INSURANEWS Logo
Top Stories
Life
Health
Medicare
Property & Casualty
Annuity
Industry

Understanding HIPAA Guidance on Health Information Protection

Share:

The United States Department of Health and Human Services (HHS) provides informal guidance on the Health Insurance Portability and Accountability Act of 1996 (HIPAA) through its online platform. Although this guidance is subject to change and not legally binding, it emphasizes the need for alignment with state-specific regulations. Here, we summarize key points from their Q&A on HIPAA.

HIPAA's Privacy Rule offers protection to the health information of deceased individuals for up to 50 years post-mortem. During this timeframe, identifiable health information is managed similarly to that of living individuals. However, after 50 years, medical records of the deceased are no longer classified as protected health information (PHI) and can be managed without specific Privacy Rule restrictions.

The Privacy Rule also allows covered entities to share PHI about a deceased person with family members or others involved in their healthcare or payment arrangements prior to death. This disclosure is permitted unless it opposes any preferences the deceased communicated to the entity. Such disclosures can include insights into the circumstances of death for family members or billing information necessary for settling the estate.

While the Privacy Rule does not require healthcare providers to document a patient's wish not to share medical details with family, many providers choose to record these preferences in the patient's medical file. Such practices help prevent unintentional disclosure that could violate HIPAA regulations and ensure staff awareness of the patient's preferences.

A personal representative, like an executor or administrator, is recognized under HIPAA to exercise the deceased's rights, including accessing medical records. Entities must treat these individuals as personal representatives concerning PHI relevant to their role. However, the Rule allows sharing PHI with family members or others engaged in the deceased’s care or financial matters, as long as it does not conflict with the patient's known preferences.

Given the variability in HIPAA rules and interpretations, it is recommended for professionals to seek tailored legal advice related to specific circumstances to ensure regulatory compliance. This approach assists in navigating the complexities of HIPAA requirements effectively.