Wash. Rev. Code § 74.09.290

Audits and investigations of providers — Patient records — Penalties

The Secretary or Director of the department of social and health services may audit and investigate individuals and entities that provide medical services under this chapter. The Washington state medical quality assurance commission will advise the Secretary or Director regarding any investigations or audits of physicians.

The Secretary or Director must have access to any records necessary “to show accounts billed and received,” but may not copy or disclose the names of patients contained in these records unless the patient is a public assistance beneficiary or applicant.

The Secretary or Director may access patient records in order to determine whether a provider furnished their billed services. However, the Secretary or Director cannot remove patients’ medical records from providers’ offices or disclose the information for a reason unrelated to the audit or investigation. Failure to comply with this provision is a felony.  Upon completing an investigation or audit, the Secretary or Director must destroy any copies of medical records that remain in their possession.

Providers that release patient information in compliance with an investigation or audit are immune from liability on the basis that they have breached their confidentiality obligations.

Any information obtained from disclosed medical records may not be submitted as evidence against a patient in any proceeding unless the patient waives the applicable privilege.

The Secretary or Director may approve, deny, terminate, and suspend provider eligibility to provide medical services in accordance with this chapter.