PHI Disclosure Legal Issues, Part 1: Healthcare Power of Attorney

Just before our first wedding anniversary this August, my husband and I agreed to finalize our last wills and testaments, durable healthcare powers of attorney and living wills. A durable healthcare power of attorney is a legal document that allows you to authorize a representative to make your healthcare decisions if you become incapacitated, while a living will provides instructions on whether life-prolonging measures should be taken. It may not sound like the most romantic thing to do—I don’t think that signed legal documents count for the gift of “paper” that is traditionally given on a first anniversary—but it is hard to think of a more meaningful gesture as we begin our second year of marriage.

As MRO’s Privacy and Compliance Counsel, I am frequently reminded of the importance of these documents because the Health Information Management (HIM) departments in our healthcare-provider client organizations often encounter situations where a family member requests a patient’s Protected Health Information (PHI) with a general or durable power of attorney. Unfortunately, unless those documents explicitly grant the authority to make healthcare decisions or to access to the patient’s health information, the requester is not the patient’s personal representative under HIPAA and without other documentation, they may not be able to access the records. If records were released, the provider organization would be disclosing PHI to an unauthorized person, which is considered to be a breach under HIPAA.

It is best practice for HIM staff handling Release of Information to be specially trained on how to review these types of legal documents, because some durable or general powers of attorney do grant the authority to make these specific healthcare decisions, but many do not. Finalizing my durable healthcare power of attorney and living will gives me peace of mind that if the unthinkable were to happen, my husband would have proper guidance to manage my care in accordance with my wishes. That is definitely something worth celebrating.

For more information on ensuring your regulatory compliance and improving the workflow efficiency of your PHI disclosure process, check out MRO’s Vice President of Client Relations and Compliance Don Hardwick’s thoughts in this piece from For the Record.

This is the first of a five-part blog series discussing different legal issues surrounding Release of Information and PHI disclosure management. This blog post is made available by MRO’s privacy and compliance counsel for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. This blog post does not create an attorney-client relationship between the reader and MRO’s privacy and compliance counsel. This blog post should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.