Any time your hospital counsel needs credentials files to defend the hospital in a
legal matter, you may share credentials files with counsel. It is unlikely that you would ever need to share
the original files as usually copies will suffice for counsel’s use or for any production of documents that
may be mandated through a legal proceeding. Under most states’ peer review laws, the production of
credentials files to counsel for defense purposes will not disturb the protection of those documents.
You also need to make sure that your various counsel who represent you, who may have access to
protected health information, execute a HIPAA compliant Business Associate Agreement.
There have been a few disturbing cases where hospital counsel requested certain types of records from
their clients in order to review records and determine if patients may need representation on certain types of matters such as
Workers’ Compensation. Such requests from counsel are not appropriate absent a specific authorization
from the individual whose records are being obtained.
A related issue pertains to how to handle any protected health information under
HIPAA that may be contained in credentials or peer review files during a litigation discovery process
and/or in response to a subpoena. For information on this subject, visit the
HIPAA Question and Answer Board on Subpoenas.
