Many of us have probably heard of HIPAA at one time or another, but we may be otherwise unfamiliar with it, what it does, or why we even need it to begin with. Let’s clear up any potential confusion right now.
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that authorized the creation of national standards to be put in place to protect the privacy of a patient’s health care information. The Privacy Rule—which began on April 14, 2003—controls both the use and disclosure of any “Protected Health Information.” What this refers to, in a broad sense, is simply “individually identifiable health information transmitted or maintained in any form which:
- Is held by a covered entity or its business associate;
- Identifies the individual or offers a reasonable basis for identification;
- Is either created or received by a covered entity or an employer; or
- Relates to a past, present, or future physical or mental condition, provision of health care or payment for health care.
HIPAA limits covered entities from sharing any protected health information. These entities include health care providers that conduct electronic transactions, health care clearinghouses, and health plans. It puts a limit on any health care provider or insurance company that uses computers through their normal course of business.
Those entities that violate the terms of HIPAA can face both civil fines and criminal penalties, along with possible jail time. Civil fines can range from $100 per violation up to an annual maximum of $1.5 million in the case of willful violations. Those entities that knowingly obtain or disclose any identifying information can face some criminal penalties, including fines up to $50,000 and prison time for a one-year period. Those who violate the terms with intent to sell, transfer, or use individually identifiable health information for any kind of commercial advantage, personal gain or malicious harm face fines of $250,000 and jail time of up to 10 years.
A well-made medical power of attorney should be sufficient enough legally to authorize an otherwise reluctant health care provider to share any medical information with the health care agent. If the document doesn’t explicitly authorize the transmission of health information, as required by HIPAA, the doctor may refuse to share any such information with the agent, who may need it in order to make medical decisions for you in your stead. Remember, your health care agent cannot act on your behalf until your doctor determines that you do not have the capacity to make decisions on your own, so you might want someone to be able to get access to your records prior to that time.
For example, you might want your agent to call the doctor’s office for questions regarding bills, or to discuss medical conditions you have with the doctor in case of your hospitalization. Having a HIPAA authorization can allow them to do that for you.
Because of this, a lot of law professionals often recommend their clients fill out and sign a separate document that authorizes disclosure of any protected health information. This authorization also lets you name someone to be able to have access to any of your medical information so that your doctor or insurance company has no qualms about sharing any protected medical information with them.
If you or someone you love needs assistance with Elder Care law issues, call 856-281-3131. Let us help ease your stress and give you a plan.