For years, law enforcement has bypassed traditional means of securing evidence by informal requests for documents from witnesses of crimes. At some point, that practice bled over into informal requests for healthcare providers’ documents, including documents reflecting protected health information (PHI). Healthcare providers, for the most part, have complied with these informal requests because, as the logic goes, law enforcement couldn’t possibly prosecute me for complying with law enforcement, right? Isn’t that entrapment?
This cooperative, well-intentioned practice by healthcare providers now appears to be drawing scrutiny from Congress. On December 12, 2023, members of Congress sent a letter to Health & Human Services Secretary Xavier Becerra announcing the results of a Congressional inquiry into the practice of pharmacies handing over patient information without legal process. In the face of that new scrutiny, which is sure to extend beyond pharmacies to all healthcare providers, what are healthcare providers to do when asked for PHI through informal means?