Nurse’s arrest highlights need for proper procedures for handling requests from law enforcement

A Utah police officer aggressively arresting a hospital nurse in July drew outrage from a shocked public after video of the incident was released.

Alex Wubbels, an employee at University of Utah Hospital in Salt Lake City, was dragged out of the facility by an officer after she explained why hospital policy would not permit a blood draw on an unconscious patient without the patient’s consent, the patient’s arrest or a warrant.

Wubbels was not charged after being detained by the officer, and two officers later were placed on administrative leave for their roles in the confrontation. The hospital later updated their restrictions on law enforcement to bar officers from patient-care areas and restrict contact with nurses.

The incident and the subsequent outcry from the public prompted formal statements by Salt Lake City Police Chief Mike Brown and Mayor Jackie Biskupski. “No medical professional … should be hindered from performing their duties,” said Biskupski in a statement, “and certainly not be fearful of the police officers they so often partner with to save lives.” Chief Brown, in his prepared statement, noted a “sincere desire to get back to a very cooperative, respectful and friendly relationship with our ‘brothers and sisters in white.’”

Wubbels’ ordeal puts fresh focus on the legal boundaries around fulfilling requests from law enforcement, whether for a blood draw from a patient or for various records that may be pertinent to an investigation.

Medical practice administrators can reduce confusion when law enforcement and other legal authorities make requests by instituting specific procedures for handling subpoenas for clinical records, court orders, search warrants and other administrative demands for the release of medical record information.

As noted by Elizabeth W. Woodcock, MBA, FACMPE, CPC, principal, Woodcock & Associates, Atlanta, in Operating Policies and Procedures Manual for Medical Practices, particular laws related to fielding requests from law enforcement and other authorities may vary by state, and consulting with legal counsel and/or a practice’s malpractice insurance carrier may be necessary to devise policies and procedures that reflect a practice’s obligations under existing law.

Woodcock states that when it comes to practice procedures, it is vital for employees to notify the practice administrator when a civil officer — be it a sheriff, deputy or subpoena server — is present at the facility to serve the document, and (in the case of subpoenas) that all information needed to comply with the request — attorney name, docket number and/or date and time of trial, if applicable — is included on the document.

Many healthcare organizations also maintain specific procedures for handling immediate requests for information from law enforcement when a patient is unable to provide consent. The University of Chicago Medical Center, for example, includes a four-step verification of whether the various elements needed for disclosure without consent are met, as well as the name and badge number of the requesting officer.

Beyond handling the actual interaction between employee and civil officer, practice administrators also must be aware of the full range of compliance issues associated with the privacy and security of patients’ Protected Health Information (PHI).

While the Alex Wubbels case shows what can go wrong in an interaction between law enforcement and a practice employee, understanding and communicating policies and how they relate to an organization’s compliance with federal and state rules governing requests for blood draws or PHI is a good starting point for practice leaders to avoid a tense situation such as the one in Utah.

Other resources:

If you or a practice employee needs to help explain the circumstances in which a HIPAA Covered Entity may disclose PHI to law enforcement, the U.S. Department of Health & Human Services’ Office for Civil Rights has a guide for law enforcement on better understanding the HIPAA Privacy Rule.