Disclosures Required by Law
Certain laws compel disclosure: FDA adverse-event reporting, OSHA injury reporting, state injury and disease reporting, and the BSA. HIPAA permits disclosure where it is required by law. Subpoenas under Federal Rule of Civil Procedure 45 compel production, enforced by contempt.
Some U.S. laws require disclosure of personal information. Examples include the FDA requiring health professionals and drug manufacturers to report serious adverse events under the Food, Drug and Cosmetic Act; OSHA requiring reporting of certain workplace injuries and illnesses; and many states requiring reporting of abuse, gunshot wounds, immunization records, or contagious diseases. HIPAA permits PHI disclosure where it is "required by law."
A Subpoena under Federal Rule of Civil Procedure 45 must state the issuing court, the title and civil-action number, command the recipient to attend/testify or produce documents or ESI, and set out the right to challenge or modify. It must be served, and a court may hold a served person in contempt for failing without adequate excuse to obey - contempt can mean fines or imprisonment.
| Tool | Standard |
|---|---|
| Pen register order | Information is relevant to an ongoing investigation |
| 18 U.S.C. 2703(d) order (stored content) | Specific and articulable facts showing reasonable grounds the records are relevant to a criminal investigation |
| Search warrant | Probable cause that a crime has been, is, or will be committed (neutral magistrate) |
| Telephone wiretap | Probable-cause warrant requirements PLUS extra showings, e.g. alternative means have been exhausted |