Responding to Legal Requests

Types of Legal Requests

• Subpoena — A legal demand for records, typically from an attorney or court. Does NOT override HIPAA without proper authorization.
• Court order — A judge-signed order that compels disclosure. Overrides patient consent requirements.
• Patient authorization — A voluntary HIPAA release signed by the patient allowing you to share their records with a named party.
• Attorney request with authorization — An attorney request accompanied by a signed patient HIPAA release.

How to Respond

1. Verify legitimacy — Confirm the request is valid and from a verified source.
2. Check authorization — Ensure proper HIPAA authorization is in place (patient signature or court order).
3. Limit scope — Release only the records specifically requested. Do not send the entire chart unless specifically ordered.
4. Document the disclosure — Log the release in the patient's HIPAA accounting of disclosures.
5. Use secure delivery — Send records through the Medximity platform or encrypted email. Never fax unencrypted PHI.

Working with Attorneys on Medximity

Attorneys with Medximity accounts can submit record requests through the platform with attached HIPAA authorizations. This provides a secure, documented chain of custody. See our Privacy Policy for detailed information about lawful disclosure requirements.