Subpoena Meaning: A Physician’s Legal & Ethical Guide to Subpoenas & Medical Records

Doctors in private practice don’t expect to deal with a lot of legal paperwork beyond standard consent forms and HIPAA disclosures, but there’s always the chance you could be served with a subpoena for medical records. If you do get served, it’s important to understand what your obligations are in the context of a legal proceeding, how to respond, and how to avoid HIPAA violations, lawsuits, or disciplinary action if you make a mistake.

Physician-patient privilege is a legal concept that protects the confidentiality of medical records, but it is defined and limited by statute across various jurisdictions. This privilege is particularly relevant when responding to subpoenas, as it dictates the circumstances under which medical records may be disclosed.

Does a subpoena automatically mean you are in trouble? Hardly. A subpoena is a legal order that requires you to produce records, but should not be confused with a summons. Most subpoenas that doctors encounter will be a subpoena duces tecum. That means that you are being asked to provide tangible evidence, rather than give testimony.

This blog will help you understand the legal frameworks and best practices to comply with confidence and protect patient privacy.

For more information, download our full guide to acting as a medical expert witness here!

How to Pronounce Subpoena Duces Tecum

The phrase “subpoena duces tecum” is commonly used in legal and medical contexts. It’s pronounced:

/suh-PEE-nuh DOO-seez TAY-kum/

The literal Latin meaning is “bring with you under penalty.” It sounds intimidating, but in modern legal practice, it’s simply a legal command to produce documents or evidence.

How Do You Define Subpoena Duces Tecum?

A subpoena duces tecum is a type of subpoena that legally compels an individual or organization to produce documents, records, or evidence for a court case or legal proceedings.

Unlike other types of subpoenas (which may compel testimony), a subpoena duces tecum specifically requires the recipient to bring specified items, such as:

  • Business records
  • Emails or communications
  • Medical files
  • Financial documents
  • Contracts or agreements

They can be used in both civil cases and criminal cases. A subpoena duces tecum can be issued by a court, an attorney (in jurisdictions that allow it), or an administrative agency. Noncompliance may result in legal penalties that arise from  being held “in contempt of court.”

Legal & Ethical Foundations

HIPAA & Medical Records

HIPAA (the Health Insurance Portability and Accountability Act) is a set of regulations for privacy protections for disclosing protected health information (PHI), and it sets the baseline for how to respond to a subpoena. It permits disclosure under certain conditions, such as when required by law (including subpoenas), but sets strict limits.

The most important part of HIPAA to adhere to when responding to a subpoena is the “minimum necessary” standard, which requires you to release only the part of the record that is directly relevant to the subpoena. Additionally, you must follow HIPAA’s rules for documentation and safeguards when sharing PHI, including tracking disclosures.

State Privacy Laws & Preemption

Some states have stricter privacy requirements than HIPAA, especially when it comes to mental health, substance use, or HIV/AIDS-related records. In those cases, state law may supersede federal law. This is called preemption, and it means that because the state’s protections are more stringent than HIPAA’s, you must follow the state standard.

Some states that impose more strict requirements are:

Physician-Patient Confidentiality

Physicians are still bound by professional ethical duties, even if doctor-patient privilege isn’t formally recognized in your state. The AMA Code of Medical Ethics mandates doctors protect patient information as a professional responsibility.

Physician-patient privilege is defined and limited by statute across various jurisdictions, and medical records are subject to mandatory reporting and subpoena in cases of suspicious injuries or mental/physical claims. In many cases, those obligations are overridden only by a valid court order or narrowly tailored subpoena, and even then, only the minimum necessary information should be disclosed.

In cases of civil action, physicians may be required to disclose patient information under a valid court order or narrowly tailored subpoena.

Types of Subpoena, Summons vs. Subpoena, Court Order vs. Subpoena

Subpoena Duces Tecum vs. Subpoena

A subpoena duces tecum requires the receiver to produce specific documents or records, often patient files, while a standard subpoena (subpoena ad testificandum) typically compels someone to appear and testify. Understanding which type you've received will help determine if you need to prepare documentation, testimony, or both.

Summons vs. Subpoena

A subpoena requires someone to produce documents, such as medical records, or testify in court. A summons notifies someone that they are being sued or must appear in court to respond to legal action. While both are formal legal notices, a subpoena typically involves producing documentation or offering testimony concerning a third party in a case, whereas a summons initiates a lawsuit against the defendant receiving it.

Subpoena vs. Court Order

A subpoena is typically issued by a court, attorney, or court clerk and requests testimony or documents. A court order, on the other hand, is signed by a judge and carries more legal weight. If you receive a court order, you must comply unless successfully challenged by your attorney.



Administrative Subpoenas

Administrative subpoenas are issued from government agencies like the Department of Justice (DOJ), Centers for Medicare & Medicaid Services (CMS), or your state medical board. These subpoenas often have different rules and may be part of regulatory enforcement or fraud investigations.

Criminal vs. Civil Subpoenas

Criminal matters usually require additional protections for patient records, especially in cases involving substance use, mental health, or HIV status. Responding to a criminal subpoena requires extreme care, and it’s usually best to consult with legal counsel before responding. In a criminal case, additional protections are often required for patient records, especially those involving sensitive information.

Private Party Subpoenas From Attorneys

If you receive a subpoena from an attorney, always confirm that the request is legally valid and relevant. In many cases, you’ll need to verify that:

  • The subpoena is signed by a court officer.
  • The records requested are directly related to the legal matter.
  • Proper patient consent or court authorization is included.

Does A Subpoena Mean You’re In Trouble?

No, a subpoena does not mean you’re in trouble. Unlike a summons, a subpoena is almost always a request for you to provide information about a case that you may be tangentially related to, but are not a litigant or defendant in.

Hypothetically, if someone is suing their employer over a workplace injury, and you are their doctor or once provided medical care to the claimant, you may be subpoenaed to provide medical records or information to try and determine if the injury was indeed caused at the workplace or somewhere else or whether it pre-existed.

What to Do When You Receive a Subpoena

1. Identify the Recipient

Make sure the subpoena is directed at the correct party—whether that’s you personally, your clinic, or your records custodian.

2. Check Its Validity & Scope

Look for details like:

  • Is it signed by a judge or court officer?
  • Does it include a valid case number and deadline?
  • Is it from your state or out-of-state? This might affect how you respond and prepare.

3. Contact Legal Counsel

Do not respond to a subpoena before consulting an attorney. If you have reason to believe it might later involve a claim against you then you may also want to notify your medical malpractice carrier for guidance.

4. Examine Deadlines

Subpoenas will include deadlines for producing records or appearing in court. These deadlines require compliance by a specified date, and failing to meet this deadline can result in serious consequences. If you need more time, your attorney may be able to request an extension.

5. Preserve Relevant Records

Even if you plan to challenge the subpoena, you must preserve any documents that were requested. Avoid deleting, altering, or misfiling any related records.

Subpoena Duces Tecum Template: What to Look For

If you receive a subpoena duces tecum requesting medical records, make sure that it is actually valid and properly served. While formats may vary slightly, a legitimate subpoena duces tecum requesting medical records typically contains:

  • The name of the issuing court and jurisdiction. If in doubt, contact the court to ensure it is valid.
  • The case number and party names involved.
  • A clear description of the documents requested (e.g. patient records, billing information). Review the request with your attorney to ensure that it is not overly broad, and you understand precisely what is being asked.
  • A deadline for response or appearance. If you need more time, you may be able to work with your attorney to negotiate another deadline.
  • The contact information for the party seeking the subpoena, such as an attorney or clerk. If you have any questions about the subpoena or how they want the documents delivered, contact them.
  • Sometimes, an attached HIPAA authorization or instructions for obtaining one. If you have any doubts about HIPAA compliance in the case, consult with your attorney before doing anything.

Verifying & Narrowing the Scope

Relevance & Overbreadth

Work with legal counsel to ensure the subpoena is narrowly tailored to the legal issue at hand. It is crucial to ensure that only relevant documents are requested and produced in response to a subpoena, as this helps in understanding a judgment debtor's financial situation and ensures fair play during legal processes. If the subpoena is too broad, vague, or irrelevant, your lawyer may be able to file a motion to limit it.

Protective Orders

You may need to file a motion for a protective order if the subpoena compromises patient privacy or seeks more than what is legally justified. In some cases, sensitive details can be redacted or limited to an in-camera review by a judge.

Patient Notification & Consent

Depending on your state, you may be required to notify the patient before releasing their records. In some cases, a signed HIPAA authorization is necessary. In others, a valid subpoena may be enough.

Compliance Procedures

Once you’ve confirmed that the subpoena is valid, follow these compliance steps to ensure records are gathered, maintained, and transmitted legally and securely. Witnesses are obligated to produce evidence under subpoenas, and failing to do so can result in contempt of court and other legal consequences.

Production of Documents

Pull the complete records from your EHR system or paper files. Verify that what you’re producing matches what the subpoena asks for. Ensure that the patient name and information match the subpoena, and that you are disclosing only the narrowest interpretation of what the subpoena is asking for. Witnesses are obligated to provide documents under subpoenas, and failing to do so can result in contempt of court and other legal consequences. If in doubt, consult with an attorney. Ensure that staff know who may produce records for a subpoena and what the process is.

Maintain Record Integrity

It’s important to maintain a documented chain of custody to show that the records haven’t been altered or mishandled, especially in criminal cases. Having a clear process is essential, and ensuring it is closely followed and each step documented will provide you and your office cover if an audit log is requested.

Produce the Records

Deliver the records securely, either by certified mail, secure courier, or encrypted transfer. The subpoena may specify how the records are to be delivered. Personal delivery is one of several methods through which a subpoena can be served to an individual. To ensure compliance, follow directions explicitly. Keep proof of delivery, and retain a complete copy for your own records.

Metadata & Electronic Records

Subpoenas may request metadata from electronic health records, including audit trails or access logs, as well as electronic records. To ensure that you’re able to comply, train someone on your staff on how to access EMR meta data, and ensure that all electronic records are up to date, accessible, and correct.

Documentation of Disclosure

HIPAA requires that you log any disclosures of patient information made in response to legal requests. Document the date, recipient, and what was shared. Any additional records, such as certified mail receipts, confirmation of receipt of electronic records, or other records that relate to the handling and delivery of materials should be retained as well.

How can you get out of a subpoena?

Yes, in some circumstances it may be possible to get out of a subpoena. Since it is a legal document, you can’t just ignore it, but there are a few legal options available if you have objections to the subpoena.

  1. File a motion to quash. You can work with an attorney to ask a judge to cancel or limit the scope of a subpoena. This is a valid route to go if you feel the request is overly broad, requests confidential information without proper authorization, or the subpoena has been improperly served.
  2. File a protective order. You can have your attorney file a protective order to protect sensitive or irrelevant information. This may be especially applicable for mental health, substance abuse, or genetic data records.
  3. Negotiate the scope. An attorney may be able to negotiate with the requestor to narrow the scope, exclude certain records, or provide redacted versions.
  4. HIPAA concerns. Depending on the state, you may be able to legally challenge the subpoena if there is no valid patient authorization.

Special Categories of Records Requiring Extra Caution

Substance Use Disorder Records: 42 CFR Part 2

These records are protected by stricter federal rules. You’ll usually need a specific court order that explicitly authorizes disclosure under 42 CFR Part 2.

Mental Health Records & Psychotherapy Notes

Psychotherapy notes are given special status under HIPAA and often require a court order for release. Be sure you understand the difference between general mental health notes and psychotherapy process notes.

HIV/AIDS-Related Information

Many states have laws requiring patient consent or additional authorization before disclosing HIV-related information.

Genetic Information

The Genetic Information Nondiscrimination Act (GINA) limits how genetic data can be used or shared.

Sample for How to Subpoena Medical Records From Veterans Administration

  1. Submit a Touhy Request
    The VA requires compliance with federal regulations that protect veteran’s privacy. A formal Touhy request must be submitted to the VA’s Office of General Counsel.
  2. Include Required Documentation
    Your request should include:
    • A copy of the subpoena or court order. This must be obtained from a court clerk, magistrate, or judge.
    • A written statement explaining the relevance of the records. An attorney can help you craft this statement.
    • A HIPAA authorization signed by the patient (or proof that the patient is deceased or legally incompetent)
    • Contact information and deadline details. Include all information, including email, phone, and mailing address. Federal documentation can be time consuming to obtain, so plan your deadline accordingly.
  3. Send to the Correct Regional Office
    Mail or deliver your request to the appropriate VA regional office or medical center’s Office of General Counsel. Each VA facility has its own legal team—check the VA Touhy Request Directory for the correct location.
  4. Wait for Approval
    The VA must approve the release. Even with a subpoena, VA employees and records are protected by federal law and cannot be disclosed without General Counsel’s permission.

Do You Get Paid For Being Subpoenaed As A Witness?

Being subpoenaed doesn’t always come with compensation, but it might. If you’re providing testimony as a treating physician, you may receive a small witness fee. If you’re testifying as an expert, your time is more valuable and you’re generally entitled to charge for it.

  • Fact witnesses may receive a small witness fee and travel reimbursement
  • Expert witnesses can typically charge for their time at market rates

What Happens If Someone Fails to Obey A Subpoena or Properly Respond?

Legal Risks of Non-Compliance

Failing to obey subpoena can result in contempt of court charges, financial penalties, and disciplinary actions from your licensing board. In practice, you could face censure, fines, and risks to your medical license if you fail to comply. Additionally, failure to comply with subpoenas can lead to severe penalties, including contempt of court and other legal repercussions.

Risks of Over-Disclosure

If you share too much, or the wrong information, you may face HIPAA violations and penalties from the Office for Civil Rights (OCR). Remember that almost everything that happens in a court of law becomes public record, so it is always best to err on the side of caution when divulging patient information.

Professional Reputation

Improper handling of subpoenas can damage your reputation. Patients need to know that they can rely on a doctor’s medical discretion.If medical information is mistakenly released into public record via court of law, it may substantially impact your ability to retain and attract new patients, as well as your ability to seek employment.

Malpractice & Liability Exposure

If a privacy breach harms a patient, whether intentional or not, you could face malpractice claims or professional liability. Malpractice insurance may cover legal fees, but only if you followed correct protocols. Check with your insurance provider to understand the specifics of your policy, and help guide your response to a subpoena.

Best Practices & Preventative Measures

Being proactive can reduce the stress and risk of dealing with subpoenas when they arise. Here are best practices to put in place before a subpoena ever arrives. Many jurisdictions have specific requirements for reporting certain injuries or cases that may suggest criminal activity.

Staff Training & Policies

Create written protocols for how to receive, triage, and respond to subpoenas. Train your front desk, medical records team, and clinicians so they understand how to receive a subpoena, who to notify, and what procedures to follow to release information. It is important to understand the role of a process server, an authorized individual who delivers legal papers, in serving subpoenas. No action should be taken by your staff until you have had a chance to consult with an attorney, and then only at your sole direction. No records should be released by anyone but you, after review by an attorney.

Record Keeping & Retention

Make sure your patient records are as detailed as possible, that all patient personal information is correct, and the information is easily accessible in a timely manner. Make sure you follow state and federal requirements for how long to keep records. Destroy old records securely, in accordance with professional best practices.

Communication Protocols

Set internal guidelines for who responds to attorney calls, how subpoenas are routed, and how to escalate urgent matters. There should be a clear process for how they are handled, and everyone who may interact with the process, from the front desk to clinicians to legal counsel, should know their role. Ensure that all staff know that only those explicitly designated may respond to attorneys or court officers.

Consult Legal Counsel Early

Establish a relationship with a healthcare attorney and make sure you have a game plan for how to handle receipt and preparation for a subpoena. This should include helping drafting policies, response plans, and providing guidance for each step of the process, including signing off on final release of documents to ensure they reveal only the minimum requested information.

Documentation & Audit Trail

Log every subpoena received. Track how you handled it, when records were sent, and to whom. These documents should be as detailed as possible to document the process followed, the chain of custody for documents, the review processes, and the time and dates. Having a documented process for document handling will be invaluable if an audit trail is requested.

Real World Subpoena Duces Tecum Examples

Example 1: DEA subpoena leads to physician termination

In 2020, Dr. T, an internal medicine physician, received a subpoena from the DEA requesting patient medical records during a federal investigation. Dr. T complied with the subpoena but failed to inform his employer, a large health system. The DEA later contacted the health system directly, resulting in Dr. T's termination for violating his employment contract. He sued for breach of contract and was awarded $2 million in damages.

Example 2: HIPAA violation for misdirected fax

A medical clinic mistakenly faxed a patient’s medical records—including sensitive HIV-related information—to the patient’s workplace instead of the intended healthcare provider. The incident triggered an OCR investigation and resulted in staff retraining and policy updates. This highlights the importance of verifying recipient details before disclosure.

Example 3: Psychotherapy notes in a custody dispute

In a New York custody case, a court was asked to review a parent’s psychotherapy notes. The judge determined that by raising mental fitness as a custody issue, the parent had partially waived confidentiality. The notes were reviewed privately by the judge before determining admissibility.

FAQs

Here are answers to six common questions physicians ask about handling subpoenas.

During depositions, witnesses may be required to answer questions as part of the discovery process in preparation for a trial.

  1. What if the subpoena demands both testimony and records?
    • You may need to appear in person. Ask your attorney whether your attendance is required and what to prepare.
  2. Can I charge a fee for producing records?
    • Yes, but it must comply with HIPAA and state rules. Reasonable copying and administrative fees are generally permitted.
  3. Do I need a court order to release mental health records?
    • Often, yes—especially for psychotherapy notes. A standard subpoena may not be enough.
  4. What if I believe the subpoena is invalid?
    • Consult your attorney immediately. You may be able to file a motion to quash the subpoena.
  5. Should I always notify the patient?
  6. What if I release too much information by mistake?
    • Notify legal counsel and document the breach. You may be required to inform the patient and HHS.

Subpoena Duces Tecum: Key Takeaways

Subpoenas for medical records can be complex, but the most important steps to remember are: verifying the subpoena’s validity, understanding the difference between subpoenas, summons, court orders, and HIPAA authorizations, and knowing when to consult legal counsel. Don’t forget that special caution is required when handing over sensitive records like mental health, substance use, and VA documentation, even if ordered by a subpoena. By following clear procedures, maintaining HIPAA compliance, and having internal protocols in place, you can protect both your practice and your patients.

Read our guide to prepare for giving expert witness testimony.

Image by tupungato from iStock.

Disclaimer: This article is provided for informational purposes only. This article is not intended to provide, and should not be relied on for, legal advice. Consult your legal counsel for advice with respect to any particular legal matter referenced in this article and otherwise.

Further Reading