Medical records have an unusual legal status. They are medical care practitioners’ primary business records, but they are also confidential records of information whose dissemination is at least partially controlled by the patient. This is further complicated by the ambiguous nature of rules governing physician–patient communications. Unlike the lawyer–client privilege, which is a traditional common law privilege, there is no common law physician–patient privilege. Although medical ethics has always demanded that the physician respect the patient’s confidences, violations were punished, if at all, as general invasion of privacy cases. In the last 30 years, most state legislatures have enacted medical privacy laws. These laws are similar in that they limit the dissemination of medical information without the patient’s consent, and they provide certain exceptions for this protection, such as allowing the discovery of medical information when the patient has made a legal claimed based on that information or when the patient poses a threat to the public health. The federal government does not provide a general protection for medical privacy outside of federal institutions, but there is a federal law that protects records dealing with treatment for alcoholism and substance abuse. [42 U.S.C.A. § 290dd-2.] As part of the Conditions of Participation for Medicare/Medicaid and Joint Commission requirements, providers must protect patient confidentiality.

These state and federal privacy laws modify the usual presumption that medical records, as a business record, are subject to discovery in civil and criminal matters against the medical care practitioner. When a medical record is at issue in state litigation against a medical care practitioner, other than cases brought by the patient, medical records will be protected from discovery unless the plaintiff can show a compelling reason why the records are necessary to prove its case. Even then, the court will supervise the discovery and generally require that all patient- identifying information be removed. If the case is brought in federal court, under federal law, such as an antitrust or false claims case, then the state law protections do not apply. Although federal judges do try to protect patients’ confidential information when possible, there are many situations, such as a Medicare fraud prosecution, where the records, patient identifiers and all, will be discoverable.