Will HIPAA Sabotage Your Estate Plan?

You may have recently noticed that your doctor, pharmacy and other health care providers now ask you to sign a receipt for their "Notice of Privacy Practices".  The reason for this is a law intended to protect your personal information from identity theft or public disclosure which, unfortunately, also dramatically impairs your estate plan in several unforeseen and unintended ways.

The Health Insurance Portability and Accountability Act ("HIPAA") was passed by Congress to provide a secure way for health information to be passed from one health provider to another, or from health providers to insurance companies and to individuals (including the person whose information is involved).

HIPAA strictly limits the disclosure of your medical information by virtually every physician, dentist, psychiatrist, nurse, other health care provider and pharmacist, and imposes fines of up to $250,000 as well as jail time for up to 10 years, in the event any health information is wrongfully disclosed.

How HIPAA Affects Your Estate

Statistically, there is better than 50% chance you will someday suffer a serious accident or illness and become unable to handle your financial and medical decisions.  In that event, you will need a trusted and responsible person to step into your shoes and make these decisions for you. 

In order to handle these critical matters, the person you designate will need access to your medical information.  Unfortunately, the same HIPAA restrictions that were meant to protect you and your personal information may prohibit your designated person from obtaining the medical information necessary to make important decisions for you.

Is an Authorization to Release Medical Information Sufficient?

Generally NO, by merely signing an "Authorization to Release Medical Information" you are not protecting your estate from the unforeseen and unintended impairments caused by HIPAA.

For example, HIPAA does not provided one standard form and this failure to provide such a document has lead most health care providers to create their own authorization.  As a result, many of these so-called HIPAA authorizations fail to include certain required  disclosures to the signing party and fail to refer to specific terminology of the Act, thereby threatening the validity and acceptance of the authorization by third parties holding your medical information.  Similarly,  many authorizations are overly broad and may give others access to  medical information when it is not yet necessary or appropriate!