Section 8-27-910 - Compliance with request or subpoena for information protected under HIPAA(a) A covered entity, whether public or private, shall comply with a request or subpoena for information protected under the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) ( 42 U.S.C. § 1320d et seq.) when the request or subpoena:(1) Is made by:(A) An individual, who is not the subject of the information;(B) The individual's guardian, power of attorney, or executor of the individual's estate;(E) A law enforcement agency;(2) Is accompanied by a qualified protective order signed by the court in which the matter is pending; and(3) Provides sufficient notice as described in subsection (c).(b) As used in this section:(1) "Covered entity" has the same meaning as defined in the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) ( 42 U.S.C. § 1320d et seq.); and(2) "Qualified protective order" means: (A) An order of a court, administrative judge, or tribunal, or a stipulation by the parties to the litigation or administrative proceeding, that (i) Prohibits a party from using or disclosing protected health information for a purpose other than the litigation or proceeding for which the information was requested; and(ii) Requires the return to the individual who is the subject of the protected information or the individual's counsel of, or destruction of, the protected health information, including all copies made, at the end of the litigation or proceeding; or(B) A subpoena that:(i) Is signed by the court in which the matter is pending; and(ii) Provides sufficient notice as described in subsection (c).(c)(1) To provide sufficient notice under this section, the party seeking protected health information must provide to the covered entity a written and notarized statement and accompanying documentation indicating that reasonable efforts have been made to:(A) Ensure that an individual who is the subject of the information requested has been notified of the request, or(B) Secure a qualified protective order for the information.(2) The notice described in subdivision (c)(1) must include sufficient detail to permit the individual who is the subject of the information requested to identify the court in which the matter for which the information sought is pending, and raise an objection with the court.(3) The notarized statement described in subdivision (c)(1) must require that the party seeking protected health information file a separate statement and accompanying documentation demonstrating: (A) That a period of forty-five (45) days has lapsed since the individual was provided with the notice; and(B)(i) The individual or the individual's representative has not filed an objection; or(ii) If an objection has been filed, the filed objections have been resolved by the court and the disclosures being sought are consistent with that resolution.(d) A local government entity may opt out of the requirements of this section upon passage of a resolution by a simple majority vote of the entity's governing body.Added by 2022 Tenn. Acts, ch. 674,s 1, eff. 3/18/2022.