Carol A. Peters - Attorney at Law
Call Us For a Consultation 626.793.9383 99 S. Chester Ave., #102, Pasadena, CA 91106
Elderly Couple Holding Hands Pasadena City Hall Huntington Library Pasadena at Night

Elder Law Newsletter

Effect of HIPAA Privacy Rule on Estate Planning Documents

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) became effective on April 14, 2003. HIPAA establishes national standards for the protection of certain health information. The purpose of HIPAA is to ensure that a patient’s confidential health information or “protected health information” (PHI) is protected from unauthorized dissemination. The Privacy Rule applies to any health care provider that transmits or disseminates health information, assessing penalties for failing to comply, and could potentially result in rendering certain estate planning documents ineffective.

Authorized Use and Disclosure of Protected Health Information

The Privacy Rule authorizes dissemination of PHI without an individual’s written authorization in the following instances:

  • To the individual who is the subject of the information
  • To payment, treatment and health care operations
  • For uses and disclosures with an opportunity for the patient to agree or object, such as permission from the patient to release information to friends or relatives
  • For incidental use and disclosure, provided the information disseminated was limited to the “minimum necessary” under the Privacy Rule
  • For public interest and benefit activities, including but not limited to, disclosure to public health authorities for the prevention or control of disease, to law enforcement, or for judicial or administrative proceedings

Any use or disclosure of PHI other than those noted above require the individual’s written authorization, specifically including the following:

  • Describing the information to be disclosed
  • The person(s) disclosing and receiving the information
  • Duration of the validity of the authorization
  • A statement that the individual may revoke the authorization by a subsequent writing

Penalties for Failure to Comply with Privacy Rules

Health care providers face fines of $100 per violation, up to a maximum of $25,000 per year, for multiple violations of the same Privacy Rule requirement. Any person who knowingly obtains and disseminates PHI faces a fine of $50,000 and up to one year in prison. If the PHI was obtained under false pretenses, the penalty increases to a fine of $100,000 and up to five years of imprisonment. If the PHI was procured or disseminated for commercial advantage, personal gain, or with the intent to cause malicious harm, the fine increases to $250,000 and up to ten years of imprisonment.

Effect of Privacy Rule On Estate Planning Documents

Health care providers are understandably concerned about the transmission of PHI and the penalties for violating the Privacy Rule. Many health care providers are reluctant to disseminate PHI without the express written authorization of the patient. This poses a potential problem for individuals who have executed health care powers of attorney or advance health care directives (documents which allow an individual to appoint an agent to make medical decisions on their behalf in the event the individual is incapacitated or otherwise unable to communicate his or her wishes).

A well-prepared health care power or directive should contain a statement authorizing the release of the individual’s medical information to the designated health care agent. The health care provider may, however, be reluctant to release such information without an express statement in the document that PHI may be transmitted under the HIPAA Privacy Rule. Since the need to exercise the authority to make medical decisions under the health care power or directive usually arises during an emergency or medical crisis, it is important that the health care provider accept the authorization provided in the document without question.

Some estate planning practitioners are modifying health care powers of attorney or advance health care directives to expressly state that the health care agent named in the document is authorized to receive PHI in accordance with the HIPAA Privacy Rule. Consult an estate planning attorney regarding whether an existing health care power of attorney or advance health care directive should be modified to comply with the HIPAA Privacy Rule.

  • Driving Regulations for Elders
    It is undeniable that the coordination of many skills is required for safe driving. Many of the physical and mental changes that come with aging diminish such skills. Aging commonly results in one or more of the following... Read more.
  • Elder Abuse Law – An Overview
    In general, the broad term “elder abuse” is used to encompass several forms of misconduct directed toward individuals aged 60 or older. Elder abuse is considered to be a serious problem in the United States by the... Read more.
  • Medicare Reimbursement in Personal Injury Cases
    Medicare, established in 1965, is a federal health care plan for those 65 and older, in addition to certain persons under 65 (e.g., the disabled). In the event a Medicare recipient is injured through the fault of another, he or she may... Read more.
  • Health Care Powers of Attorney and Advance Directives
    A power of attorney is a document that authorizes one or more individuals (collectively referred to as the “agent” or “attorney-in-fact”) to act on behalf of the person executing the document (the... Read more.
Elder Law News Links
Share This Page:
Carol A. Peters, Attorney at Law, is located in Pasadena, CA and serves clients in and around Altadena, Sierra Madre, South Pasadena, Alhambra, La Canada, Eagle Rock, Highland Park, Glendale, Echo Park, Silverlake, Arcadia, Monrovia, Duarte, San Gabriel, Temple City, Whittier, Los Angeles, Huntington Park, Norwalk, Santa Fe Springs, Pico Rivera and Los Angeles County.
Designed and Powered by NextClient

© 2013 - 2021 Carol A. Peters, Attorney at Law. All rights reserved.
Custom WebShop™ law firm website design by NextClient.com.