Zupkus & Angell, P.C.
Denver, Colorado
In personal injury cases, plaintiffs attempt to recover damages for injuries allegedly caused by another party. In adjudicating such claims, courts necessarily must consider the medical records and information of the plaintiff. Recently, we’ve seen a flurry of requests for protective orders to protect the confidential information of plaintiffs contained within their medical records. This initially may seem like a perfectly reasonable request — until we delve more deeply into why such protective orders are not only unnecessary but also make it difficult if not impossible for insurance carriers to fulfill their own legal obligations and conduct the ordinary business operations of an indemnity company.
What follows is a short summary of some of the key issues and concerns concerning these types of protective orders.
Protective Orders
First, it is important to establish why plaintiffs might seek a protective order. A protective order may be entered “to protect a party or person from annoyance, embarrassment, oppression, or undue burden or expense.” The party requesting a protective order must show “good cause” that such an order should be entered. A court deciding on the issue of good cause must balance the competing interests that would be served by granting or denying the order.
Specifically, where confidentiality is implicated – as is the case with medical and financial records, the court must consider:
whether the party seeking to prevent disclosure has a legitimate expectation that the information will not be disclosed, whether the state interest in facilitating the truth-seeking process through litigation is sufficiently compelling to overcome the asserted privacy interests, and whether disclosure can occur in a less intrusive manner.
Williams v. Dist. Court, Second Judicial Dist., City & Cty. of Denver, 866 P.2d 908, 912 (Colo. 1993). Now let’s examine some of the key issues that both insurance carriers and business owners should consider when protective orders are on the table.
Existing Insurance Regulations
One of the most convincing arguments against protective orders in these situations is that existing law already protects plaintiffs’ confidential information contained in medical records from disclosure to the public. Indeed, plaintiffs generally may find it difficult to convince a court that a carrier would not comply with confidentiality protections already required by law or identify specific harm they would suffer if the carrier continues to comply with the law.
It’s no secret that insurance is a highly regulated industry. Colorado insurance regulations already prohibit insurers from disclosing nonpublic personal health information about a claimant without his or her authorization, unless a specific exemption applies. Exemptions that may come into play here and which are expressly contemplated by Colorado insurance regulations include many purposes critical to ensuring a fair market for consumers:
- Fraud
- Underwriting
- Rate making
- Quality assurance
- Grievance procedures
- Policyholder service functions
- Database security
- Administration of consumer disputes and inquiries
- Replacement of a group benefit plan or worker’s compensation policy or program
In these instances, the carrier does not need specific permission to disclose nonpublic personal health information. In fact, carriers have many regulatory obligations and business functions that require the limited use and dissemination of medical information — including their duty to prepare, implement, and maintain anti-fraud information to “[r]eport suspected or actual insurance fraud.” Accordingly, the granting of protective orders in such situations could actually prevent insurance carriers from carrying out their existing obligations under federal and state law without exposing them to sanctions and even contempt proceedings in personal injury or bad faith litigation.
These regulations originate from the Gramm-Leach-Billey Act, which requires state regulatory authorities to establish appropriate standards to ensure the protection of consumers’ confidential information and to prevent any unauthorized use that could harm consumers. The Act, along with related Colorado state laws and regulations, govern a carrier’s handling of medical information irrespective of whether a claim is in litigation.
As modern technology has enabled claim-handling computer systems specifically designed to ensure compliance with all federal and state regulations as well as carriers’ own internal confidentiality requirements, carriers have developed secure systems that reliably protect customer information while also streamlining the resolution of claims – a tangible benefit to consumers. If unique protective orders are imposed against only some of a carrier’s files, the type of uniform electronic claim-handling system that benefits consumers and allows a carrier to function effectively, efficiently, and remain in compliance with the Unfair Claim Settlement Practices Act becomes unsustainable.
First Amendment Issues
Because “[a]n individual’s right to speak is implicated when information he or she possesses is subjected to restraints on the way in which information might be used or disseminated,” protective orders are subject to strict scrutiny under First Amendment jurisprudence. This means they must be “necessary or essential” to “an important or substantial government interest.”
The fact is that protective orders are not necessary to protect a plaintiff’s privacy interest in his/her medical information, because the government has already created a very robust regulatory scheme to protect such confidential matters. With such a system in place, a trial court’s protective order can only create the potential for a carrier to be stuck between multiple competing and conflicting legal duties, while adding no benefit to consumers.
Agency Autonomy
The legislature’s collection of regulatory statutes brings us to another point, which is that Colorado courts “must accord substantial deference to an agency when it resolves issues within its particular area of authority and expertise.”
Protective orders here would upset the deliberate balance struck by current legislation, and do so without public input or consideration by the legislature, as well as interfere with the Division of Insurance’s mandate to regulate insurance matters in Colorado. This potential is particularly concerning because protective orders drafted by persons not experienced in the intricacies of insurance regulation and privacy law (including judges) could easily impose new and onerous obligations that contradict the requirements imposed on carriers by the Division of Insurance, Colorado legislature, and Gramm-Leach-Billey Act.
Because protective orders could wreak havoc with many different business practices as well as the ability to maintain compliance with regulatory obligations, it is imperative that insurance carriers and business owners are aware of the kinds of issues that will arise where confidential medical information is involved. Having a plan in place to fight the entry of such orders is crucial to the uninterrupted operation of your business and avoiding unseen regulatory pitfalls.
If you have questions about the impact of medical record protective orders or about the best practices for avoiding the trap of conflicting legal duties arising out of personal injury or bad faith litigation, please contact Steve Phillips at 720-208-2738.