Learn About the Law
Get help with your legal needs
Gary HOPKINS v. Kalipatti S. BALACHANDRAN et al.
The plaintiff, Gary Hopkins, appeals from the judgment of the trial court denying his motion for partial summary judgment and granting the cross motion for summary judgment of the defendants, Kalipatti S. Balachandran, a physician, and New England Family Medical and Walk In Center, LLC. The dispositive issue on appeal is whether the plaintiff waived his right to claim confidentiality in a medical document improperly disclosed by the defendants to his employer in violation of the privacy regulations of the Health Insurance Portability and Accountability Act of 1996, Pub.L. No. 104–191, 110 Stat.1936 (privacy rule), when he had disclosed previously a different version of the document to his employer.1 We conclude that the plaintiff waived his right to claim confidentiality in the subject medical record and, therefore, affirm the judgment of the trial court.
The following undisputed facts, as found by the court, and procedural history are necessary to our resolution of this issue. “The plaintiff ․ was a correctional officer employed by the Connecticut Department of Correction. On April 24, 2008, he presented as a ‘walk-in’ patient to the defendants' medical clinic with complaints of ‘flu-like symptoms.’ After an examination by Dr. Kalipatti Balachandran, [the plaintiff] left the clinic. He left with a copy of his ‘superbill.’ A superbill is an itemized form listing various medical services with code numbers that physicians ordinarily submit to insurance companies or Medicare/Medicaid for reimbursement. The form lists dozens of conditions and procedures, and the doctor circles or checks the applicable items. The form completed at the doctor's office ․ had certain items circled or checked, but it did not contain any language excusing [the plaintiff] from work until any stated future date, and it was not signed.
“The plaintiff took time off from work on April 24, 25, 26, and 27, 2008, as sick time. On April 28, 2008, he filed a form with his employer requesting that his absence from work on those dates be reclassified as holiday time, as he had previously exhausted his available sick time. He also supplied his employer with a copy of the superbill from Dr. Balachandran's office. The copy he submitted, however, was different from the original at the doctor's office. The copy submitted by [the plaintiff] had additional items circled or changed, and it had handwriting on it purportedly verifying his absence from work due to illness with a return to work date of April 28. It contained an illegible signature, and the return to work date was ‘4–28.’ That date appeared to have been written over or manipulated. It looked like it had been changed from 4–24 to 4–28.
“Suspecting that the note was fraudulent due to the date manipulation, the plaintiff's employer referred the matter to the plaintiff's prison shift manager, Captain Christopher Corey, for investigation. Captain Corey called the doctor's office on May 5, 2008, particularly to determine whether the return to work date had been altered. He talked with the doctor's office assistant, Angel Caouette. He faxed to her a copy of the note supplied by the plaintiff. He asked if the return to work date was 4–24 or 4–28. She sounded perplexed, and said her office did not issue notes like that. She said she would investigate it. Captain Corey called back on May 9, 2008, and spoke with Dr. Balachandran. At that time, Dr. Balachandran told him that he did not issue the plaintiff a doctor's note, and that the handwriting on the superbill filed with the prison was not his handwriting. He also implied that certain medical information on the form had been changed. The matter was referred to the Department of Correction Security Division. That unit conducts additional investigations in such matters. Dr. Balachandran's office was later asked to send a copy of the original superbill to the plaintiff's employer for comparison. Dr. Balachandran sent a copy of the original superbill to the plaintiff's supervisor, Deputy Warden Donald Cyr, on May 21, 2008, with a cover letter. In the letter, Dr. Balachandran wrote that on comparing the document submitted by plaintiff to the Department of Correction with the original on file at his office, ‘we determined that the document had been altered after it left our office. Furthermore, there was no out of work note issued from our office regarding [the plaintiff].’
“The plaintiff told the Department of Correction that he did not falsify the document. He was reported to have said that a secretary or nurse at the doctor's office, whose name he could not remember, wrote on the document, but that she denied it.
“The plaintiff was dismissed from state service on August 4, 2008, for violations of the Department of Correction's employee conduct rules, administrative directive 2.17. His dismissal letter stated, ‘Specifically, on April 28, 2008, you submitted a request for conversion of leave form to cover your insufficient balance of sick time. The medical documentation you provided with your request form was altered and falsified. In addition, you were less than truthful during the investigation.’ “
The plaintiff subsequently filed a complaint against the defendants. The operative complaint contained a claim of negligence against each defendant for the improper disclosure of his health information. He alleged that as a direct result of the defendants' disclosure, he was terminated by his employer. The plaintiff filed a motion for summary judgment as to liability only, arguing that there were no genuine issues of material fact and that he was entitled to judgment as a matter of law. The defendants filed a cross motion for summary judgment.2 On March 28, 2012, the court denied the plaintiff's motion for summary judgment and granted the defendants' cross motion for summary judgment.
The court found, as evidenced by the privacy rule, that the defendants had a duty to use reasonable care in maintaining the confidentiality of the plaintiff's medical records and that they breached this duty when they disclosed and discussed the plaintiff's protected health information without his release or consent.3 Nevertheless, the court concluded that the plaintiff had waived his right to claim confidentiality in the superbill, in any form, because he had voluntarily disclosed it to his employer when he used it to support his absence from work. The court reasoned: “Because the plaintiff failed to claim his privilege or right at the time of disclosure, and because the plaintiff voluntarily disclosed the information to his adversaries, the plaintiff cannot now attempt to use the court to protect material that he failed to safeguard on his own․ He voluntarily disclosed the superbill to the Department of Correction on April 28, 2008. He cannot complain of the defendants' disclosure of the superbill to the Department of Correction on and after May 5, 2008.” (Citation omitted.) Accordingly, the court denied the plaintiff's motion for partial summary judgment and granted the defendants' cross motion for summary judgment. This appeal followed.
On appeal, the plaintiff claims that the court improperly concluded that he had waived any right to claim confidentiality in the superbill for two reasons. First, he argues that the court erred because the applicable exception to the preemption provision of the privacy rule does not apply and thus waiver cannot be pleaded in this case. The plaintiff maintains that because the requirements for a health care provider's disclosure of protected medical information, namely, a written authorization, and the exceptions for when authorization is not required under the privacy rule are more stringent than those allowed for the common-law defense of waiver, the privacy rule preempts the less stringent waiver doctrine. Second, the plaintiff argues that the court improperly found waiver because the superbill provided by him to his employer was different from the one provided by the defendants and because the defendants provided additional information beyond the superbill. He asserts that his employer was able to gain additional information about his protected health information as a result of the defendants' actions. We conclude that the privacy rule does not preempt the common-law defense of waiver, and also conclude that the court properly found waiver in this case.
“The standard of review of motions for summary judgment is well settled. Practice Book § 17–49 provides that summary judgment shall be rendered forthwith if the pleadings, affidavits and any other proof submitted show that there is no genuine issue as to any material fact and that the moving party is entitled to judgment as a matter of law. In deciding a motion for summary judgment, the trial court must view the evidence in the light most favorable to the nonmoving party․ The party moving for summary judgment has the burden of showing the absence of any genuine issue of material fact and that the party is, therefore, entitled to judgment as a matter of law․ On appeal, we must determine whether the legal conclusions reached by the trial court are legally and logically correct and whether they find support in the facts set out in the memorandum of decision of the trial court․ Our review of the trial court's decision to grant the defendant's motion for summary judgment is plenary.” (Internal quotation marks omitted.) Weiss v. Weiss, 297 Conn. 446, 458, 998 A.2d 766 (2010).
The plaintiff first argues that the privacy rule preempts the equitable defense of waiver in this common-law negligence action. We disagree.
“[T]he issue in this case ․ raises a question of statutory construction, which is a [question] of law, over which we exercise plenary review․ The process of statutory interpretation involves the determination of the meaning of the statutory language as applied to the facts of the case, including the question of whether the language does so apply․ When construing a statute, [o]ur fundamental objective is to ascertain and give effect to the apparent intent of the legislature․ In other words, we seek to determine, in a reasoned manner, the meaning of the statutory language as applied to the facts of [the] case, including the question of whether the language actually does apply․ In seeking to determine that meaning ․ [we] first ․ consider the text of the statute itself and its relationship to other statutes. If, after examining such text and considering such relationship, the meaning of such text is plain and unambiguous and does not yield absurd or unworkable results, extratextual evidence of the meaning of the statute shall not be considered.” (Internal quotation marks omitted.) Sams v. Dept. of Environmental Protection, 308 Conn. 359, 377–78, 63 A.3d 953 (2013). “Administrative regulations have the full force and effect of statutory law and are interpreted using the same process as statutory construction․” (Internal quotation marks omitted.) Alexandre v. Commissioner of Revenue Services, 300 Conn. 566, 578, 22 A.3d 518 (2011).
The United States Department of Health and Human Services (health and human services) implemented regulations consistent with the statutory provision of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 U.S.C. § 1320d–7,4 that addressed the preemption of state law. Title 45 of the Code of Federal Regulations, § 160.203, provides in relevant part: “A standard, requirement, or implementation specification adopted under this subchapter that is contrary to a provision of State law preempts the provision of State law. This general rule applies, except if one or more of the following conditions is met ․ (b) The provision of State law relates to the privacy of individually identifiable health information and is more stringent than a standard, requirement, or implementation specification adopted under subpart E of part 164 of this subchapter․” Title 45 of the Code of Federal Regulations, § 160.202, defines state law as “a constitution, statute, regulation, rule, common law, or other State action having the force and effect of law.”
In order to determine if the privacy rule preempts a state law, we must first determine if the privacy rule is “contrary to a provision of State law․” 45 C.F.R. § 160.203. If we answer that question in the affirmative, our next inquiry is whether an exception applies such that the state law will not be preempted. 45 C.F.R. § 160.203. In arguing that the applicable exception in this case does not apply because the privacy rule is more stringent than the waiver doctrine, the plaintiff implicitly concludes that the first step in the analysis of whether the privacy rule preempts the waiver doctrine has been satisfied. This conclusion, however, is not correct.
Pursuant to 45 C.F.R. § 160.202, “[c]ontrary, when used to compare a provision of State law to a standard, requirement, or implementation specification adopted under this subsection, means: (1) A covered entity would find it impossible to comply with both the State and federal requirements; or (2) The provision of State law stands as an obstacle to the accomplishment and execution of the full purposes and objectives of [the administrative simplification section of HIPAA].”5 (Emphasis omitted.) Thus, under the first definition of “contrary,” a court would only begin the preemption analysis if a covered entity is required to act pursuant both to the state and federal laws. In the present case, however, the common-law defense of waiver concerns the actions of the plaintiff, not the defendants. Although the plaintiff appears to construe the court's finding that the plaintiff's voluntary disclosure of his superbill to his employer constituted, in effect, an implied authorization that allowed the defendants to disclose more information about the superbill, a close reading of its holding reveals that the court, in fact, found that the voluntary disclosure precluded the plaintiff from claiming a right of confidentiality in the superbill. Nothing in the court's analysis regarding waiver implicates any actions by the defendants. In its consideration of the defendants' waiver defense, the court was not required to, nor did it, address whether the plaintiff's actions created a situation such that the defendants' communications constituted a permissible disclosure of protected health information,6 whether the disclosure required authorization,7 or whether the plaintiff's actions excused the defendants' breach of their duty to maintain the confidentiality of the plaintiff's superbill. The waiver analysis does not address the defendants' actions at all, solely concentrating on the effect of the plaintiff's actions in his dissemination of the superbill. Because the two laws do not require the defendants to act, the first definition of contrary is not satisfied and the waiver doctrine is not preempted under that definition.
The second definition of “contrary” provides that the privacy rule preempts a state law if “[t]he provision of State law stands as an obstacle to the accomplishment and execution of the full purposes and objectives” of the administrative simplification section of HIPAA. As we previously noted, the waiver doctrine applies to the actions of the plaintiff. The federal regulations, however, govern the actions of the covered entities, not those of patients. Because the privacy rule regulates only the actions of the defendants with respect to their use and disclosure of protected health information, and the waiver doctrine applies only to the actions of the plaintiff, the doctrine of waiver does not impact the responsibilities or obligations of covered entities such as the defendants pursuant to the federal law. Indeed, the court found that the defendants had a duty to use reasonable care in maintaining the confidentiality of the plaintiff's medical records and that they breached this duty when they disclosed and discussed the plaintiff's superbill without his release or consent.
Moreover, the waiver of the right to bring a common-law negligence action in a state court due to one's voluntary actions does not affect the ability of a person whose protected health information has been disclosed improperly to exercise his rights pursuant to the administrative simplification section of HIPAA. A patient's sole remedy for a violation of the privacy rule is to file a complaint with health and human services.8 45 C.F.R. § 160.306; see also Acara v. Banks, 470 F.3d 569, 572 (5th Cir.2006) (“there is no private cause of action under HIPAA”). Indeed, in the present case, the court noted that administrative proceedings took place after the plaintiff filed a complaint with health and human services. Because the plaintiff is able fully to exercise his rights pursuant to the administrative simplification section of HIPAA, and did so in this case, we cannot conclude that the waiver doctrine is an obstacle to the accomplishment and execution of the full purposes and objectives of the HIPAA. Accordingly, we conclude that because neither definition of contrary applies to the waiver doctrine, the privacy rule does not preempt the common-law defense of waiver, and the court properly considered it in this case.
We next address the plaintiff's argument that the court improperly found that he had waived his right to confidentiality in the superbill. We disagree.
Our inquiry of whether the plaintiff waived his right to confidentiality in his superbill is a question of law over which we exercise plenary review. See State v. Kemah, 289 Conn. 411, 421, 957 A.2d 852 (2008); see also C.R. Klewin Northeast, LLC v. Bridgeport, 282 Conn. 54, 86–87, 919 A.2d 1002 (2007) (“Ordinarily, [w]aiver is a question of fact subject to the clearly erroneous standard of review․ [P]lenary review is appropriate in the present case because when a trial court makes a decision based on pleadings and other documents, rather than on the live testimony of witnesses, we review its conclusions as questions of law.” [Citation omitted; internal quotation marks omitted.] ).
“Waiver is the intentional relinquishment or abandonment of a known right or privilege․ As a general rule, both statutory and constitutional rights and privileges may be waived․ Waiver is based upon a species of the principle of estoppel and where applicable it will be enforced as the estoppel would be enforced․ Estoppel has its roots in equity and stems from the voluntary conduct of a party whereby he is absolutely precluded, both at law and in equity, from asserting rights which might perhaps have otherwise existed․ Waiver does not have to be express, but may consist of acts or conduct from which waiver may be implied․ In other words, waiver may be inferred from the circumstances if it is reasonable to do so.” (Internal quotation marks omitted.) Bank of New York v. Bell, 120 Conn.App. 837, 853–54, 993 A.2d 1022, appeal dismissed, 298 Conn. 917, 4 A.3d 1225 (2010).
Although we have not considered the applicability of waiver in a common-law negligence action where the breach of the standard of care was based on the privacy rule, we have addressed waiver in the contexts of the psychiatrist-patient and attorney-client privileges, both of which include protections for written documentation. In the context of the psychiatrist-patient privilege, our Supreme Court has held that “a patient may claim the privilege of confidentiality between himself and his physician only if he had a justified expectation that his communications would not be publicly disclosed․” State v. White, 169 Conn. 223, 234, 363 A.2d 143, cert. denied, 423 U.S. 1025, 96 S.Ct. 469, 46 L.Ed.2d 399 (1975). Waiver as to one aspect of privileged communications, however, does not constitute waiver as to the entire psychiatrist-patient relationship. See State v. Pierson, 201 Conn. 211, 223, 514 A.2d 724 (1986) (testimony by victim, victim's mother and psychiatrist about sexual assault did not establish waiver with respect to “wholly separate communications related to treatment of the [victim] or his mother”), on appeal after remand, 208 Conn. 683, 546 A.2d 268 (1988), cert. denied, 489 U.S. 1016, 109 S.Ct. 1131, 103 L.Ed.2d 193 (1989).
With respect to the attorney-client privilege, we have stated that “[t]he conduct of the parties may be used to establish waiver․ It is well established that ․ the voluntary disclosure of confidential or privileged material to a third party, such as an adversary, generally constitutes a waiver of privileges with respect to that material.” (Internal quotation marks omitted.) Bank of New York v. Bell, supra, 120 Conn.App. at 854. Moreover, a party “cannot be permitted to pick and choose among [its] opponents, waiving the privilege for some and resurrecting the claim of confidentiality to obstruct others, or to invoke the privilege as to communications whose confidentiality he has already compromised for his own benefit.” (Internal quotation marks omitted.) Id., at 855. Accordingly, a person may not claim an attorney-client privilege in medical records obtained at the request of his attorney if he subsequently discloses those records to another who then discloses the records to a third party. See State v. Egan, 37 Conn.App. 213, 216–17, 655 A.2d 802 (defendant failed to maintain justified expectation of confidentiality when he released social worker's report to victim's mother with no restrictions on its use), cert. denied, 234 Conn. 905, 659 A.2d 1206 (1995).
The principles of waiver in the psychiatrist-patient and attorney-client privileges contexts are equally applicable to waiver in this case as well. The evidence submitted supports the undisputed facts that the plaintiff gave a copy of his superbill to his employer, that his employer sought to verify the information on the superbill by contacting the defendants and that Dr. Balachandran provided information that was limited to authenticating the veracity of the superbill, namely, whether he had signed the superbill and issued an out of work note. Once the plaintiff submitted a copy of his superbill to his employer, he relinquished the justified expectation that the document would not be publicly disclosed. Indeed, the plaintiff could no longer have such an expectation as he was the person who first submitted the document to his employer. Although the plaintiff argues that the different superbill, additional conversations and letter from the defendants constitute information that went beyond any waiver that the plaintiff arguably made, the substance of all of the interactions between the plaintiff's employer and the defendants was aimed at resolving the legitimacy of the superbill submitted by the plaintiff. None of the communications between the plaintiff's employer and the defendants was unrelated to the purpose of verifying the superbill. Because the plaintiff voluntarily disclosed the document to his employer without restrictions, he should not be able to invoke a privilege for a confidentiality that he compromised for his own benefit. See id. Accordingly, we conclude that the plaintiff waived his right to confidentiality in the superbill, and thus the court properly rendered judgment in favor of the defendants.
The judgment is affirmed.
In this opinion the other judges concurred.
1. The plaintiff also claims that the court improperly granted the defendants' cross motion for summary judgment because it improperly concluded that the plaintiff had failed to establish legal causation. Because we determine that the plaintiff waived his right to confidentiality, we need not address this claim.
2. The plaintiff filed his motion for summary judgment with respect to his then operative amended complaint, which contained ten counts. He subsequently amended his complaint such that when the defendants filed their cross motion for summary judgment, the operative complaint was the third amended complaint. The counts upon which the parties moved for summary judgment did not change between the amended complaint and the third amended complaint.
3. On appeal, the parties do not dispute that the defendants are covered entities and that the superbill constituted protected health information as defined by the Health Insurance Portability and Accountability Act.
4. Title 42 of the United States Code, § 1320d–7, provides in relevant part:“(1) General rule. Except as provided in paragraph (2), a provision or requirement under this part, or a standard or implementation specification adopted or established under sections 1320d–1 through 1320d–3 of this title, shall supersede any contrary provision of State law, including a provision of State law that requires medical or health plan records (including billing information) to be maintained or transmitted in written rather than electronic form.“(2) Exceptions. A provision or requirement under this part, or a standard or implementation specification adopted or established under sections 1320d–1 through 1320d–3 of this title, shall not supersede a contrary provision of State law, if the provision of State law—“(A) is a provision the Secretary determines—(i) is necessary—(I) to prevent fraud and abuse; (II) to ensure appropriate State regulation of insurance and health plans; (III) for State reporting on health care delivery or costs; or (IV) for other purposes; or (ii) addresses controlled substances; or“(B) subject to section 264(c)(2) of the Health Insurance Portability and Accountability Act of 1996, relates to the privacy of individually identifiable health information.”
5. The administrative simplification section of HIPAA provides the statutory basis for the regulations regarding the privacy rule, the enforcement rule, which addresses the manner in which a violation of the law is handled, and the preemption of state law.
6. A covered entity is permitted to disclose protected health information: (1) to the patient, (2) for treatment, payment or health care operations, (3) incident to use or disclose otherwise permitted or required, (4) pursuant to a written authorization, (5) pursuant to an oral agreement obtained pursuant to 45 C.F.R. § 164.510, and (6) when authorization is not required pursuant to 45 C .F.R. § 164.512, as a part of a de-identified data set, for fundraising, and for underwriting and related purposes. 45 C.F.R. § 164.502.
7. The circumstances under which a written authorization pursuant to 45 C.F.R. § 164.508 is not required include disclosures: (1) required by law, (2) for public health activities, (3) about victims of abuse, neglect or domestic violence, (4) for health oversight activities, (5) for judicial and administrative proceedings, (6) for law enforcement purposes, (7) about decedents, (8) for cadaveric organ, eye or tissue donation purposes, (9) for research purposes, (10) to avert a serious threat to health or safety, (11) for specialized government functions, and (12) for workers' compensation. 45 C.F.R. § 164.512.
8. The Health Information Technology for Economic and Clinical Health Act, enacted in 2009, allowed state attorneys general, in addition to health and human services, to bring civil actions on behalf of residents who believed that a violation of the regulations had occurred. Pub.L. No. 111–5, 123 Stat. 226 (2009).
Response sent, thank you
Docket No: No. 34650.
Decided: September 24, 2013
Court: Appellate Court of Connecticut.
Search our directory by legal issue
Enter information in one or both fields (Required)
FindLaw for Legal Professionals
Search our directory by legal issue
Enter information in one or both fields (Required)