For a healthy estate plan, know the HIPAA privacy rules Health issues play an important role in a variety of estate planning situations. Typically, many estate planning documents and document provisions are triggered by a physician’s certification that a person lacks the capacity to make decisions. But this requirement may be at odds with the privacy provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Let’s take a closer look at HIPAA’s requirements and examine ways to address them in your estate plan. HIPAA restrictions One of HIPAA’s key objectives is to protect patients’ rights to confidential medical information, known as protected health information (PHI). HIPAA privacy rules prohibit physicians, hospitals and other health care providers from discussing a patient’s condition or releasing his or her medical records to third parties without the patient’s written consent. The penalties for HIPAA violations are harsh: In addition to civil penalties of up to $25,000 for violations, there are criminal penalties. One might face a $50,000 fine and imprisonment for up to one year, increasing to $100,000 and five years if the violation involves false pretenses. Violators who intend to sell or otherwise use PHI for commercial gain or malicious harm are subject to a $250,000 fine and up to 10 years’ imprisonment. The privacy rules contain several exceptions. For example, a provider can disclose PHI if it’s reasonably necessary for a patient’s treatment, to secure payment for health care services or pursuant to a court order. Also, as discussed below, a provider can disclose PHI to a patient’s personal representative. HIPAA pointers What types of documents do you have that might be affected? A health care power of attorney or advance directive, for one. This document authorizes your personal representative to make medical decisions on your behalf if you’re unable to do so. It’s a good idea to review this document to be sure that HIPAA’s privacy rules won’t interfere with its smooth operation. If health care providers are unable or unwilling to provide the information needed to make a determination regarding your incapacity, critical medical decisions may be delayed while your family or representatives seek a court order. HIPAA permits a personal representative — that is, someone who is authorized under applicable law to make health care decisions on a patient’s behalf — to access PHI. Personal representatives can include: • Parents of minor children, • Legal guardians of mentally incompetent adults, and • Agents named in health care powers of attorney or advance directives. If you’ve already executed a health care power of attorney or advance directive, consider adding HIPAA-specific language. Technically, a properly drafted document should be sufficient to authorize a physician or other provider to disclose PHI to a representative. But, given the severe penalties for violating the privacy rules, many physicians may be reluctant to comply. To avoid this situation, consider updating your power or directive to expressly authorize providers to release PHI to your representative in accordance with HIPAA. HIPAA and trusts If your estate plan includes one or more trusts, they may give a successor trustee the power to remove the current trustee if he or she is no longer competent to serve. In this case, additional documentation may be desirable to anticipate HIPAA obstacles. Suppose, for example, that you establish a trust for the benefit of your children. You appoint your spouse as the initial trustee, but the trust document also provides that a successor trustee can remove the current trustee if two examining physicians certify in writing that he or she is no longer competent to serve. The problem here is that HIPAA restricts the successor trustee’s ability to obtain the medical information needed to evaluate the current trustee’s competence. To avoid this obstacle, consider requiring trustees to sign written authorizations that permit successor trustees to access PHI to the extent necessary to determine their competence. The HIPAA regulations set forth several requirements that must be met for such an authorization to be valid. Among other things, it must describe the health information to be disclosed and the purpose of the disclosure, specify who should make the disclosure and when the authorization will expire, and state that the signer retains the right to revoke the authorization. To discourage trustees from revoking a HIPAA disclosure authorization, consider providing in the trust documents that such a revocation constitutes a resignation as trustee. Give your estate plan a health checkup These are just a few examples of situations in which HIPAA’s privacy rules can delay or obstruct the operation of your estate plan. To avoid these and other headaches, review your estate plan with your attorney for potential PHI issues. He or she can revise your documents as needed to ensure that you or your representatives will have access to critical medical information. • |