the HIPAA privacy provisions to apply, Defendant must be considered a healthcare provider under HIPAA. Accordingly, a healthcare provider is defined as a provider of services under 42 U.S.C. § 1395x(u), a provider of medical or health services under 42 U.S.C. § 1395x(s) and any other person or organization who furnishes, bills, or is paid for healthcare in the normal course of business.” 45 C.F.R. § 160.103. Defendant argues that it is a provider of medical or health services and is, therefore, covered by HIPAA. Thus, the term medical or health services is defined as “outpatient physical therapy services, outpatient speech-language pathology services, and outpatient occupational therapy services.” 42 U.S.C. § 1395x(s)(D).
Finally, this Court must examine the definition of the term transaction under HIPAA. A transaction “means the transmission of information between two parties to carry out financial or administrative activities related to healthcare . . “ and includes (1) healthcare claims or equivalent encounter information, (2) health are payment and remittance advice, (3) coordination of benefits, (4) healthcare claim status, (5) enrollment and disenrollment in a health plan, (6) eligibility for a health plan, (7) health plan premium payments, (8) referral certification and authorization, (9) first report of injury, (10) health claims attachments, (11) healthcare electronic funds transfers and remittance advice, and (12) other transactions that the Secretary may prescribe by regulation. 45 C.F.R. § 160.103.
In this case, Defendant claims that it is a covered entity under HIPAA because it employs physicians and other healthcare providers who provide medical care and services, and the Wellness Center provides physical therapy [405]*405and occupational therapy services in addition to exercise services. While Defendant may provide outpatient physical therapy and occupational therapy services, the privacy protections of HIPAA are only triggered if the healthcare provider transmits any information in an electronic form in connection with a transaction. 45 C.F.R. § 160.102(a) (3). Here, Defendant does not allege that it engages in any of the covered transactions discussed above, or that it transmits any of this information electronically. Therefore, Defendant failed to prove that it is a protected entity under HIPAA. However, even if Defendant was a protected entity under HIPAA, 45 CFR 164.512(e), supra, clearly creates an exception to the HIPAA privacy provisions in judicial proceedings.
Whether the information sought is protected health information under HIPAA?
Finally, this Court must determine whether the identity of a witness is considered to be protected health information under the provisions of HIPAA. Protected health information under HIPAA is defined as individually identifiable health information that is (1) transmitted by electronic media; (2) maintained in electronic media; or (3) transmitted or maintained in any other form or medium. 45 C.F.R. § 160.103. Thus, in order to determine whether the identity of a witness is considered protected health information under HIPAA, this Court must first determine the meaning of the term health information.
Accordingly, health information under HIPAA is defined as follows:
Health information means any information, including genetic information, whether oral or recorded in any form or medium, that:
[406]*406(1) Is created or received by a healthcare provider, health plan, public health authority, employer, life insurer, school or university, or healthcare clearinghouse; and
(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual.
Id. Individually identifiable health information is a subset of health information that
(1) Is created or received by a healthcare provider, health plan, employer, or healthcare clearinghouse; and
(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual; and
(i) That identifies the individual; or
(ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual.
Id. These definitions make it clear that in order for the information requested to be protected, it must be concerned with the physical health, mental health or condition of the person, the provision of healthcare to that person, or the payment for provision of healthcare. In this case, Plaintiff is only seeking the identities of any individuals who may have seen her fall on the date in question at the Wellness Center. Plaintiff is not asking for information relating to the physical or mental health, provision of healthcare or [407]*407payment for healthcare of Defendant’s patrons. Plaintiff only wants to inquire with any individuals about her fall accident. Therefore, the information requested by Plaintiff is not protected health information under HIPAA.
ORDER
AND NOW, this 22nd day of May, 2015, it is hereby ORDERED, ADJUDGED and DECREED as follows:
1. Defendant, Specialty Orthopaedics, P.C., is compelled to produce the identities of the persons, including each persons’ name, telephone number and address, who were present at the Wellness Center on the date of Plaintiff’s fall accident. However, said discovery will be limited to those individuals who were present at the wellness center at the time of the accident.
2. Discovery in this case shall be extended generally and shall be completed within sixty (60) days of this Order.