HIPAA Qualified Protective Order

Summary

This template is a HIPAA-qualified protective order you may use in federal court proceedings. This template includes practical guidance, drafting notes, and alternate and optional clauses. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Pub. L. No. 104-191, through its Privacy Rule, establishes a procedure to use to obtain protections when introducing protected health information (PHI) in litigation, including requesting a qualified protective order. 45 C.F.R. § 164.512(e). A protective order is designed to protect the parties' confidential or sensitive information during the litigation. Such an order generally permits the parties to produce documents and other materials in discovery without waiving their confidentiality interests. Many protective orders also allow the parties to designate material "Attorneys' Eyes Only," meaning that the receiving party's attorneys can review the material, but the party itself cannot. In this case, this template protective order applies only to the request, receipt, use, and disclosure of PHI in the litigation. This template conforms to and incorporates 145 C.F.R. § 164.512(e)(1) and Fed. R. Civ. P. 26(c). With modifications, this order could also be used in state courts. Further, this template contemplates that, for agreed protective orders, attorneys for one or more of the parties have filed a motion for an agreed HIPAA qualified protective order or the court has given prior leave to submit a HIPAA qualified protective order without a motion. This template may also be used when the parties dispute the need for a protective order, or where a party is incarcerated, and counsel requesting the order has filed a motion for a HIPAA qualified protective order, provided a copy of the order to the judge, and set the motion for hearing. For a full listing of resources addressing key health information privacy and security issues, including HIPAA, see Health Information Privacy and Security Resource Kit and HIPAA Resource Kit. For more information on HIPAA, including enforcement and penalties, see HIPAA Enforcement and Penalties and HIPAA Privacy, Security, Breach Notification, and Other Administrative Simplification Rules. To compare state laws on data breach notification requirements, see the Healthcare State Law Comparison Tool.