HIPAA and Data Privacy Compliance in Healthcare Litigation
Navigating Federal and State Regulatory Requirements; Evaluating Subpoenas, Court Orders, and Discovery Requests

Course Details
- smart_display Format
Live Online with Live Q&A
- signal_cellular_alt Difficulty Level
Intermediate
- work Practice Area
Health
- event Date
Wednesday, October 8, 2025
- schedule Time
1:00 p.m. ET./10:00 a.m. PT
- timer Program Length
90 minutes
-
This 90-minute webinar is eligible in most states for 1.5 CLE credits.
This CLE course will guide healthcare counsel advising providers on complying with the Health Insurance Portability and Accountability Act (HIPAA) and other federal and state privacy laws when asked to produce health information as a part of pending litigation. The panel will discuss what qualifies as protected health information (PHI) and is subject to HIPAA, what health information does not qualify as PHI but may still be subject to other federal and state privacy laws, and best practices for remaining compliant when responding to subpoenas, court orders, and discovery requests.
Faculty

Mr. Burriss represents clients in sophisticated litigation matters, with a scope that includes derivative actions, M&A disputes, software license and data breach litigation, antitrust litigation, and trade secret litigation. He also has extensive experience litigating matters that arise under the Employee Retirement Income Security Act (ERISA), including 401(k) litigation, employee stock ownership plan (ESOP) litigation, and representing some of the world’s largest health plan administrators and insurers, advising on a variety of litigation matters, including anti-fraud litigation, provider disputes and regulatory issues.
Description
Requests for health information during litigation require counsel and healthcare providers to understand whether the information requested qualifies as PHI and is subject to HIPAA requirements, or even if it does not qualify as PHI, what other federal and state privacy protections may govern the information's production given the rapid expansion of data privacy regulation.
Additionally, counsel must evaluate whether the form of the request is proper and complies with federal and state law, whether the scope of information sought is appropriate, and whether all procedural requirements were met. Providers must avoid releasing more information than necessary.
Listen as our expert panel discusses strategies for ensuring compliance with HIPAA and other federal and state privacy laws when producing medical records or other health information during litigation and discovery. The panel will explain best practices for responding to subpoenas, court orders, and discovery requests seeking this information, drafting and implementing qualified protective orders, and crafting authorizations for the release of health information.
Outline
I. Introduction: overview of federal and state privacy laws regulating the handling of health data
A. HIPAA
B. Other federal regulation
C. State privacy laws
II. Evaluating types of information requests and differing compliance requirements
A. Subpoenas
B. Court orders
C. Discovery requests
III. Remaining compliant when responding to requests for health information
A. What health information qualifies as PHI?
B. What health information does not qualify as PHI but may still be subject to privacy laws?
C. Determining scope of response required
D. Qualified protective orders
E. Release authorizations
IV. Practitioner takeaways
Benefits
The panel will review these and other important issues:
- What are the key factors for counsel to consider in evaluating a request for health information during the course of litigation?
- What other laws in addition to HIPAA should counsel consider when determining how to handle litigation requests for health data?
- What special conditions does HIPAA place on providers responding to a subpoena, court order, or discovery request for medical records?
- What are key considerations for producing health information that does not qualify as PHI?
- What are the best practices for counsel when drafting and implementing qualified protective orders in response to a request for health records?
Unlimited access to premium CLE courses:
- Annual access
- Available live and on-demand
- Best for attorneys and legal professionals
Unlimited access to premium CPE courses.:
- Annual access
- Available live and on-demand
- Best for CPAs and tax professionals
Unlimited access to premium CLE, CPE, Professional Skills and Practice-Ready courses.:
- Annual access
- Available live and on-demand
- Best for legal, accounting, and tax professionals
Unlimited access to Professional Skills and Practice-Ready courses:
- Annual access
- Available on-demand
- Best for new attorneys
Related Courses

HIPAA and Data Privacy Compliance in Healthcare Litigation
Thursday, July 31, 2025
1:00 p.m. ET./10:00 a.m. PT

Medicare and Medicaid Audit Overpayments: Challenging Statistical Sampling and Extrapolation
Thursday, July 17, 2025
1:00 p.m. ET./10:00 a.m. PT
Recommended Resources
Navigating Modern Legal Challenges: A Comprehensive Guide
- Business & Professional Skills
- Career Advancement