By Kim Boyer
Elder Law News
June 2003
The medical privacy rules enacted as part of the Health Insurance Portability and Accountability Act (HIPAA) became effective on April 14. The rules prohibit doctors and hospitals from disclosing patient information to third parties unless the patient specifically agrees to the disclosure.
What if your loved one ends up in the hospital and is incapacitated? Under HIPAA, patient information can only be disclosed to a person authorized to act on behalf of the individual in making health care related decisions. You are not entitled to health care information unless your loved one signed a HIPAA disclosure naming you as an authorized person or executed a durable power of attorney for health care before he or she became incapacitated. In that case, you may need to be appointed as the guardian of the person of your loved one. You and your loved ones should consider executing a Durable Power of Attorney for Health Care.
For the average health care provider, the new rules require activities, such as:
- Notifying patients about their privacy rights and how their information can be used.
- Adopting and implementing privacy procedures for its practice, hospital, or plan.
- Training employees so that they understand the privacy procedures.
- Designating an individual to be responsible for seeing that the privacy procedures are adopted and followed.
- Securing patient records containing individually identifiable health information so that they are not readily available to those who do not need them.
To find out more about HIPAA’s privacy rules, visit www.hhs.gov/ocr/hipaa.
