The Office of General Counsel issued the following informal opinion on August 27, 2002, representing the position of the New York State Insurance Department.

Re: Regulation 169 and Doctor’s Release of Patient Information to its Insurer and Attorney

Question Presented:

Does N.Y. Comp. Codes R. & Regs. tit. 11, §§ 420.0 – 420.25 (2001) (Regulation 169) prohibit a doctor who has been threatened with a lawsuit by a patient from disclosing information about the patient and the allegations leveled against him to his medical malpractice insurer or attorney?

Conclusion:

The Department’s Privacy Regulation, found at N.Y. Comp. Codes R. & Regs. tit. 11, §§ 420.0 – 420.25 (2001) (Regulation 169), governs the treatment of nonpublic personal information about individuals in this State by persons licensed, or required to be licensed, or authorized, or required to be authorized, or registered, or required to be registered by this Department. Doctors are not licensees of the Insurance Department. Thus, unless the doctor was acting as a service provider to a licensee, the provisions of Regulation 169 would not be applicable to the facts presented.

Facts:

Dr. A is seeing a patient for a medical condition and during the course of the treatment the patient expresses dissatisfaction with the treatment program and threatens to sue the doctor. No lawsuit has been filed thus far, however, the doctor would like to apprise its insurer or attorney of the facts and details surrounding the possible lawsuit.

Analysis:

N.Y. Comp. Codes R. & Regs. tit. 11, § 420.1(a) (2001) (Regulation 169) provides:

(a) Purpose. This part governs the treatment of nonpublic personal information about individuals (defined in this Part as consumers or customers) in this State by all licensees of the Insurance Department. (emphasis added).

N.Y. Comp. Codes R. & Regs. tit. 11, § 420.3(p)(1) (2001) states:

(p)(1) Licensee means a person licensed, or required to be licensed, or authorized, or required to be authorized, or registered, or required to be registered pursuant to the Insurance Law of this State; a health maintenance organization holding, or required to hold, a certificate of authority pursuant to article 44 of the Public Health Law; or an unauthorized insurer in regard to the excess line business conducted pursuant to section 2118 of the Insurance Law and Part 27 of this Title (Regulation 41); but shall not include a registered service contract provider, charitable annuity society, or a licensed viatical settlement company or viatical settlement broker. (emphasis in original).

The inquirer states that a patient has threatened to sue a doctor due to such patient’s dissatisfaction with the way the doctor has treated her condition. The inquirer asks whether, in light of the new privacy regulations, the doctor may release any information regarding the patient’s treatment and the allegations leveled against him to his medical malpractice insurer or attorney. As seen above, Regulation 169 governs the treatment of nonpublic personal information by all licensees of the Insurance Department. Doctors are not licensees of the Insurance Department. Thus, the provisions of Regulation 169 are not applicable to the facts presented.1

Please note that although Regulation 169 is not implicated in this situation, there may be other non-insurance statutes that govern the release of a patient’s medical information with which a doctor must comply.

For further information you may contact Senior Attorney D. Monica Marsh at the New York City Office.


1 Note that there might be circumstances where a doctor, acting as a service provider to a licensee, may be subject to provisions of Regulation 169. See, enclosed OGC Opinion Letter written by Principal Attorney Alan Rachlin and dated April 2, 2002, wherein this issue was discussed.