Menu Close

The “P” Isn’t for Privacy: The Conflict Between Bankruptcy Rules and HIPAA Compliance


Sophie R. Rogers Churchill


May 23, 2021

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) included a now-ubiquitous provision designed to protect the privacy of patients’ protected health information. The provision prohibits covered entities, including health care providers and their agents, from disclosing any demographic information that may identify a patient and that relates to that patient’s medical care. The provision is broad and can include such simple information as which doctor a patient consults or the date of a patient’s consultation with a physician.

Unfortunately, such protections become impracticable in the bankruptcy setting. When a health care provider files bankruptcy, it files a host of documents that may inadvertently disclose protected health information. For example, recent patients usually must be given the opportunity to file a claim. To do so, the provider must list them on its initial schedules filed with its petition. These schedules, like almost all bankruptcy filings, become public record and can be found online, resulting in the type of disclosure prohibited by HIPAA. And the problem compounds as the case continues.

By walking through the hypothetical Chapter 11 case of a bankrupt fertility clinic, this Note highlights a few of the bankruptcy disclosures that prove particularly risky to protected health information (PHI). It argues that the rigidity of the Federal Rules of Bankruptcy Procedure and Title 11 of the United States Code (the Bankruptcy Code) contravene HIPAA’s privacy rule. It then recommends several opportunities to protect PHI through attorney, court, and legislative action. Specifically, this Note proposes that Congress incorporate specific language aimed at protecting PHI into existing bankruptcy laws. Enacting even a few of the recommendations in this Note would facilitate the protection of PHI and HIPAA compliance.


Sophie R. Rogers Churchill, The “P” Isn’t for Privacy: The Conflict Between Bankruptcy Rules and HIPAA Compliance, 78 Wash. & Lee L. Rev. 971 (2021)