Medical providers operating in Minnesota must be aware of the Minnesota Health Records Act’s (“MHRA”) requirements to avoid liability exposure. Enterprising plaintiff’s attorneys are bringing these claims at an increasing pace, no matter how harmless the provider’s error might be.
The MHRA allows patients to bring claims and seek damages for an alleged “misuse” of their medical records. The MHRA provides that a provider, or a person who receives health records from a provider, may not release a patient’s health records without: (1) a signed and dated consent from the patient or the patient’s legally authorized representative authorizing the release; (2) a specific authorization in law; or (3) a representation from a provider that holds a signed and dated consent from the patient authorizing the release.
The MHRA further provides that person who does any of the following is liable to the patient for compensatory damages caused by an unauthorized release or an intentional, unauthorized access, plus costs and reasonable attorney fees: (1) negligently or intentionally requests or releases a health record without obtaining consent as described above; (2) forges a signature on a consent form or materially alters the consent form of another person without the person’s consent; (3) obtains a consent form or the health records of another person under false pretenses; or (4) intentionally accesses a record locator or patient information service without authorization.
Having defended several of these claims, the best way to avoid an MHRA claim is to have measures in place to ensure compliance.