HIPAA and personal representatives

The industry news is often filled with reports surrounding the topic of patient privacy, generally stemming from a breach of medical records without any form of consent in place. But issues can also arise when patient information is not shared with family and friends, either because medical staff have withheld details, or patients themselves choose to restrict who can access this information.

A recent case illustrates the devastating effects these communication barriers can create for individual’s loved ones. Sean Meyers was admitted to the ER at Inova Fairfax Hospital following a car accident. His parents rushed to the hospital to wait for news on his circumstances to be met with the very bare minimum of information. Sean remained in the hospital for ten days, and still no real communication was established about his condition or care. A week after being discharged, Sean sadly passed away due to a heart problem and blood clots. His parents felt exceptionally betrayed due to a history of blood clots in the family, claiming “it may have saved his life if they’d spoken to us”.

As HIPAA enforcement gets tougher, and penalties increase for improper disclosure of patient information, it seems that hospitals and healthcare providers may actually hesitate to communicate effectively with the family and friends of a patient.

Jane Hyatt Thorpe, Associate Professor at George Washington University’s department of health policy says “For healthcare providers that are uncertain about the information they may or may not share, the easiest and safest route is often to just say no”.

The fact of the matter is that the law can actually be fairly lenient about providers disclosing information to a patient’s family and close friends. Generally, a provider may disclose details of a patient to family and friends, at their own discretion if;

  • They are involved in the individual’s health care or payment of the health care,
  • The individual tells the provider or plan that it can do so,
  • The individual does not object to the sharing of their information, or
  • Using its professional judgment, the provider believes it is in the best interest of the individual.

However,  in recognizing that, there could come a time where an individual becomes legally, or otherwise, incapable of exercising their rights. The HHS suggests an individual designate another person to act on their behalf in regard to their rights; the person acting on an individual’s behalf is referred to as the ‘personal representative’.

Individuals with concerns about PHI disclosure can take steps to choose how their information is shared. Healthcare providers are not required to disclose an individual’s information with their family and friends, unless they have been assigned as a personal representative. Therefore, it may be wise for individuals to carry a signed document that authorizes health care providers to disclose and discuss their information with a personal representative.

It may also be beneficial to store basic health data on a smartphone, such as allergy information, health concerns, and instructions for PHI disclosure according to Joy Pritts, former chief privacy officer in the ONC for Healthcare IT at the federal Department of Health and Human Resources.