Click for home page
Office of the ATTORNEY GENERAL
GREG ABBOTT
image
 

December 4, 2003

Mr. Jeffrey S. Young
Associate General Counsel
Texas Tech University System
3601 4th Street STOP 6246, Ste. 2B141
Lubbock, Texas 79430-6246

OR2003-8691

Dear Mr. Young:

You ask whether certain information is subject to required public disclosure under chapter 552 of the Government Code. Your request was assigned ID# 192098.

The Texas Tech University Health Science Center (the "center") received a request for the entire file of a named physician, "including but not limited to the basis of the [Clinical Competency] Committee's negative evaluation, written plan for correction, counseling, written communication to the resident, and acknowledgement [sic] by the resident." You claim that the requested information is excepted from disclosure under sections 552.026, 552.101, 552.107, 552.111, 552.114, and 552.117 of the Government Code. We have considered the exceptions you claim and reviewed the submitted information.

Initially, we note that some of the documents you have submitted to this office were created after the date the center received the present request. Information created after the date the center received the present request is not responsive to the request and need not be released. See Economic Opportunities Dev. Corp. v. Bustamante, 562 S.W.2d 266 (Tex. Civ. App.-San Antonio 1978, writ dism'd) (Public Information Act does not require governmental body to disclose information that did not exist at time request was received); Open Records Decision No. 452 at 3 (1986). With respect to the remainder of the submitted information, we address your claimed exceptions to disclosure.

Section 552.101 of the Government Code excepts from required public disclosure "information considered to be confidential by law, either constitutional, statutory, or by judicial decision." This exception encompasses information that other statutes make confidential. You claim that some of the submitted information is not subject to release under the regulations promulgated pursuant to the federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and that this information is therefore excepted from disclosure under section 552.101 of the Government Code in conjunction with these regulations. At the direction of Congress, the Secretary of Health and Human Services ("HHS") promulgated regulations setting privacy standards for medical records, which HHS issued as the Federal Standards for Privacy of Individually Identifiable Health Information. See Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. § 1320d-2 (Supp. IV 1998) (historical & statutory note); Standards for Privacy of Individually Identifiable Health Information, 45 C.F.R. Pts. 160, 164; see also Attorney General Opinion JC-0508 at 2 (2002). These standards govern the releasability of protected health information by a covered entity. See 45 C.F.R. Pts. 160, 164.

Under the federal standards, a covered entity may not use or disclose protected health information, except as provided by parts 160 and 164 of the Code of Federal Regulations. See id. § 164.502(a). Section 160.103 of title 45 of the Code of Federal Regulations defines a covered entity as a health plan, a health clearinghouse, or a health care provider that transmits any health information in electronic form in connection with a transaction covered by subchapter C, subtitle A of title 45. See id. § 160.103. You inform this office that the center is a covered entity under section 160.103, by virtue of being a health care provider that "electronically bills or transmits health information in an electronic form to third parties." Therefore, we will next determine whether any portion of the submitted information is protected health information under the federal law.

Section 160.103 of title 45 of the Code of Federal Regulations defines the following relevant terms as follows:

Health information means any information, whether oral or recorded in any form or medium, that:

(1) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health clearinghouse; and

(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

45 C.F.R. § 160.103.

Individually identifiable health information is information that is a subset of health information, including demographic information collected from an individual, and:

(1) Is created or received by a health care provider, health plan, employer, or health care clearinghouse; and

(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and

(i) That identifies the individual; or

(ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual.

Id.

Protected health information means individually identifiable health information:

(1) Except as provided in paragraph (2) of this definition, that is:

(i) Transmitted by electronic media;

(ii) Maintained in electronic media;

(iii) Transmitted or maintained in any other form or medium.

Id. You assert that the submitted information contains protected health information. Upon review of the information in question, we agree that it contains protected health information under HIPAA. With regard to this information, however, we note that a covered entity may use protected health information to create information that is not individually identifiable health information, i.e., information that has been de-identified. See id. § 164.502(d)(1). The privacy standards that govern the uses and disclosures of protected health information under HIPAA do not apply to information that has been de-identified in accordance with sections 164.514(a) and (b) of the Code of Federal Regulations. See id. § 164.502(d)(2).

Under HIPAA, a covered entity may determine that health information is not individually identifiable only under certain circumstances. One method requires a person with specialized knowledge of generally accepted statistical and scientific principles and methods for rendering information de-identifiable to apply and document such methods and principles to determine that release of protected health information would result in a very small risk of individual identification. See id. § 164.514(b)(1). The other method requires the covered entity to meet the following two criteria: (1) remove specific identifiers, including but not limited to names, dates directly related to an individual, telecommunication numbers, vehicle identifiers, and any other unique identifying number, characteristic, or code, and (2) have no actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information. See id. § 164.514(b)(2)(i), (ii). We have marked the specific identifiers in the submitted protected health information. See id. § 164.514(b)(2)(i)(A)-(R). To the extent that the center has no actual knowledge that the de-identified information could be used alone or in combination with other information to identify the subject of the health information, the center must withhold the information that we have marked under section 552.101 of the Government Code in conjunction with HIPAA. However, if the center has actual knowledge that the de-identified information could be used alone or in combination with other information to identify the subject of the health information, then the center must withhold the marked documents in their entirety under section 552.101 of the Government Code in conjunction with HIPAA.

You also contend that the remaining information in Exhibit E is confidential under section 552.101 in conjunction with Texas statutory law. Because HIPAA may not require the center to withhold all of the submitted information, we also must consider the applicability of the state statutory provisions that you have raised. We note that HIPAA generally preempts a contrary provision of state law. See 45 C.F.R. § 160.203. For purposes of HIPAA, "contrary" means the following:

(1) A covered entity would find it impossible to comply with both the State and federal requirements; or

(2) The provision of State law stands as an obstacle to the accomplishment and execution of the full purposes and objectives of part C of title XI of the Act or section 264 of Pub. L. 104-191, as applicable.

Id. § 160.202. You contend that the confidentiality provision found in section 160.007 of the Occupations Code and section 161.032 of the Health and Safety Code are applicable to the documents that we have de-identified under HIPAA as well as the remaining information in Exhibit E. We find that it is not impossible for the center to comply with both HIPAA and sections 160.007 and 161.032. We likewise find that neither section 160.007 nor section 161.032 stands as an obstacle to the accomplishment and execution of the full purposes and objectives of HIPAA. We will therefore consider the applicability of sections 160.007 and 161.032 to the remaining information at issue in Exhibit E.

You advise that the documents in Exhibit E were created by or at the direction of medical committees or medical peer review committees. Medical peer review is defined by the Medical Practice Act (the "MPA"), found at subtitle B of title 3 of the Occupations Code, to mean "the evaluation of medical and health care services, including evaluation of the qualifications of professional health care practitioners and of patient care rendered by those practitioners." Occ. Code § 151.002(a)(7). A medical peer review committee is "a committee of a health care entity . . . or the medical staff of a health care entity, that operates under written bylaws approved by the policy-making body or the governing board of the health care entity and is authorized to evaluate the quality of medical and health care services [.]" Id. § 151.002(a)(8). Section 160.007 of the MPA states that, "[e]xcept as otherwise provided by this subtitle, each proceeding or record of a medical peer review committee is confidential, and any communication made to a medical peer review committee is privileged." Occ. Code § 160.007.

Section 161.032 of the Health and Safety Code provides in part:

(a) The records and proceedings of a medical committee are confidential and are not subject to court subpoena.

....

(c) Records, information, or reports of a medical committee . . . and records, information, or reports provided by a medical committee . . . to the governing body of a public hospital . . . are not subject to disclosure under Chapter 552, Government Code.

(f) This section . . . do[es] not apply to records made or maintained in the regular course of business by a hospital . . . .

Section 161.031(a) defines a "medical committee" as "any committee . . . of (3) a university medical school or health science center . . . ." Section 161.031(b) provides that the "term includes a committee appointed ad hoc to conduct a specific investigation or established under state or federal law or rule or under the bylaws or rules of the organization or institution." Section 161.0315 provides in relevant part that "[t]he governing body of a hospital, medical organization [or] university medical school or health science center . . . may form . . . a medical committee, as defined by section 161.031, to evaluate medical and health care services . . . ." Health & Safety Code § 161.0315(a).

Having reviewed Exhibit E, and based on your representation that the documents in Exhibit E were created by or at the direction of medical committees or medical peer review committees, we agree that the submitted documents that reflect committee proceedings and deliberations relating to standards and quality of care are confidential under section 161.032 of the Health and Safety Code and must be withheld under section 552.101 of the Government Code. See Jordan v. Court of Appeals, 701 S.W.2d 644, 647-48 (Tex. 1985) (determining that statutory predecessor extended to documents prepared by or at direction of committee in order to conduct open and thorough review, and privilege extends to minutes of committee meetings, correspondence between members relating to deliberation process, and any final committee product); see also Open Records Decision No. 591 (1991) (concluding that purpose of predecessor statute was to encourage frank discussion by medical professionals). We also agree that portions of the remaining information at issue here are protected by medical peer review committee confidentiality pursuant to section 160.007 of the Occupations Code. See St. Luke's Episcopal Hosp. v. Agbor, 952 S.W.2d 503, 505 (Tex. 1997); Memorial Hosp.-the Woodlands v. McCown, 927 S.W.2d 1, 5 (Tex. 1996) (finding that review by medical staff committee of application for staff privileges qualifies as medical peer review because it necessarily involves review of physician's qualifications, competence, and ethics). Therefore, the remaining information in Exhibit E must be withheld under section 552.101 of the Government Code in conjunction with section 161.032 of the Health and Safety Code and section 160.007 of the Occupations Code.(1)

Next, you state that portions of the submitted information are excepted under sections 552.026 and 552.114 of the Government Code, and the Family Educational Rights and Privacy Act of 1974 ("FERPA"), which is also encompassed by section 552.101 of the Government Code. Open Records Decision No. 539 (1990). FERPA provides that no federal funds will be made available under any applicable program to an educational agency or institution that releases personally identifiable information (other than directory information) contained in a student's education records to anyone but certain enumerated federal, state, and local officials and institutions, unless otherwise authorized by the student's parent. See 20 U.S.C. § 1232g(b)(1). "Education records" means those records that contain information directly related to a student and are maintained by an educational agency or institution or by a person acting for such agency or institution. Id. § 1232g(a)(4)(A). Section 552.026 of the Government Code provides that "information contained in education records of an educational agency or institution" may only be released under the Public Information Act (the "Act") in accordance with FERPA.

Information must be withheld from required public disclosure under FERPA only to the extent "reasonable and necessary to avoid personally identifying a particular student." See Open Records Decision Nos. 332 (1982), 206 (1978). Such information includes information that directly identifies a student as well as information that, if released, would allow the student's identity to be easily traced. See Open Records Decision No. 224 (1979) (finding student's handwritten comments protected under FERPA because they make identity of student easily traceable through handwriting, style of expression, or particular incidents related). In Open Records Decision No. 634 (1995), this office concluded that (1) an educational agency or institution may withhold from public disclosure information that is protected by FERPA and excepted from required public disclosure by sections 552.026 and 552.101 without the necessity of requesting an attorney general decision as to those exceptions, and (2) an educational agency or institution that is state-funded may withhold from public disclosure information that is excepted from required public disclosure by section 552.114 as a "student record," insofar as the "student record" is protected by FERPA, without the necessity of requesting an attorney general decision as to that exception. However, because you have submitted the records to this office for a decision, we have reviewed them and marked the information that must be redacted pursuant to section 552.114 and FERPA.

Next, you state that other portions of the submitted information are excepted under section 552.107 of the Government Code. Section 552.107(1) protects information coming within the attorney-client privilege. When asserting the attorney-client privilege, a governmental body has the burden of providing the necessary facts to demonstrate the elements of the privilege in order to withhold the information at issue. Open Records Decision No. 676 at 6-7 (2002).

First, a governmental body must demonstrate that the information constitutes or documents a communication. Id. at 7. Second, the communication must have been made "for the purpose of facilitating the rendition of professional legal services" to the client governmental body. Tex. R. Evid. 503(b)(1). Third, the privilege applies only to communications between or among clients, client representatives, lawyers, and lawyer representatives. Tex. R. Evid. 503(b)(1)(A), (B), (C), (D), (E). Lastly, the attorney-client privilege applies only to a confidential communication, id. 503(b)(1), meaning it was "not intended to be disclosed to third persons other than those to whom disclosure is made in furtherance of the rendition of professional legal services to the client or those reasonably necessary for the transmission of the communication." Id. 503(a)(5).

Whether a communication meets this definition depends on the intent of the parties involved at the time the information was communicated. Osborne v. Johnson, 954 S.W.2d 180, 184 (Tex. App.-Waco 1997, no writ). Moreover, because the client may elect to waive the privilege at any time, a governmental body must explain that the confidentiality of a communication has been maintained. Section 552.107(1) generally excepts an entire communication that is demonstrated to be protected by the attorney-client privilege unless otherwise waived by the governmental body. See Huie v. DeShazo, 922 S.W.2d 920, 923 (Tex. 1996) (privilege extends to entire communication, including facts contained therein).

After reviewing your arguments and the documents you submitted to this office, we conclude that you have demonstrated the applicability of section 552.107(1) to a portion of the submitted documents. We have marked that information that the center may withhold under section 552.107.(2)

Next, we address your claim that portions of the submitted information are excepted under section 552.111 of the Government Code. Section 552.111 excepts from disclosure "an interagency or intraagency memorandum or letter that would not be available by law to a party in litigation with the agency." This section encompasses the attorney work product privilege found in rule 192.5 of the Texas Rules of Evidence. City of Garland v. Dallas Morning News, 22 S.W.3d 351, 360 (Tex. 2000); Open Records Decision No. 677 at 4-8 (2002). Rule 192.5 defines work product as

(1) material prepared or mental impressions developed in anticipation of litigation or for trial by or for a party or a party's representatives, including the party's attorneys, consultants, sureties, indemnitors, insurers, employees, or agents; or

(2) a communication made in anticipation of litigation or for trial between a party and the party's representatives or among a party's representatives, including the party's attorneys, consultants, sureties, indemnitors, insurers, employees or agents.

A governmental body seeking to withhold information under this exception bears the burden of demonstrating that the information was created or developed for trial or in anticipation of litigation by or for a party or a party's representative. Tex. R. Civ. P. 192.5; ORD 677 at 6-8. In order for this office to conclude that the information was made or developed in anticipation of litigation, we must be satisfied that

a) a reasonable person would have concluded from the totality of the circumstances surrounding the investigation that there was a substantial chance that litigation would ensue; and b) the party resisting discovery believed in good faith that there was a substantial chance that litigation would ensue and [created or obtained the information] for the purpose of preparing for such litigation.

Nat'l Tank Co. v. Brotherton, 851 S.W.2d 193, 207 (Tex. 1993). A "substantial chance" of litigation does not mean a statistical probability, but rather "that litigation is more than merely an abstract possibility or unwarranted fear." Id. at 204; ORD 677 at 7.

You state that Exhibit H contains information that was prepared in relation to the center's investigation in the matter involving the individual who is the subject of this request, and that these materials were prepared in preparation for litigation. Based on your arguments and our review of this information, we find that portions of Exhibit H may be withheld under the work product privilege of section 552.111 of the Government Code.

You also argue that certain information is excepted under section 552.117 of the Government Code. Section 552.117(a)(1) excepts from disclosure the home addresses and telephone numbers, social security numbers, and family member information of current or former officials or employees of a governmental body who timely request that this information be kept confidential under section 552.024 of the Government Code. However, such information may not be withheld under section 552.117(a)(1) if the employee did not timely request confidentiality for this information in accordance with section 552.024. Whether a particular piece of information is public must be determined at the time the request for it is made. See Open Records Decision No. 530 at 5 (1989). Accordingly, we conclude that to the extent that the individual at issue timely elected confidentiality under pursuant to section 552.024 prior to the date that the center received this request, the center must withhold the information we have marked pursuant to section 552.117(a)(1) of the Government Code. The center may not withhold this information if the employee did not timely request confidentiality.

We note that the submitted information contains other social security numbers. If these social security numbers do not belong to current or former officials or employees of the center, then section 552.117 does not apply. In such a case, these social security number may still be excepted from disclosure. Section 552.101 also encompasses amendments to the Social Security Act, 42 U.S.C. § 405(c)(2)(C)(viii)(I), that make confidential social security numbers and related records that are obtained and maintained by a state agency or political subdivision of the state pursuant to any provision of law enacted on or after October 1, 1990. See Open Records Decision No. 622 (1994). We have no basis for concluding that the social security numbers at issue are confidential under section 405(c)(2)(C)(viii)(I) and therefore excepted from public disclosure under section 552.101 on the basis of that federal provision. We caution, however, that section 552.352 of the Government Code imposes criminal penalties for the release of confidential information. Prior to releasing any social security number, you should ensure that such number is not obtained or maintained by the center pursuant to any provision of law, enacted on or after October 1, 1990.

In summary, we conclude: (1) to the extent that the center has no actual knowledge that the de-identified information could be used alone or in combination with other information to identify the subject of the health information, the center must withhold the information that we have marked under section 552.101 of the Government Code in conjunction with HIPAA; however, if the center has actual knowledge that the de-identified information could be used alone or in combination with other information to identify the subject of the health information, then the center must withhold the marked documents in their entirety under section 552.101 of the Government Code in conjunction with HIPAA; (2) the information in Exhibit E must be withheld under section 552.101 of the Government Code in conjunction with section 161.032 of the Health and Safety Code and section 160.007 of the Occupations Code, except to the extent the information is made confidential under HIPAA; (3) we have marked the information that must be withheld under section 552.114 and FERPA; (4) we have marked that information that the center may withhold under section 552.107; (5) we have marked the information the center may withhold under section 552.111; (6) we have marked the information that must be withheld if section 552.117(a)(1) applies; and (7) social security numbers may be confidential under federal law. The remaining information must be released.

This letter ruling is limited to the particular records at issue in this request and limited to the facts as presented to us; therefore, this ruling must not be relied upon as a previous determination regarding any other records or any other circumstances.

This ruling triggers important deadlines regarding the rights and responsibilities of the governmental body and of the requestor. For example, governmental bodies are prohibited from asking the attorney general to reconsider this ruling. Gov't Code § 552.301(f). If the governmental body wants to challenge this ruling, the governmental body must appeal by filing suit in Travis County within 30 calendar days. Id. § 552.324(b). In order to get the full benefit of such an appeal, the governmental body must file suit within 10 calendar days. Id. § 552.353(b)(3), (c). If the governmental body does not appeal this ruling and the governmental body does not comply with it, then both the requestor and the attorney general have the right to file suit against the governmental body to enforce this ruling. Id. § 552.321(a).

If this ruling requires the governmental body to release all or part of the requested information, the governmental body is responsible for taking the next step. Based on the statute, the attorney general expects that, within 10 calendar days of this ruling, the governmental body will do one of the following three things: 1) release the public records; 2) notify the requestor of the exact day, time, and place that copies of the records will be provided or that the records can be inspected; or 3) notify the requestor of the governmental body's intent to challenge this letter ruling in court. If the governmental body fails to do one of these three things within 10 calendar days of this ruling, then the requestor should report that failure to the attorney general's Open Government Hotline, toll free, at (877) 673-6839. The requestor may also file a complaint with the district or county attorney. Id. § 552.3215(e).

If this ruling requires or permits the governmental body to withhold all or some of the requested information, the requestor can appeal that decision by suing the governmental body. Id. § 552.321(a); Texas Dep't of Pub. Safety v. Gilbreath, 842 S.W.2d 408, 411 (Tex. App.--Austin 1992, no writ).

Please remember that under the Act the release of information triggers certain procedures for costs and charges to the requestor. If records are released in compliance with this ruling, be sure that all charges for the information are at or below the legal amounts. Questions or complaints about over-charging must be directed to Hadassah Schloss at the Texas Building and Procurement Commission at (512) 475-2497.

If the governmental body, the requestor, or any other person has questions or comments about this ruling, they may contact our office. We note that a third party may challenge this ruling by filing suit seeking to withhold information from a requestor. Gov't Code § 552.325. Although there is no statutory deadline for contacting us, the attorney general prefers to receive any comments within 10 calendar days of the date of this ruling.

Sincerely,

Sarah I. Swanson
Assistant Attorney General
Open Records Division
SIS/lmt
Ref: ID# 192098
Enc. Submitted documents

c: John S. Chou, MD JD
879 West 190th Street, Suite 400
Gardena, California 90248
(w/o enclosures)


 

Footnotes

1. Because we reach this conclusion, we need not reach your remaining argument for Exhibit E.

2. Because we reach this conclusion, we need not reach your remaining argument for Exhibit G.
 

POST OFFICE BOX 12548, AUSTIN, TEXAS 78711-2548 TEL: (512) 463-2100 WEB: WWW.OAG.STATE.TX.US
An Equal Employment Opportunity Employer

Home | ORLs