HIPAA

Are You HIPAA Compliant?

A husband and wife were involved in a terrible automobile accident. The husband was seriously injured. His wife wanted to make certain that the needed medical attention was given to her husband. The wife could not get any medical information from her doctor. Even though she was the wife, the new HIPAA law and regulations prevents her from receiving medical information without specific written authorization!

What is the HIPAA Law all about?

This legislation applies to virtually every physician, nurse, pharmacist, dentist, and health care provider in the nation. It impacts everyone's access to health care information. The regulations stress that health care providers must limit health information to those who are intended to receive it. This means health care information cannot be released to any unauthorized person. This may mean you may not be able to receive medical records for your spouse or parent.

HIPAA Violation Penalties

The penalties for health care providers are staggering. For each disclosure violation, there is a $100 fine. If the violation is knowing, there are criminal penalties of a $50,000 fine and up to one year in prison. If information is provided or obtained under false pretenses, there is $100,000 fine and up to five years in prison. If the wrongful sale, transfer or use of the information was for commercial advantage, there is a $250,000 fine and up to 10 years in prison.

Health care providers are very concerned that they might transmit Protected Health Information (PHI), knowingly or unknowingly, in violation of HIPAA and incur the severe penalties discussed above. Accordingly, the reaction of health care providers is to be extremely cautious about disseminating PHI. This means that Health Care Powers of Attorney will be carefully scrutinized by health care providers, and health care providers will need assurances that providing PHI to a Health Care Representative will not violate HIPAA.

From a legal perspective, your current Health Care Power of Attorney, if well drafted, should be legally sufficient for the health care provider to transmit your PHI to your Health Care Representative. However, the practical problem is that the health care provider may not know what is and is not legally sufficient. Given the penalties at stake, the health care provider will likely err on the side of caution and not provide any PHI to a Health Care Representative unless the Health Care Power of Attorney specifically states that PHI may be transmitted under the HIPAA privacy rules. Given that the need to use a Health Care Power of Attorney usually arises in a crisis situation, you do not want to put your Health Care Representative in the position of having to argue with medical staff right at the time that he or she needs to be making medical decisions for you.

What can I do so that my Power of Attorney will operate as I intend, even under HIPAA?

We recommend that all Powers of Attorney be updated to specifically empower your Health Care Representative to receive your PHI in accordance with HIPAA. This power should be clearly stated so that any health care provider reviewing the power will feel secure that the transmission of the PHI to the Health Care Representative will not be a violation of the privacy rules of HIPAA.

To read more about HIPAA on the U.S. Department of Health and Human Services Website, click on the links below.

www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf

www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/adminsimpregtext.pdf