                                                                                            05/14/2020
                  IN THE COURT OF APPEALS OF TENNESSEE
                             AT KNOXVILLE
                                January 22, 2020 Session

                   ALYSIA REESE MCCRACKEN HANCOCK v.
                       BJR ENTERPRISES, LLC, ET AL.

                     Appeal from the Circuit Court for Knox County
                      No. 3-416-18      Deborah C. Stevens, Judge
                        ___________________________________

                            No. E2019-01158-COA-R3-CV
                        ___________________________________


This is a healthcare liability action. In her medical authorizations, the plaintiff left blank
lines as to who was authorized to receive the patient’s records from the medical providers
and others receiving notice. The defendants claimed that the authorizations were not
HIPAA1-compliant, as required by Tennessee Code Annotated section 29-26-
121(a)(2)(E). The plaintiff responded that by construing the pre-suit notice packet
materials as one cohesive document, all of the elements required by the statute are
present and that the defendants had at their disposal all of the information necessary to
obtain the patient’s medical records. The plaintiff further asserted that the failure of the
defendants to attempt to obtain the records precludes any demonstration of prejudice to
them. The trial court determined that the plaintiff’s statutory notice failed to substantially
comply with the requirements of Tennessee Code Annotated section 29-26-121. The
plaintiff appeals. We affirm.

           Tenn. R. App. P. 3 Appeal as of Right; Judgment of the Circuit Court
                                Affirmed; Case Remanded

JOHN W. MCCLARTY, J., delivered the opinion of the court, in which THOMAS R.
FRIERSON, II, J., joined. D. MICHAEL SWINEY, C.J., filed a separate concurring opinion.


M. Chad Trammell, Texarkana, Arkansas, Daniel Clayton, Nashville, Tennessee, and
Deborah Truby Riordan, Little Rock Arkansas, for the appellant, Alysia Reese
McCracken Hancock.



       1
        HIPAA refers to the Health Insurance Portability and Accountability Act of 1996, Pub.
L. No. 104-191, 110 Stat. 1936.
Stephen C. Daves and Gina S. Vogel, Knoxville, Tennessee, for the appellee, BJR
Enterprises, LLC, d/b/a Home Helpers of Knoxville.

Mark A. Castleberry and T. Mitchell Panter, Knoxville, Tennessee, for the appellee,
Grubb & Associates, Inc., d/b/a Brightstar of Knoxville.


                                              OPINION

                                         I. BACKGROUND

        This healthcare liability action concerns the medical care received by Ronald
Martin Reese (“Patient”). Alysia Reese McCracken Hancock (“POA”)2 holds the power
of attorney of Patient and brought this action on his behalf. Patient received in-home care
provided by BJR Enterprises, LLC d/b/a Home Helpers of Knoxville (“Home Helpers”)
and Grubb & Associates, Inc. d/b/a Brightstar of Knoxville (“Brightstar”) (collectively,
“Defendants”) from at least June 1, 2017, until August 4, 2017, at which time he suffered
a decline in his skin integrity, resulting in pressure sores, infections, and severe sepsis.
POA alleges that Patient’s condition is due to Defendants’ negligence.

      POA commenced this action by filing a complaint on November 27, 2018. On
January 10, 2019, Brightstar served POA with a motion to dismiss asserting that the
medical authorizations included in POA’s pre-suit notice letter to Defendants on July 30,
2018, were not HIPAA-compliant as required by Tennessee Code Annotated section 29-
26-121(a)(2)(E). On February 7, 2019, Home Helpers filed an identical motion. POA
responded to Defendants’ motions collectively, asserting that the notice packet provided
to Defendants was substantially compliant with Tennessee Code Annotated section 29-
26-121.

        A hearing was held on Defendants’ motions on May 17, 2019. The trial court
determined that it would follow the precedent set forth in Wenzler v. Xiao Yu, W2018-
00369-COA-R3-CV, 2018 WL 6077847 (Tenn. Ct. App. Nov. 20, 2018); Riley v.
Methodist Healthcare Memphis Hosps., 731 Fed. Appx. 481 (6th Cir. 2018), reh’g denied
(May 29, 2018); and Bray v. Khuri, 523 S.W.3d 619 (Tenn. 2017). On June 10, 2019, the
trial court entered its order granting Defendants’ motions to dismiss upon finding that the
HIPAA authorization did not substantially comply with the statutory requirements, that
the notice letter could not cure any deficiency on the authorization document, and that
POA’s failure to substantially comply with the statutory requirements prejudiced
Defendants’ ability to obtain Patient’s medical records. POA timely filed a notice of
appeal on July 1, 2019.


       2
           She is Patient’s adult daughter.
                                                -2-
                                       II. ISSUES

      We restate the issues raised by POA as follows:

             1. Whether the trial court erred in holding that POA’s method
             of permitting Defendants access to Patient’s medical records
             failed to substantially comply with the requirements of
             Tennessee Code Annotated section 29-26-121?

             2. Whether the trial court erred in finding that Defendants
             were prejudiced when POA provided to Defendants all of the
             information necessary to obtain Patient’s medical records, but
             they did not attempt to obtain them?


                            III. STANDARD OF REVIEW

       In this action, Defendants properly filed a motion to dismiss. Myers v. AMISUB
(SFH) Inc., 382 S.W.3d 300, 307 (Tenn. 2012). The trial court’s grant of the motion to
dismiss is subject to a de novo review with no presumption of correctness because we are
reviewing the trial court’s legal conclusion. Blackburn v. Blackburn, 270 S.W.3d 42, 47
(Tenn. 2008); Union Carbide Corp. v. Huddleston, 854 S.W.2d 87, 91 (Tenn. 1993). Our
Supreme Court has provided as follows regarding healthcare liability actions:

             The proper way for a defendant to challenge a complaint’s
             compliance with Tennessee Code Annotated section 29-26-
             121 and Tennessee Code Annotated section 29-26-122 is to
             file a Tennessee Rule of [Civil] Procedure 12.02 motion to
             dismiss. In the motion, the defendant should state how the
             plaintiff has failed to comply with the statutory requirements
             by referencing specific omissions in the complaint and/or by
             submitting affidavits or other proof. Once the defendant
             makes a properly supported motion under this rule, the
             burden shifts to the plaintiff to show either that it complied
             with the statutes or that it had extraordinary cause for failing
             to do so. Based on the complaint and any other relevant
             evidence submitted by the parties, the trial court must
             determine whether the plaintiff has complied with the
             statutes. If the trial court determines that the plaintiff has not
             complied with the statutes, then the trial court may consider
             whether the plaintiff has demonstrated extraordinary cause for
             its noncompliance.        If the defendant prevails and the
                                             -3-
              complaint is dismissed, the plaintiff is entitled to an appeal as
              of right under Tennessee Rule of Appellate Procedure 3 using
              the standards of review in Tennessee Rule of Appellate
              Procedure 13. If the plaintiff prevails, the defendant may
              pursue an interlocutory appeal under either Tennessee Rule of
              Appellate Procedure 9 or 10 using the same standards.

Myers, 382 S.W.3d at 307.

       “When interpreting a statute, our role is to ascertain and effectuate the legislature’s
intent. Sullivan ex rel. Hightower v. Edwards Oil Co., 141 S.W.3d 544, 547 (Tenn.
2004). We must not broaden or restrict a statute’s intended meaning. Garrison v.
Bickford, 377 S.W.3d 659, 663 (Tenn. 2012) (quoting U.S. Bank, N A. v. Tenn. Farmers
Mut. Ins. Co., 277 S.W.3d 381, 386 (Tenn. 2009)).” Id. In construing legislative
enactments, we presume that every word in a statute has meaning and purpose and should
be given full effect if the obvious intention of the legislature is not violated by so doing.
In re C.K.G., 173 S.W.3d 714, 722 (Tenn. 2005). When a statute is clear, we should
apply the plain meaning without complicating the task. Eastman Chem. Co. v. Johnson,
151 S.W.3d 503, 507 (Tenn. 2004).


                                    IV. DISCUSSION

       The statutory provision at issue in this dispute is Tennessee Code Annotated
section 29-26-121(a)(1-2), which provides,

              (a)(1) Any person, or that person’s authorized agent, asserting
              a potential claim for medical malpractice shall give written
              notice of the potential claim to each health care provider that
              will be a named defendant at least sixty (60) days before the
              filing of a complaint based upon health care liability in any
              court of this state.

              (2) The notice shall include:

              (A) The full name and date of birth of the patient whose
              treatment is at issue;
              (B) The name and address of the claimant authorizing the
              notice and the relationship to the patient, if the notice is not
              sent by the patient;
              (C) The name and address of the attorney sending the notice,
              if applicable;
              (D) A list of the name and address of all providers being sent
                                           -4-
              a notice; and
              (E) A HIPAA compliant medical authorization permitting the
              provider receiving the notice to obtain complete medical
              records from each other provider being sent a notice.

        The specific purpose of subsection (a)(2)(E) is not to provide a defendant with
notice of a potential claim; rather, as the Supreme Court noted in Stevens ex rel. Stevens
v. Hickman Comty Health Care Srvcs., Inc., 418 S.W.3d 547 (Tenn. 2013), the subsection
“serves to equip defendants with the actual means to evaluate the substantive merits of a
plaintiff’s claim by enabling early access to a plaintiff’s medical records.” Id. at 555.
This investigatory tool advances the overall goal of section 29-26-121(a), which is to
allow litigants the ability to engage in pre-suit negotiation and settlement so as to reduce
litigation costs and resolve meritorious claims at the outset. See also Jenkins v. Marvel,
683 F. Supp. 2d 626, 638-39 (E.D. Tenn. 2010); Hinkle v. Kindred Hosp., M2010-02499-
COA-R3CV, 2012 WL 3799215 (Tenn. Ct. App. Aug. 31, 2012). Because subsection
(a)(2)(E) serves an investigatory function, substantial, not strict, compliance is required.
Stevens, 418 S.W.3d at 554. The Stevens Court wrote,

              A plaintiff’s less-than-perfect compliance with Tenn. Code
              Ann. § 29-26-121(a)(2)(E), . . . should not derail a healthcare
              liability claim. Non-substantive errors and omissions will not
              always prejudice defendants by preventing them from
              obtaining a plaintiff’s relevant medical records. Thus, we
              hold that a plaintiff must substantially comply, rather than
              strictly comply, with the requirements of Tenn. Code Ann. §
              29-26-121(a)(2)(E).

Stevens, 418 S.W.3d at 555. However, “[b]ecause HIPAA itself prohibits medical
providers from using or disclosing a plaintiff’s medical records without a fully compliant
authorization form, it is a threshold requirement of the statute that the plaintiff’s medical
authorization must be sufficient to enable defendants to obtain and review a plaintiff’s
relevant medical records.” Id. (citing 45 C.F.R. § 164.508(a)(1)).

        In this case, the notice packet POA sent to Brightstar and Home Helpers included
a cover letter directed to each provider. The letter identified the full name and date of
birth of the patient whose treatment is at issue, the name and address of the claimant
authorizing the notice and the source of the claimant’s authority, and the name and
address of the attorney sending the notice. The letter stated: “A list of the name and
address of all providers being sent this notice is attached to this notice” and that “A
HIPAA compliant medical authorization permitting you to obtain complete medical
records from each other provider being sent a notice is attached to this notice.” The letter
identified the injuries that were alleged to have occurred under the provider’s care and the
alleged cause of those injuries; it concluded: “We believe this letter complies with the
                                             -5-
letter and spirit of Tennessee Code Annotated §29-26-121. If you believe this notice
(including attachments) is deficient in any way, please let us know and any defect will be
promptly cured.” As identified in the cover letter, a list of the names and addresses of all
providers being sent the notice was attached to the cover letter. Further, multiple
authorizations for each healthcare provider identified on the list were attached. Each
authorization was identical except that the designation of the healthcare provider
authorized to disclose the medical records identified is separately designated on each
authorization.

       There is no dispute that POA provided Defendants with notice more than 60 days
before filing the complaint. The problem is that POA left blank lines on the authorization
form as to who was authorized to receive the patient’s records from the medical providers
and others receiving notice. The one element missing from the face of POA’s release
was “the name or other specific identification of the person(s), or class of persons, to
whom the covered entity may make the requested use or disclosure.” 45 C.F.R. §
164.508(c)(1)(iii). The question raised by POA is whether the “medical authorization
permitting the provider receiving the notice to obtain complete medical records from each
other provider being sent a notice” must be construed as a separate document in isolation
from the remainder of the pre-suit notice packet provided or whether the materials in the
pre-suit notice packet may be construed as one document.

        While not requiring a specific form, the Tennessee Supreme Court has held that a
medical authorization should contain the six elements of information set forth in 45
C.F.R. § 164.508(c)(1)(i)-(vi) in order for it to be “HIPAA-compliant.” The six elements
set forth in in 45 C.F.R. § 164.508(c)(1)(i)-(vi) are:

              (i)     A description of the information to be used or
              disclosed that identifies the information in a specific and
              meaningful fashion.
              (ii)    The name or other specific identification of the
              person(s), or class of persons, authorized to make the
              requested use or disclosure.
              (iii) The name or other specific identification of the
              person(s), or class of persons, to whom the covered entity
              may make the requested use or disclosure.
              (iv) A description of each purpose of the requested use or
              disclosure....
              (v)     An expiration date or an expiration event that relates to
              the individual or the purpose of the use or disclosure....
              (vi) Signature of the individual and date.                 If the
              authorization is signed by a personal representative of the
              individual, a description of such representative’s authority to
              act for the individual must also be provided.
                                            -6-
45 C.F.R. § 164.508(c)(1) (emphasis added). 45 C.F.R. § 164.508(b)(1) provides that a
valid medical authorization must meet the requirements of § 164.508(c)(1) and (c)(2).
Section 164.508(b)(2) states that an authorization is defective and invalid if it is
incomplete because of a failure to comply with any of the requirements of paragraph (c)
of § 164.508. The comments to the HIPAA regulations state that “[p]ursuant to §
164.508(b)(1), an authorization is not valid under the Rule unless it contains all of the
required core elements and notification statements.”        Standards for Privacy of
Individually Identifiable Health Information, 67 Fed. Reg. 53182, 53220-21 (Aug. 14,
2002). “HIPAA deems authorizations defective if not filled out completely.” Smith v.
Wellmont Health Sys., No. E2017-00850-COA-R9-CV, 2018 WL 3343591, at *4 (Tenn.
Ct. App. July 9, 2018).

       Defendants contend that POA provided them with a HIPAA-deficient medical
authorization in that it precluded them from being able to obtain Patient’s medical
records from the other healthcare providers who were sent notice (element (iii)).
Additionally, they assert that the deficient authorization precluded them from using
records in their own offices. Defendants argue that because POA’s authorization failed to
identify the person or class of persons authorized to receive records, a “core element” of
HIPAA compliance, see 45 C.F.R. § 164.508(c)(1), POA failed to comply with the
required statute.

        POA contends that the notice packet sent to each of Defendants contains all of the
information required by Tennessee Code Annotated section 29-26-121(a)(2). According
to POA, while it is not apparent from the face of any single authorization form viewed in
isolation that Defendants are the intended recipients of the records, the same notice that
was sent to Home Keepers and Brightstar identifies each of the other medical providers
as the intended recipients of the medical records. The information not identified on the
authorization form is contained within the notice provided and is available to both
Defendants and the contemplated disclosing healthcare provider. POA asserts that the
medical authorization does not stand alone but, as evidenced by the terms of the cover
letter, was attached to the letter as part of one packet. POA stresses that the cover letter
makes clear that the letter and the “attached” authorization and provider list are to be
construed together for compliance with Tennessee Code Annotated section 29-26-121.
POA contends that, when read in combination, the cover letter and provided authorization
were sufficient for Defendants to obtain records.

       According to POA, Defendants were not prejudiced because there was no proof in
the record of any failed attempt to gain the records of Patient. She asserts that the record
contains no evidence that Defendants tried to use the authorization she provided, either
alone or as part of the notice packet, nor did they present evidence that either of them
were denied the records that they sought. She contends that there is no reason to believe
that the disclosing health care provider would have rejected Defendants’ records request
                                            -7-
under those circumstances. POA asserts that the trial court’s ruling runs counter to the
policy of deciding cases on their merits and the Tennessee Supreme Court’s statement in
Stevens that a plaintiff’s less than perfect medical authorization should not derail the
merits of the plaintiff’s suit in the pre-suit process.

       POA further notes that the website of the Department of Health and Human
Services contains a “frequently asked questions” section regarding HIPAA, which
includes the following question and answer:

              Can an authorization be used together with other written
              instructions from the intended recipient of the information?

              Answer:

              A transmittal or cover letter can be used to narrow or provide
              specifics about a request for protected health information as
              described in an Authorization, but it cannot expand the scope
              of the Authorization. For example, if an individual has
              authorized the disclosure of “all medical records” to an
              insurance company, the insurance company could by cover
              letter narrow the request to the medical records for the last 12
              months. The cover letter could also specify a particular
              employee or address for the “class of persons” designated in
              the Authorization to receive the information. By contrast, an
              insurance company could not by cover letter extend the
              expiration date of an Authorization, or expand the scope of
              information set forth in the Authorization.

              Created 9/24/03

www.hhs.qov/hipaa/for-professionals/faq/authorizations/479.html (last visited May 10,
2019). According to POA, the response, which references a “transmittal or cover letter”
as capable of “provid[ing] specifics” is consistent with Tennessee law that “all writings
that are a part of the same transaction are to be construed together.” See McCall v.
Towne Square, Inc., 503 S.W.2d 180, 183 (Tenn. 1973). Construing the recipient-
specific notice packet as a whole, POA argues that Defendants were each provided with
all of the information required by the statute.

       In order to substantially comply with the statute at issue, a plaintiff must provide a
defendant with a HIPAA-compliant medical authorization form that is sufficient to allow
the defendant to obtain the plaintiff’s medical records from the other providers being sent
the notice. Wenzler, 2018 WL 6077847 at *5. In this context, substantial compliance
requires “a degree of compliance that provides the defendant with the ability to access
                                            -8-
and use the medical records for the purpose of mounting a defense.” Lawson v. Knoxville
Dermatology Grp., P.C., 544 S.W.3d 704, 711 (Tenn. Ct. App. 2017). “In determining
whether a plaintiff has substantially complied with a statutory requirement, a reviewing
court should consider the extent and significance of the plaintiff’s errors and omissions
and whether the defendant was prejudiced by the plaintiff’s noncompliance.” Stevens,
418 S.W.3d at 556; see also, Jones v. Prof’l Motorcycle Escort Serv., LLC, 193 S.W.3d
564, 572-73 (Tenn. 2006).

       In Martin v. Rolling Hills Hosp., LLC, ___ S.W.3d ___, 2020 WL 2065528,
(Tenn. Apr. 29, 2020), the Tennessee Supreme Court reaffirmed Stevens, holding that
“prejudice is not a separate and independent element” but rather “a consideration relevant
to determining whether a plaintiff has substantially complied. Id. at *7 (citing Stevens,
418 S.W.3d at 556). The Martin Court observed that

             [o]ne means of satisfying this burden [of demonstrating
             noncompliance resulting in prejudice] is by alleging that the
             plaintiff’s section 121(a)(2)(E) medical authorization lacks
             one or more of the six core elements required by federal law
             for HIPAA compliance. Under federal law, a medical
             authorization is not HIPAA compliant if “[t]he authorization
             has not been filled out completely, with respect to” a core
             element. 45 C.F.R. § 164.508(b)(2)(ii). Without a HIPAA
             compliant medical authorization, a defendant would
             ordinarily be deprived of a benefit Section 121 confers, as it
             declares that “[a]ll parties . . . shall be entitled to obtain
             complete copies of the claimant’s medical records from any
             other provider receiving notice.” Tenn. Code Ann. § 29-26-
             121(d)(1). Although defendants must explain how they were
             prejudiced by noncompliance, defendants need not “test”
             incomplete and facially noncompliant medical authorizations.
             As we recognized in Stevens, obtaining medical records with
             a HIPAA noncompliant medical authorization would violate
             federal regulations and could result in the imposition of
             severe penalties. Stevens, 418 S.W.3d at 565 n.6; see also
             Woodruff ex rel. Cockrell v. Walker, 542 S.W.3d 486, 499
             (Tenn. Ct. App. 2017) (“Because the penalties imposed on
             entities that wrongfully disclose or obtain private health
             information in violation of HIPAA are severe, the sufficiency
             of the plaintiffs’ medical authorizations is imperative.”),
             perm. app. denied (Tenn. Oct. 6, 2017); J.A.C. ex rel. Carter
             v. Methodist Healthcare Memphis Hosps., 542 S.W.3d 502,
             514-15 (Tenn. Ct. App. 2016) (stating that a health care
             liability defendant has no duty to assist a plaintiff to achieve
                                          -9-
              compliance with Section 121 or to test the validity of a
              medical authorization that is facially lacking a core element
              required for HIPAA compliance); Dolman v. Donovan, No.
              W2015-00392-COA-R3-CV, 2015 WL 9315565, at *5 (Tenn.
              Ct. App. Dec. 23, 2015) (rejecting the plaintiffs’ argument
              that the medical providers could not have been prejudiced
              because they never attempted to obtain medical records with
              the deficient medical authorization provided), perm. app.
              denied (Tenn. May 6, 2016). As we emphasized in Stevens,
              plaintiffs, not defendants, are “responsible for complying with
              the requirements of [Section 121].” Stevens, 418 S.W.3d at
              559.

Martin, 2020 WL 2065528, at *7.

       In Wenzler, the court was faced with a pre-suit medical authorization that did not
identify any particular person or class of persons to whom the covered providers could
make the use or disclosure. 2018 WL 6077847, at *1. On appeal, we evaluated the
authorization under the substantial compliance framework and concluded that the
“omission was both substantive and significant.” Id. at *6. We found that the
authorization was “defective[,] not valid under HIPAA regulations[, and] did not permit
the defendants to receive [Wenzler’s] medical records.” Id. We specifically ruled that
leaving a medical authorization blank as to who can receive records from a covered entity
renders the authorization ineffective. Id. Such a failure to make the designation requires
dismissal.

       As the trial court in the instant case recognized,

              the Wenzler case is almost directly on point. You can’t
              require the defendant to complete it. You can’t require the
              defendant to prove that they attempted to use it. The failure
              to designate who was authorized to make the request, user
              disclosure, is a core element . . . . And so it’s just really hard
              for me, as a trial court, when I’ve got specific language from
              a court above me . . . that this would be a non-compliant
              authorization, you know . . . .

        In J.A.C., we held that the authorization was invalid because it “did not list the
person or class of persons to whom disclosure of information could be made.” We found
that “[t]he argument that a health care liability defendant should complete or “customize”
a medical authorization that contains blanks has been specifically rejected by [the Court
of Appeals].” 542 S.W.3d at 515. As in this case, the plaintiffs in J.A.C. argued that
their authorizations “were sufficient when considered alongside the pre-suit notice letters
                                            - 10 -
that accompanied the forms.” Id. We dismissed that argument because “[s]everal
Tennessee decisions have rejected the proposition [that] a healthcare liability defendant
has a duty to assist a plaintiff achieve compliance or to test whether an obviously
deficient HIPAA form would allow the release of records.” Id. (citing Stevens, 418
S.W.3d at 559); Dolman v. Donovan, No. W2015-00392-COA-R3-CV, 2015 WL
9315565, at *5 (Tenn. Ct. App. Dec. 23, 2015).

       Similarly, in Lawson v. Knoxville Dermatology Grp, P.C., we affirmed the
dismissal of a healthcare liability claim because the plaintiff’s pre-suit medical
authorizations failed to identify the providers authorized to disclose records—another
“core element” under the federal regulations. 544 S.W.3d 704, 712 (Tenn. Ct. App.
2017); see 45 C.F.R. § 164-508(c)(1)(ii) (“A valid authorization . . . must contain at least
the following elements . . . the name or other specific identification of the person(s) , or
class of persons, authorized to make the requested use or disclosure . . . .”). The Lawson
Court noted that the list of providers attached to the pre-suit notice letter did not
“supplement the HIPAA authorization to satisfy the requirement provided in 45 C.F.R. §
164.508(c)(1)(ii)” because the federal regulations “specifically prohibit[] compound
authorizations.” Id. at 712.

        In the case before us, POA failed to identify on the medical authorization the
identity of the individual authorized to receive Patient’s records. As in Wenzler, we
conclude that this is an essential element. A medical authorization lacking a core element
is not valid. When a pre-suit medical authorization is facially invalid, the recipient is per
se prejudiced and bears no burden to use or correct the form. See, e.g., Buckman v. Mt.
States Health Alliance, 570 S.W.3d 229, 239 (Tenn. Ct. App. 2018) (rejecting plaintiff’s
argument that defendants must have tested the invalid authorization to show prejudice).
The record on appeal supports Defendants’ arguments that POA’s noncompliance
precluded them from obtaining the decedent’s medical records from all other providers
named as defendants. Martin, 2020 WL 2065528, at *8 (citing Parks v. Walker, 585
S.W.3d 895, 900 (Tenn. Ct. App. 2018))3 (holding that a medical authorization lacking
core elements required by federal law for HIPAA compliance was not substantially
compliant with section 121(a)(2)(E)), perm. app. denied (Tenn. Mar. 27, 2019);
Buckman, 570 S.W.3d at 239 (same); J.A.C., 542 S.W.3d at 513 (same). POA therefore
failed to comply with section 29-26-121.


3
 In Parks, we observed that the plaintiff’s response regarding the authorization form was “that
each provider can look at the list of providers and should know that each of them also received
their own authorization form allowing them to release, use, or disclose the material information.
However, this is not what the law requires. In order to be effective, the authorization form must
allow a medical provider to obtain records from the other providers.” Parks, 585 S.W.3d at 899.
As in Parks, POA’s authorization did not allow Defendants to obtain Patient’s records from the
other providers given pre-suit notice.
                                             - 11 -
       Tennessee Code Annotated section 29-26-116 provides that “[t]he statute of
limitations in health care liability actions shall be one (1) year as set forth in § 28-3-104”
and that “in no event shall any such action be brought more than three (3) years after the
date on which the negligent act or omission occurred except where there is fraudulent
concealment on the part of the defendant.” Tenn. Code Ann. § 29-26-116(a)(1), (a)(3).
A plaintiff who complies with the notice provisions of Tennessee Code Annotated § 29-
26-121, however, receives a 120-day extension of the applicable statute of limitations and
statute of repose. Tenn. Code Ann. § 29-26-121(c). As we have determined, POA failed
to substantially comply with the requirement of Tennessee Code Annotated section 29-
26-121(a)(2)(E) to provide a HIPAA-compliant medical authorization with her pre-suit
notice. Therefore, POA’s noncompliance with the pre-suit notice requirements prevents
her from relying on the 120-day extension of the relevant statute of limitations. See
Lawson, 544 S.W.3d at 713 (“We note that inasmuch as the [plaintiffs] failed to comply
with pre-suit notice requirements, they did not obtain the 120-day extension of the statute
of limitations when they filed their complaint.”). This cause must be dismissed with
prejudice.

       Tennessee Code Annotated section 29-26-121(b) provides that the court can, at its
discretion, excuse compliance with subsection (a) “only for extraordinary cause shown.”
Our Supreme Court has explained the meaning of extraordinary cause as follows:

              The statute does not define “extraordinary cause,” and the
              statute’s legislative history does not indicate that the
              legislature intended to assign a meaning to that phrase other
              than its plain and ordinary meaning. “Extraordinary” is
              commonly defined as “going far beyond the ordinary degree,
              measure, limit, etc.’ very unusual; exceptional; remarkable.”
              Webster’s New World Dictionary of the American Language,
              516 (1966) . . . .

Myers, 382 S.W.3d at 310-111. In this case, POA failed to show any extraordinary cause
sufficient to excuse her noncompliance with Tennessee Code Annotated section 29-26-
121(a)(2)(E).


                                    V. CONCLUSION

       The judgment of the trial court is affirmed, and the case is remanded for such
further proceedings as may be necessary. Costs of the appeal are assessed to the
appellant, Alysia Reese McCracken Hancock.


                                                     ___________________________
                                            - 12 -
         JOHN W. MCCLARTY, JUDGE




- 13 -
