Untitled Texas Attorney General Opinion ( 2004 )

                                  ATTORNEY GENERAL OF TEXAS
GREG         ABBOTT
January 21,2004
The Honorable Tracey Bright                                      Opinion No. GA-0138
Ector County Attorney
Ector County Courthouse                                          Re: Whether individual county commissioners
Room 201                                                         are entitled to access medical insurance coverage
Odessa, Texas 7976 1                                             information regarding a former commissioner and
his wife (RQ-0077-GA)
Dear Ms. Bright:
You ask whether individual county commissioners are entitled to access medical insurance
coverage information regarding a former commissioner and his wife.’
I.        Facts
Ector County provides its employees with health care coverage under a self-insured plan.
See Request Letter, supra note 1, at 1.2 The plan pays benefits directly, although the county has
“stop loss” coverage for larger claims. 

provides benefits with the assistance of a third-
party claims administrator, the county insurance department, and the commissioners court insurance
committee. See Caddel Letter, supra note 2, at l-2.
At a special meeting, the Ector County Commissioners Court authorized an investigation
concerning the payment of claims for health services rendered to a former commissioner’s spouse.
See id.3 The county commissioners had learned that the former commissioner had not made monthly
premium payments for retiree dependent health coverage for 22 months. See Request Letter, supra
note 1, at 1. The investigation concerned reports that the former commissioner and the head of the
Ector County insurance department agreed to a payment schedule to make up the art-ear-age. See 

also concerned reports that one or’more commissioners had attempted to obtain
‘See Letter from Honorable Tracey Bright, Ector County Attorney, to Honorable         Greg Abbott, Texas Attorney
General (July 7,2003) (on file with Opinion Committee) [hereinafter Request Letter].
*See also Letter from Honorable Jerry D. Caddel, Ector County Judge, to Nancy S. Fuller, Chair, Opinion
Committee, Office of Attorney General (Aug. 27,2003) (on file with Opinion Committee) [hereinafter Caddel Letter].
3See also Meeting Minutes from the Ector County              Commissioners   Court (June   13, 2003),   available   at
http://www.co.ector.tx.us/annex/c_court/Minutes/02/03~-03-06-13.htm.
The Honorable Tracey Bright - Page 2            (GA-0138)
health plan information about county employees from the third-party claims administrator and from
the county insurance department. See Caddel Letter, supra note 2, at 1. The county judge has taken
the position that authority granted to access certain health insurance information is granted “to the
Court acting as a body and not to the individual members.” 

II.    The Ouestions
In light of these circumstances,   you ask:
1)      Are the individual County Commissioners allowed to access
and review all of the records of the ex-commissioner’s
insurance status including his and his wife’s signup
documents, claims, and premiums payment histories? In this
regard, would there be any documents that the County
Commissioners could not access and review?
2)      Are the individual County Commissioners allowed to access
and review the records in question, in spite of an ongoing
criminal investigation, if appropriate measures are taken to
protect the integrity and security of the records?
Request Letter, supra note 1, at 2. You clarify that the “individual County Commissioners are not
requesting the records in question be made public, only that they be allowed to review them to fulfill
their elective duties, e.g.[,] determining [the] cause and extent of the problem, discipline of the
employee who made the mistake, protection of the County finances, etc.” 

of Individual Commissioners
Your questions concern the authority that an individual commissioner holds independent of
the county commissioners      court’s corporate powers.      Texas counties are divided into four
commissioners precincts and each precinct elects a commissioner. See TEX.CONST.art.V, 0 18(b).
The four commissioners,      with the county judge as presiding officer, make up the county
commissioners court. See id.; TEX.LOC.GOV’T CODEANN. 8 81.001 (Vernon 1999). Although
commissioners are elected by precinct, the “‘court is manifestly a unit, and is the agency of the whole
county. The respective members of the commissioners court are therefore primarily representatives
of the whole county, and not merely representatives of their respective precincts. The duty of the
commissioners court is to transact the business, protect the interests, and promote the welfare of the
county as a whole.“’ Canales v. Laughlin, 

1, 454 (Tex. 1948) (quoting Stovall v.
Shivers, 103 S. W.2d 363,366 (Tex. 1937)). An individual commissioner acting alone does not have
the authority to bind the county by agreement or conduct. See Hill Farm, Inc. v. Hill County, 

, 324 (Tex. 1969); 

. Consequently, county authority is
generally vested in the commissioners       court as a governmental body and not in individual
commissioners.
The Honorable Tracey Bright - Page 3                    (GA-0138)
You suggest that individual commissioners are entitled to access county employee health
records as “custodian[s]” under the Public Information Act (“PIA”). Under the PIA, “[e]ach elected
county officer is the officer for public information and the custodian, as defined by Section 201.003,
Local Government Code, of the information created or received by that county officer’s office.” See
TEX.GOV’T CODEANN. 6 552.201(b) (Vernon Supp. 2004). While a county commissioner is an
elected official, Government Code section 552.201(b) does not specify whether, when the official
is a member of a board or commission, authority must be exercised collectively. See, e.g., TEX.
EDUC. CODE ANN. 8 5 1.903(a) (Vernon 1996) (referring to a “commissioners          court of any county,’
as a “custodian of public records”).         Moreover, assuming that individual commissioners        are
custodians of commissioners court records, it is not clear that they would be the custodian of records
created or received by, for example, the county’s insurance department or the employee health plan.
See TEX. Lot. GOV’T CODE ANN. 0 201.003(2) (V emon 1999) (defining “custodian” as “the
appointed or elected public officer who by the state constitution, state law, ordinance, or
administrative policy is in charge of an ofice that creates or receives local government records”).
We need not decide these issues here, however, because a commissioner possesses authority to
access records involving county business independent of any rights under The PIA.
The PIA concerns the public’s right of access to governmental records. See TEX. GOV’T
CODEANN. $3 552.001 (Vernon 1994) (stating the purpose of PLA); 552.021 (Vernon Supp. 2004)
(providing that public information is available to the public). A member of a governing body has
a right to access the documents of that body, not merely as a member of the public, or as a custodian
under The PIA, but because of the member’s inherent powers of office. While there do not appear
to be Texas court decisions directly concerning the issue, on several occasions this office has
observed that a member of a governing body has an inherent right of access to the records of that
body when requested in the member’s official capacity and for the member’s performance of official
duties. See Tex. Att’y Gen. Op. Nos. JC-0283 (2000) at 3-4, JC-0120 (1999) at 3-5, JM-119 (1983)
at 3; Tex. Att’y Gen. LO-93-069, at l-2.
In JM-119, we determined that because the board of trustees of a college district was
responsible for the governance and control of the district, individual trustees were entitled to access
audit records concerning the district. See Tex. Att’y Gen. Op. No. JM-119 (1983) at 3. Further,
because the member had asked in the member’s official capacity and not as a member of the general
public, the custodian of records could not deny access under The PIA. See 

this
office determined that the chief executive and members of a governing body of a municipality were
entitled to access individual fire fighter and police officer personnel files as a necessary power
incident to the governing body’s responsibility to oversee the police chief and fire chief. See Tex.
Att’y Gen. Op. No. JC-0283 (2000) at 3-4.
In LO-93-069, this office determined that members of the Texas State Board of Medical
Examiners were entitled to examine personnel files of its employees, including confidential material
such as medical health history. See Tex. Att’y Gen. LO-93-069, at 2.4 Also, in JC-0120, this office
determined that a city council member was entitled to review a confidential and privileged tape
4But see discussion at part V.2., infia, concerning the promulgation of federal privacy standards pursuant to the
Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191, 110 Stat. 1936.
The Honorable Tracey Bright          - Page 4          (GA-0138)
recording of an executive session of the council. See Tex. Att’y Gen. Op. No. JC-0120 (1999) at 3-4.
In light of the confidential nature of the tape, however, this office advised that it was proper for the
council to adopt procedures to preserve the tape’s confidentiality,         but the council could not
absolutely prohibit a member from reviewing the records. See 

From these principles, we conclude that the authority of an individual commissioner to
review records involving the county is largely coextensive with that of the commissioners court as
a governmental body. When there are competing confidentiality or security concerns, it may be
proper for the court to establish reasonable procedures to preserve confidentiality,          but the
conu-nissioners court may not absolutely prohibit an individual commissioner from viewing records
involving county business that are otherwise properly available to the court as a governmental body.
We next consider the commissioners court’s authority as a governmental body to access plan records.
IV.     Authoritv of Commissioners Court
The county commissioners court’s primary duty is to administer the county’s business affairs.
See City of San Antonio v. City of Boerne, 

’27 (Tex. 2003). Although its authority
must ultimately be grounded in the constitution and statutes, it has broad supervisory responsibility
over the expenditure of county funds as the “general business and contracting agency of the county.”
Anderson v. Wood, 

, 1085 (Tex. 1941). The employment benefits Ector County
provides its employees are, of course, county business. On behalf of the county, the commissioners
court has entered into a contractual arrangement with its employees to pay certain health benefits
under a self-insured plan5 As you state, the responsibility of managing Ector County’s self-insured
employee health plan “falls on the commissioners courVy6 The Plan Document charges Ector
County, as plan sponsor and plan administrator, with certain authority and responsibilities
concerning plan oversight and maintenance of plan documents and records. See Plan Document,
supra note 5. Accordingly, the authority and responsibility of the county with respect to plan records
appears to be governed at a contractual level by the terms of the Plan Document. See 

Limits on Access
You identify two possible statutory limitations on commissioners’ access to medical records,
the Texas Medical Practice Act (“MPA”), see TEX.OCC.CODEANN. $5 159.001-.009 (Vernon
2004)’ and the Federal Health Insurance Portability and Accountability Act of 1996 (“HTPAA”),
Pub. L. No. 104- 19 1,110 Stat. 1936 (codified in scattered sections of volumes 18’26’29 and 42 of
the United States Code). See Request Brief, supra note 6, at l-2.
‘See Plan Document and S ummary Plan Description, Ector County, Employee Benefit Plan, Effective October
1,200O [hereinafter Plan Document] (on file with Opinion Committee) (submitted by Ector County in response to a
related public information request, see Tex. Att’y Gen. OR2003-6136 (informal letter ruling)).
6Brief fromHonorable   Tracey Bright, at 1 (attached to Request ietter, supra note 1) Fereinafter   Request Briefj.
The Honorable Tracey Bright             - Page 5          (GA-0138)
1.         Medical Practice Act
The MPA, codified in chapter 159 of the Occupations Code, concerns physician-patient
communications.     See TEX.OCC. CODEANN. $4 159.001-.009 (Vernon 2004). Under section
159.002, certain physician-patient communications and records created or maintained by a physician
are privileged and confidential:
(a) A communication between a physician and a patient, relative to or
in connection with any professional services as a physician to the
patient, is confidential and privileged and may not be disclosed
except as provided by this chapter.
(b) A record of the identity, diagnosis, evaluation, or treatment of a
patient. by a physician that is created or maintained by a physician is
confidential and privileged and may not be disclosed except as
provided by this chapter.

     Additionally,     subsection (c) provides:
(c) A person who receives information           from a confidential
communication or record as described by this chapter, other than a
person listed in Section 159.004 who is acting on the patient’s behalf,
may not disclose the information except to the extent that disclosure
is consistent with the authorized purposes for which the information
was first obtained.

A person aggrieved by an unauthorized release of confidential                         and privileged
communications may bring a private cause of action. See 

The MPA contains exceptions that allow disclosure of otherwise confidential and privileged
communications and records. A patient may consent to disclosure under section 159.005. See 

Also, there is an exception for certain disclosures in connection with a court or
administrative proceeding. See 

Finally, section 159.004 provides the only exceptions
to the privilege of confidentiality, other than in administrative or judicial proceedings, which permit
a physician to disclose confidential information. 

For example, section 159.004
‘Section   159.004 provides:
An exception to the privilege of confidentiality  in a situation other than a court or administrative
proceeding, allowing disclosure of confidential information by a physician, exists only with respect
to the following:
(1) a governmental   agency, if the disclosure   is required or authorized by law;
(continued...)
The Honorable Tracey Bright - Page 6                              (GA-0138)
permits a physician to disclose confidential information “with respect to . . . a person, corporation,
or governmental agency involved in the payment or collection of fees for medical services provided
by a physician.” 

Whether a particular record concerning the former commissioner’s spouse is confidential and
privileged under the MPA depends, in the first instance, on whether information in the record derives
from a physician-patient communication under section 159.002(a) or a record created or maintained
by a physician containing a patient’s identity, diagnosis, evaluation, or treatment under section
159.002(b). S ee 

     If so, then such a record or communication may not be
disclosed unless it meets one of the exceptions under the MPA. 

the MPA
authorizes a disclosure for a particular purpose, then the MPA permits redisclosure only to the extent
it is consistent with that purpose. See 

Consequently, whether the MPA would
allow disclosure of a particular document depends on the document’s or record’s content,
‘(...continued)
(2) medical or law enforcement          personnel,    if the physician    determines   that there is a
probability of:
(A) imminent         physical injury to the patient, the physician,    or another person; or
(B) immediate         mental or emotional     injury to the patient;
(3) qualified personnel for research or for a management audit, financial audit, or program
evaluation, but the personnel may not directly or indirectly identify a patient in any report of
the research, audit, or evaluation or otherwise disclose identity in any manner;
(4) those parts of the medical records reflecting specific services provided if necessary in the
collection of fees for medical services provided by a physician, professional association, or
other entity qualified to provide or arrange for medical services;
(5) a person who has consent, as provided by Section 159.005;
(6) a person, corporation, or governmental agency involved in the payment or collection                  of
fees for medical services provided by a physician;
(7) another physician or other personnel acting under the direction of the physician
who participate in the diagnosis, evaluation, or treatment of the patient;
(8) an offkial   legislative     inquiry regarding    state hospitals or state schools, if:
(A) information or a record that identifies a patient or client is not released for any
purpose unless proper consent to the release is given by the patient; and
(B) only records         created by the state hospital      or school or its employees     are
included; or
(9) health care personnel of a penal or other custodial institution in which the patient is
detained if the disclosure is for the sole purpose of providing health care to the patient.
TEX. Oct.    CODE ANN. 9 159.004 (Vernon             2004).
The Honorable Tracey Bright          - Page 7            (GA-0138)
the circumstances of its creation and maintenance, and the purposes of the disclosure. See 

159.002-.005. However, even if the MPA does not preclude a particular disclosure, the disclosure
may still be subject to privacy provisions under HIPAA, as discussed next.
2.       HIPAA
Your primary concern is whether access to certain employee health records would be
permitted under HIPAA. HIPAA provides civil and criminal penalties for its violation. See 42
U.S.C. $8 1320d-5,1320d-6 (2000). Pursuant to HIPAA, theU.S. Department ofHealth andHuman
Services (“HHS”) has promulgated extensive regulations, known as the Privacy Rule, to establish
a national standard to protect certain health information. See HIPAA, Pub. L. No. 104-l 91,§ 264(b),
(c)(l), 110 Stat. 2033 (d’n-ecting HHS to promulgate privacy regulations should Congress not enact
governing legislation); 45 C.F.R. pts. 160, 164 (2003) (the “Privacy Rule”).
The Privacy Rule limits disclosure of health information based on myriad factors such as the
content of the record, the purpose of the disclosure, authorization by the individual affected, the
nature, role, and structure of the various entities involved, the degree that the entity or entities are
HIPAA-compliant, and numerous other factors. See generally HHS, Office for Civil Rights Privacy
Brief, Summary of the HIPAA Privacy Rule (“OCR Summary,‘).* Consequently, an opinion from
this office concerning commissioners’ access to specific documents cannot take the place of advice
from counsel with intimate knowledge of the county’s current plan, the county’s delegation of
responsibilities under the plan, the contents of the documents sought, and the requirements of
HIPAA and the Privacy Rule. Moreover, within HHS, the Office for Civil Rights has responsibility
for implementing the Privacy Rule and provides resources for addressing HIPAA concerns. See id.9
Nonetheless, we will make some general observations that may or may not be applicable to your
present circumstances.
The Privacy Rule applies directly to a “covered entity,” which is a health plan, health care
clearinghouse, and a health care provider who engages in certain transactions. 45 C.F.R. $§ 160.102-
.103 (2003). Health plans subject to the Privacy Rule include some private and government
employer-sponsored    group health plans. See 

Previously, in a related open records
proceeding, you indicated that Ector County’s plan is a covered entity under the Privacy Rule.”
In general, the Privacy Rule prohibits covered entities from using or disclosing protected
health information except as the rule permits. See 

See generally South Carolina
Med. Ass’n v. Thompson, 

(4th Cir. 2003)’ cert. denied, 

(2003). In
general, state law that is “contrary” to the Privacy Rule is preempted. 45 C.F.R. 0 160.203 (2003).
A state statute is contrary if it would be impossible to comply with both the state statute and with
HIPAA, or if state law would be an obstacle to “accomplishing the full purposes and objectives of
‘Available at http://www.hhs.gov/ocr/privacysummary.rtf       (last revised May 2003).
‘See also http://www.hhs.gov/ocr/hipaa.
“See Tex. Att’y Gen. OR2003-6136,        at 1.
The Honorable Tracey Bright            - Page 8           (GA-0138)
the Administrative Simplification portions of HIPAA.” OCR Summary, supra note 8, at 16; 45
C.F.R. 9 160.202 (2003). Moreover, the Privacy Rule does not exempt state statutes that are “more
stringent.” 45 C.F.R. 50 160.202-.203 (2003). Generally, a state statute is more stringent than the
Privacy Rule if it “provides greater privacy protection for the individual who is the subject of the
individually identifiable health inforrnation.” 

see generally South Carolina Med.
Ass 

.
“Protected health information” under              the Privacy Rule includes “individually identifiable
health information.” 45 C.F.R. 4 160.103                   (2003) (defining “protected health information”).
“Individually identifiable health information”             is “information that is a subset of health information,
including demographic information collected                from an individual,” and:
(1) Is created or received by a health care provider,                  health plan,
employer, or health care clearinghouse; and
(2) Relates to    the past, present, or future physical or mental health or
condition of       an individual; the provision of health care to an
individual; or    the past, present, or future payment for the provision of
health care to    an individual; and
(i) That identifies the individual;        or
(ii) With respect to which there is a reasonable basis to
believe the information can be used to identify the individual.

Generally, a covered entity using, disclosing, or requesting protected health information
“must make reasonable efforts to limit protected health information to the minimum necessary to
accomplish the intended purpose of the use, disclosure, or request.” 

     The
Privacy Rule permits a covered entity to “use or disclose protected health information for its own
treatment, payment, or health care operations.” 

      “Payment” is defined to
include:
(1) The activities undertaken         by:
(i) A health plan to obtain premiums or to determine or fulfill
its responsibility for coverage and provision of benefits under
the health plan; or
“The minimum-necessary     standard does not apply to certain disclosures, uses, or requests such as disclosures
or requests by a health care provider for treatment, certain uses or disclosures to the individual, uses or disclosures under
a proper authorization, and certain other uses or disclosures. See 45 C.F.R. $ 164.502(b)(2)(i)-(vi)       (2003).
The Honorable Tracey Bright     - Page 9       (GA-0138)
(ii) A health care provider or health plan to obtain or provide
reimbursement for the provision of health care; and
(2) The activities in paragraph (1) of this definition relate to the
individual to whom health care is provided and include, but are not
limited to:
(i) Determinations   of eligibility or coverage (including
coordination of benefits or the determination of cost sharing
amounts), and adjudication or subrogation of health benefit
claims;
(ii) Risk adjusting amounts due based on enrollee        health
status and demographic characteristics;
(iii) Billing, claims management,       collection  activities,
obtaining payment under a contract for reinsurance (including
stop-loss insurance and excess of loss insurance), and related
health care data processing;
(iv) Review of health care services with respect to medical
necessity, coverage under a health plan, appropriateness of
care, or justification of charges;

an individual may authorize or agree to certain uses or disclosures of protected
health information. 

1).
An employer that is not a health plan, health care clearinghouse, or a health care provider is
not a covered entity under the rule. Accordingly, Ector County, in its capacity as an employer, is not
a covered entity. Moreover, “[ elmployment records held by a covered entity in its role as employer”
are excluded from the definition of protected health information. 

However, the Plan
Document indicates that Ector County, as plan sponsor, is responsible for administering the plan.
See Plan Document, supra note 5, at 40. Depending on its function under the plan, Ector County
may very well be considered as a “business associate” under the Privacy Rule. See 45 C.F.R.
0 160.103 (2003) (defining “business associate” to include one who performs or assists in activities
such as claims processing or administration that involve the use or disclosure of individually
identifiable information). In that case, the plan must impose certain written safeguards on the county
with respect to its use of protected health information. See 

.504(e), .532.
Additionally,  a group health plan subject to the Privacy Rule must satisfy certain
organizational requirements in order to disclose protected health information to a plan sponsor. See

see also 

l)(ii)(B) (providing that business associate disclosure
The Honorable Tracey Bright         - Page 10         (GA-0138)
standards do not apply to a group health plan’s disclosures to the plan sponsor “to the extent that the
requirements of 0 164.504(f) apply and are met”). The Privacy Rule requires amendment of the plan
documents to establish adequate separation between a group plan and the plan’s sponsor. See 

The plan documents must describe the employees or classes of employees who
will be given access to protected health information, restrict their use of the information to that
necessary for the administration of the group plan, and provide an effective mechanism to deal with
noncompliance.      See 

     The plan documents must establish the
permitted and required uses of information by the plan sponsor, which must be consistent with the
Privacy Rule. See 

   The plan must also contain, among other things, the plan
sponsor’s agreement (1) not to use or further disclose information other than as permitted by the plan
documents     or as required by law; (2) not to use or disclose health information                    for
employment-related     actions and decisions, or in connection with any other benefit or employee
benefit plan of the plan sponsor; (3) to ensure that all agents and “business associates” agree to the
same limitations; (4) to report any privacy violation to the group plan; (5) to make available
information to provide an accounting of disclosures as required; and (6) if feasible, to return, destroy
or limit further uses of the protected health information it has received. 

(2)(ii);
see also 

(2). S ee g enerally 65 Fed. Reg. 82462, 82507-08 (Dec. 28, 2000)
(discussing special considerations concerning group health plans and plan sponsors; stating that the
Privacy Rule does “not attempt to directly regulate employers or other plan sponsors, but . . . place[s]
restrictions on the flow of information from covered entities to non-covered entities”).
These are but some of the provisions of the Privacy Rule that may impact the disclosure of
protected health information by the plan. The health insurance “signup documents, claims, and
premiums payment histories,” see Request Letter, supra note 1, at 2, of the former commissioner and
his spouse would almost certainly contain individually identifiable health information subject to the
Privacy Rule. Whether the Privacy Rule permits disclosure of particular documents cannot be
answered definitively without full investigation and resolution of fact questions beyond the scope
of the opinion process. See Tex. Att’y Gen. Op. No. GA-0003 (2002) at 1.
VI.     Criminal Investigation
One aspect of your second question is whether individual commissioners may access and
review documents “in spite of an ongoing criminal investigation.” See Request Letter, supra note
1, at 2. You confirm that the criminal investigation initiated at the request of the Commissioners
Court has terminated, but clarify that for future reference you wish to know whether an ongoing
criminal investigation may limit a commissioner’s        right ‘to access or use otherwise accessible
documents that are potentially subject to the investigation.12 We are unaware of any statute or case
law that, per se, precludes an individual commissioner from using documents the commissioner is
otherwise entitled to use because of an ongoing criminal investigation. The PIA excepts from public
disclosure certain matters relating to detection, investigation, or prosecution of crime. See TEX.
GOV’T CODE ANN. 0 552.108 (Vernon Supp. 2004); Hobson v. Moore, 

’340-41
(Tex. 1987). Seegenerally Holmes v. Morales, 

(Tex. 1996). However, as discussed
‘*Telephone conservation   with Honorable   Tracey Bright, Ector County Attorney   (Nov. 13,2003).
The Honorable Tracey Bright      - Page 11      (GA-0138)
previously, a commissioner’s right to access county documents rests on a different basis than a
member of the public seeking disclosure under the PIA. Of course, a person with knowledge that
a criminal investigation is pending may not alter, destroy, or conceal a record or document, or thing
“with intent to impair its verity, legibility, or availability as evidence in the investigation.” TEX.PEN.
CODE ANN. 0 37.09(a)(l) (V emon 2003); Pannell v. State, 7 S.W.3d 222,223 (Tex. App.-Dallas
1999, pet. ref d). Also, in a given case, a warrant, subpoena, injunction, or other process could issue
that restricts use of or denies access to documents or records involved in the investigation.          But
without reference to specific circumstances, we cannot speculate how an ongoing criminal
investigation might impact the commissioners’ access to county records.
The Honorable Tracey Bright - Page 12
SUMMARY
An individual county commissioner      is entitled to access
employee insurance records as necessary to effectively perform the
commissioner’s official duties as a member of the court, subject to
privacy constraints imposed by state or federal law. The Medical
Practice Act (“MPA,‘) makes confidential            patient-physician
communications     and records, and limits their disclosure and
subsequent redisclosure.    Under the MPA, any redisclosure of
confidential information must be consistent with the authorized
purposes for which the information was first obtained. Whether the
Privacy Rule under the Federal Health Insurance Portability and
Accountability Act of 1996 permits disclosure of medical insurance
coverage information regarding a former commissioner and his wife
cannot be answered without a full investigation and resolution of fact
questions, which is beyond the scope of the opinion process. The
exception in the Public Information        Act relating to criminal
investigations   does not preclude county commissioners            from
accessing county records that they are otherwise entitled to review.
BARRY R. MCBEE
First Assistant Attorney General
DON R. WILLEn
Deputy Attorney General for Legal Counsel
NANCY S. FULLER
Chair, Opinion Committee
William A. Hill
Assistant Attorney General, Opinion Committee