After a loved one dies, there are numerous situations where families might need copies of the deceased patient’s medical records. For example, records are needed when the family submits a life insurance death claim or if they plan to file any sort of lawsuit related to the patient’s death.
But after a patient dies, HIPAA and state laws can complicate the process of obtaining these records, especially if the patient dies without a will, which is called “intestate.” Given the myriad of state and federal laws related to disclosure of deceased patients’ Protected Health Information (PHI), it is important that healthcare providers and their HIM staff establish a policy for what type of documentation must be provided by a requester in order to disclose their PHI. For example, unless an authorization signed by the deceased patient’s “Personal Representative” is provided, HIPAA prohibits the disclosure of PHI belonging to a deceased patient (decedent).
The person who qualifies as the Personal Representative under HIPAA changes when the patient dies. Durable healthcare powers of attorney, for instance, are revoked upon a patient’s death, meaning that without other documentation, the durable healthcare power of attorney is no longer the decedent’s Personal Representative. Adding to the complexity, while some states have adopted HIPAA’s definition of Personal Representative, many state laws list other people, such as family members, who can be identified as the decedent’s Personal Representative, if there is no will.
Complying with all applicable state and federal laws is certainly essential, but many healthcare providers adopt policies that are even more stringent. While state law may only require a copy of the decedent’s will, healthcare providers in that state may choose to require additional documentation proving executorship, such as Letters Testamentary. In other cases, if a patient died intestate, a hospital may require the person claiming to be the Personal Representative to petition the court to obtain Letters of Administration, a laborious process that can be made even more complicated if the decedent’s spouse, children, or another interested party objects to that appointment.
Rest assured, MRO staff who work at our clients’ facilities are trained on how to disclose deceased patients’ PHI according to the applicable federal and state laws and facility policies to ensure legal compliance.
To learn more about how MRO’s highly trained employees protect their clients through their PHI disclosure expertise and support, check out our clients’ experiences.
This is the second of a five-part blog series discussing different legal issues surrounding Release of Information and PHI disclosure management. This blog post is made available by MRO’s privacy and compliance counsel for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. This blog post does not create an attorney-client relationship between the reader and MRO’s privacy and compliance counsel. This blog post should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.