HIPAA PRIVACY RULE
How HIPAA Affects You and Your Family
On the 4th of July Americans celebrated Independence Day and all the liberties we enjoy in the greatest nation in the world. This Special Report will alert you to a serious loss of liberty that many families are facing today from the HIPAA Privacy Rule.
In the name of protecting the privacy of health care information, families and loved ones are being severely restricted by Federal laws from accessing important health information essential for them to care for their loved ones in health-care crises.
Based upon recent experiences with clients and similar reports from my National Academy of Elder Law Attorney colleagues across America, I believe you and your loved ones are likely to encounter serious obstacles to lovingly assisting one another.
When will these obstacles arise? When you least expect them. When you don’t want to deal with them. Right in the middle of a family health-care crisis full of stress. Just when family members need each other the most, these problems may keep your loved ones from helping you or you from helping them.
Unfortunately, if you are facing such a situation, decisions must be made based upon good information. And if that information is not available, it will be hard for good decisions to be made. That is why it is important to plan ahead before the crisis hits so good information can be made available.
As an Elder Law attorney, these are the kind of problems that I help my clients plan for and deal with. By acting before the need arises, you can face these problem with a greater sense of assurance and confidence. You will be better prepared to handle the situation. You will be forewarned about what might happen. You will be equipped with knowledge and tools to protect yourself and your loved ones.
What Is Happening?
To answer this question I’m going to share some examples with you of what people just like you have been facing because of the HIPAA Privacy Rule. They are brief, true-to-life stories of critical health-care and life-changing situations. They clearly show the problems loved ones have had or will have in helping in times of greatest need.
As you read each of the following brief stories, think about how you and your loved ones would react.
An elderly man is admitted to the hospital with pneumonia. His condition is serious and he is not expected to recover to return home to his wife. He signs the forms the nurses give him but forgets to put his wife on the form and just lists his daughter who lives on the East Coast. Because he did not list his wife, the hospital and doctors refuse to give her any information about his condition and only talk to his daughter.
A man takes his wife to the emergency room. At 2 a.m. she is admitted to the hospital. After helping her get situated in her room, he tells her he will go home to shower, shave, eat breakfast and come back soon. Upon returning, he can’t remember the room number. So he asks at the “Information Desk.” They refuse to provide him with any information because of the HIPAA Privacy Rule.
A young lady is stung by bees and suffers a life-threatening allergic reaction. She is rushed to a hospital, treated for a few days and released. She has no family in the immediate vicinity and her mother lives in another state hundreds of miles away. The hospital never contacts her mother claiming that it is not authorized to do so under the new rules.
A teenager needs medical attention for a condition but he does not want his father to know. He tells the physician a lie. He says that his father or mother will beat him if they find out about his condition. The physician does not notify the parents of their son’s condition or treatment. When they become aware of it and seek further information, the physician refuses to disclose any by invoking these privacy rules.
A son tries to help his disabled mother who does not talk well. He calls both insurance companies who refuse to pay his hospitalized father’s bills. They refuse to talk with him or provide any information that might resolve the dispute. They also say they won’t talk to his mother but only to his father. The father can’t talk because he’s heavily medicated. Now what does he do?
An elderly gentleman’s only caregiver is a concerned neighbor because he has no family. Knowing this man needs real help, the neighbor talks to an attorney about getting a guardian appointed to look after this gentleman. But before that can happen, a doctor must file with the Court a statement that goes into the public records about the man’s health, mental condition and incapacity. The attending doctor refuses to write the required statement because of his fears about the HIPAA Privacy rule.
A widow dies unexpectedly in a nursing home where she resides on Medicaid. Her only surviving descendant, a granddaughter, wants to find out what might have caused her death. The nursing home refuses to provide any information. Because her grandmother had no property, there was no estate and so no personal representative. The grieving granddaughter is stymied in attempting to get the information. She is at the mercy of the nursing home that may have been culpable in the death of her grandmother.
Adult Protective Services receives a complaint about elder abuse that must be investigated within 24 hours. They call the hospital and are told the elderly lady has been sent to a rehabilitation facility. They call but are denied any information about her whereabouts.
My clients, and the clients of other Elder Law attorneys across the nation, are reporting similar bad experiences. Many Americans are likely to encounter similar situations in the future. All of these problems arise from the Federal government’s imposition of the HIPAA Privacy Rules that restrict the release of health information by health-care providers.
Why Is This Happening?
The HIPAA Privacy Rule is causing these problems. HIPAA stands for the Health Insurance Portability and Accountability Act. It was pushed by Hillary Clinton for the benefit of the Clintons’ supporters and was signed into law by President Bill Clinton in 1996. HIPAA has some good features like helping workers to keep there insurance when they change jobs.
But tough regulations were issued by the Department of Health and Human Services. These are called collectively the Privacy Rule. They control how all health information is to be maintained and released to assure privacy.
These HIPAA rules dictate how health-care providers, insurance companies and health-care plans, and information clearinghouses store can maintain and send “Protected Health Information.” That is individually identifiable health information used, held or disclosed by a hospital, doctor’s office, nursing home, pharmacy, insurance company, etc. They were supposed to comply with the HIPAA Privacy Rule by April 14, 2003.
You may have already had contact with the HIPAA Privacy Rule and did not know it.
If you have visited a health-care provider recently, the receptionist probably handed you a HIPAA-required Notice of Privacy Practices. Then she made you sign a statement that you received it. By the way, if you got that HIPAA Notice, did you read it? Did you understand it?
The HIPAA Privacy Rule severely limits the disclosure of protected health information (PHI) to anyone other than the individual it relates to.
HIPAA generally restricts disclosure to those persons who have a proper written authorization or consent of the patient or are named as the “Personal Representative.”
Some HIPAA rules allow – but do not require –some information to be disclosed to some people (such as immediate family or close friends) under some circumstances (such as emergencies). Because health information holders don’t have to release the information, they don’t because they would rather be safe than sorry.
Many health-care providers apply stringently, or even misapply, the HIPAA rules.
Why? Because they are concerned about the enforcement, the audits and fines, and even jail sentences, the Federal government can impose for violations. They are also concerned about being sued for improper disclosure. They would rather be safe than sorry.
Who can blame the health-care industry for wanting to protect itself? But at what cost?
HIPAA is proving very costly for all sectors of the health-care industry. Your doctors, pharmacy, hospitals are spending billions of dollars to comply with both the HIPAA Privacy Rule and the other part of HIPAA. So they are facing big costs that will continue
But what is the cost to the patients? What about the concerned family members? They are just trying to help their loved ones? The costs in time and effort expended to try to get information can be high. And the end results are often anger, frustration, and a sense of powerlessness in dealing with the health-care providers.
What Can You Do About It?
Fortunately, there are some things you can do about these serious problems being caused by the HIPAA Privacy Rule and its application. If you can find your way through the maze of rules and regulations and if you plan ahead, you may be able to obtain protected health information of a loved one and be in a position to assist them through their crisis.
We can help you with this. Let’s start with the basics you need to understand.
The best way is to be recognized as a “personal representative” of the patient by the health-care provider, insurance company, or other covered entity.
What is a personal representative? This is the person or persons the patient appoints, hopefully before the need arises. This person is authorized to receive the patient’s protected health information from the health-care entity.
Why is the personal representative so important? The personal representative is treated as if he or she is the patient. So the health-care entity must provide the personal representative with protected health information about the patient.
However, the HIPAA Privacy Rule requires the health-care entity to limit the information to the “minimum necessary” to accomplish an intended purpose. This may be used to limit the information provided to only what is needed to make a decision. It may be used to keep from the personal representative the whole story about the patient’s condition or prognosis.
Also, to be recognized as the personal representative is not necessarily easy. And when in doubt about whether one is a personal representative, health-care providers would rather be safe than sorry.
Who Are Personal Representatives and Who Are Not?
Only one category of persons are automatically recognized as personal representatives under the HIPAA Privacy Rule – parents of minor children.
A parent of a minor child is generally recognized as the child’s “personal representative” under HIPAA. However, the parent may be asked for proof that they really are a parent of the child. Can you imagine the frustration and potential difficulty of having to prove that in a health-care crisis?
One would hope that in situations like this, the health-care provider would use the HIPAA permissive exceptions and disclose the child’s health information to the parent. But they don’t have to. Too often they would rather be safe than sorry.
Also, in some situations, the child patient may prevent the parent from knowing anything about their protected health information. This may be very troubling to the family relationships.
Health-care providers may withhold a minor child’s protected health information from parents in some circumstances. If a provider believes the child may be subject to abuse or neglect by the parent or personal representative, or that doing so would otherwise endanger the child, they can withhold the information. This could lead to some real problems in family communications..
Note: For a child who is no longer a minor, a parent is not a personal representative! A parent of a child over 18 has no right to any protected health information about her child. Only if this young adult properly documents the parent as his/her personal representative will the information be disclosed to the parent as the personal representative of the child. In some situations some information may be disclosed to some people by some providers as they choose. But who wants to take that chance?
All other persons, regardless of their family relationships, must be documented to be a patient’s personal representative in writing.
A spouse is not automatically a personal representative! A spouse must be designated as the personal representative in a proper written document. If the patient does not do so, the spouse will not be treated as a personal representative. So health-care providers would be restricted from disclosing protected health information, except as they are permitted to do so under some exceptions in some circumstances. But they are not required to.
The families of our elderly population are likely to encounter the greatest problems resulting from the HIPAA Privacy Rule.
More often than we would like to think, elderly parents become isolated from their loved ones and caregivers. Their children may live in other states. They may have withdrawn from societal contact. Their health may deteriorate to a level that requires emergency intervention. In such situations, the HIPAA Privacy Rule as applied by health-care providers (who would rather be safe than sorry) will probably reduce the communications. This will make it harder for concerned family members to assist their elderly loved one when they are needed the most.
Even in such difficult situations, remember that children of elderly parents are not personal representatives unless appointed by their parent in a proper document.
Consents and Authorizations
The HIPAA Privacy Rule permits, but does not require, health-care entities to obtain consent from the patient to disclose some protected health information in some situations for some purposes to some people.
But if a patient is unable to give her consent because of her medical condition, this is of no help to the family. Or if the patient does not list her spouse or others, these loved ones will not be given the necessary information to care for her.
Under HIPAA, a patient may give written authorizations for disclosure of their protected health information. HIPAA authorizations are detailed documents giving specific permission to specific providers to disclose specific information to a specific third party for a specific purpose. Such an authorization may not be of much value to family members in a health-care crisis. And, as with a consent, if the patient is not able to sign the document, there is no authorization unless there is a personal representative who can do so.
How Can We Help You?
With all the types of things we’ve touched upon only in minor detail in this report, you may be wondering, “How can I possibly keep this all straight? Who can I turn to for help?”
The answer is that the complexities and the problems that may arise under the HIPAA Privacy Rule can be solved with the advice of an Elder Law attorney who deals with these things. I and my staff help our clients sort through the potential problems we’ve discussed here. We help them to anticipate these problems and plan for them in advance.
Based upon my recent experiences with HIPAA and its effects on my clients, extensive legal research, and communication with numerous Elder Law colleagues about these issues, I have developed some strategies and approaches to the situation, along with appropriate legal documents.
With proper advance planning, these tools will, in my estimation, improve the likelihood of family members being able to care for their loved ones. The results should be better than with existing methods and documents some families may already have. Furthermore, the results will be superior to those resulting from a health-care crisis with no planning in place.
As the old saying goes, “An ounce of prevention is worth a pound of cure.” That is so true in Elder Law and Estate Planning. It holds true for HIPAA planning too.
We sure would prefer to help you by planning ahead for the future. But if you find yourself or your family in the middle of a healthcare crisis, having difficulty dealing with the health-care providers and getting information, we may be able to assist you. Understanding such situations, we would offer you a helping hand with a gentle spirit.
The law is constantly changing, although not always for the better. The HIPAA Privacy Rule is a good example. The attitudes of health-care providers span the spectrum. Some are open, caring and willing to work with families while some are closed, stringent and legalistic in their application of the HIPAA Privacy Rule. For these reasons, I am not able to guarantee the strategies, methods and documents I recommend will always work. And while I am certainly not the only attorney who has developed and offer various solutions for the HIPAA problems, I do believe most attorneys are not prepared to assist in this legal area now.
Perhaps you’re wondering what our services cost. The short answer is… “It depends.”
It depends on the services you need.
You may need as little as a specially designed Medical Power of Attorney and an Advanced Directive to Physicians (Living Will). You may also need a Durable Power of Attorney and a Will. You may also want a Living Trust or even more complex estate planning. And you or your seniors may need special Elder Law assistance in preparing for nursing home residence and qualification for Medicaid assistance.
Not all of our clients need all of these services. So we charge for our services based on what you need. And we usually bill on a flat-fee basis so we can tell you, upfront, what it will cost. We bill that way for most services because our clients tell us they don’t like hourly billing. They tell us they don’t like to have “the meter running”… not knowing exactly how much time was or will be spent and how big their bill will be in the end.
And to make it easier for you to get to know us, we offer an initial consultation at no charge.
If you’d like more information on how we can help you with any of the services described above, please call the Ensign Law Firm, P.C. at 806-373-7705. Ask for me, Mark R. Ensign, and we’ll set a time to get together for a consultation.
Not Certified by Texas State Board of Legal Specialization