Does HIPAA Protect a Patient’s Privacy After Death?
HIPAA protects patient privacy for 50 years after their passing, allowing exceptions for authorized parties like law enforcement, coroners, and involved family members. This video highlights essential postmortem privacy guidelines for healthcare providers.
Link for today’s video:
We received a really interesting question this week from a member regarding how long does HIPAA protect patients’ privacy after they’ve passed away, you might be surprised to learn that it’s actually 50 years. So HIPAA protects the patient’s privacy, or 50 years after they have passed away. So this means if you’ve kept records, you’re gonna keep the records for the allotted period of time, which is 10 years or until the patient reaches the age of 22. But you have to continue to protect their privacy, not maintain the records, you have to continue to protect the patient’s privacy for a period of 50 years.
Now, there are a couple of exceptions. For example, you might think that you could release the records to law enforcement, however you can, but only if it is to alert the law enforcement of the patient’s death, you’re not allowed to release it for any other purpose, they would still have to go through the normal subpoena process in order to give you the authority to be able to release the information subpoena or they could go through another potential avenue.
You can release information to coroners, to medical examiners, and to funeral directors that are specifically allowable under HIPAA after the patient has passed away. You could release it for research purposes, but only if the research is specifically applicable to descendants. In other words, it can’t be a study related to the living, it has to be only those studies that are related to descendants. Now what about if you had and and this is going to be less common, but you could you could release information as it relates to to helping with organ donation and transplantation?
What about family members? Well, family members are interesting. It only applies to family members, provided that the information you’re disclosing is, is specifically related to care that that family member had previously been involved in. So if you have a family member that has helped, maybe an elderly parent, with their care in your practice, and in those cases, and you can release the information specific to what they had been involved in, or if that family member is specifically responsible for payment of that care. This could be spouses, siblings, children, etc. So all of those would apply.
Now, if none of those cases that we just talked about apply, then at that stage, you can get written authorization from the patient’s estate, executor, or administrator. So from the estate executor or the estate administrator, in those cases, they can actually give a HIPAA authorization to allow you to release and again, always the minimal amount of information that’s necessary to fulfill the request and fulfill what’s being looked for. So it’s interesting that 50 years is that timeframe, you have to continue to protect the patient’s privacy. And yes, you do have to continue to protect a patient’s privacy after death. I hope this helps and we’ll catch you next week.