Health Information Compliance Alert
Understand HIPAA Protections for Decedents
PDF
Question: As a skilled nursing facility, what are our responsibilities for protecting or distributing private health information, in regard to HIPAA, to a resident’s family when a resident dies? What if family members that our facility doesn’t know request a resident’s information, especially if they claim it’s for their own personal healthcare knowledge? Ohio Subscriber Answer: The HHS Office for Civil Rights (OCR) addresses these questions on its website. As a covered entity (CE), a nursing facility has responsibilities to ensure that a resident’s privacy is protected, even after death. “In some cases, it will be readily apparent to the covered entity that a person is a family member, or was involved in the individual’s care prior to death, because the person would have made themselves known to the covered entity prior to the individual’s death by either visiting with or inquiring about the individual, or the individual would have identified such person as being a family member, or other person involved in his or her care or payment for care, to a member of the covered entity’s workforce,” the OCR says. “In other cases, the covered entity just needs to have reasonable assurance that the person is a family member of the decedent or other person who was involved in the individual’s care or payment for care prior to death. For example, the person may indicate to the covered entity how he or she is related to the decedent or offer sufficient details about the decedent’s circumstances prior to death to indicate involvement in the decedent’s care prior to death. The Privacy Rule does not require formal verification of the identity and authority of the person but rather permits the covered entity to rely on the exercise of professional judgment in making the disclosure,” the OCR says. However, the HIPAA Privacy Rule takes decedents’ rights into account as well. “The Rule provides two ways for a surviving family member to obtain the protected health information of a deceased relative,” the OCR says. Your facility can recommend that the family member’s physician reach out to your facility directly. “Disclosures of protected health information for treatment purposes — even the treatment of another individual — do not require an authorization; thus, a covered entity may disclose a decedent’s protected health information, without authorization, to the health care provider who is treating the surviving relative,” the OCR says.
Health Information Compliance Alert
- HIPAA:
OCR Bolsters Public Safety With Guidance on Extreme Risk Protection Orders
Update offers clarity on PHI disclosures in crisis situations. Since the pandemic began, the feds [...] - Spotlight On Technology:
Harness Augmented Reality to Enhance Patient Care
Tip: AR can be a critical tool in pediatric settings. As technology in healthcare continues [...] - Revenue Booster:
Utilize Internal Audits to Nix 2022 Billing Woes
Tip: Use monthly data reports to nip problems in the bud. With the Omicron variant [...] - Reader Questions:
Consider This Advice Before Giving Free Samples to Patients
Question: Our practice physicians have frequently supplied free samples to our patients. The samples are usually [...] - Reader Questions:
Understand HIPAA Protections for Decedents
Question: As a skilled nursing facility, what are our responsibilities for protecting or distributing private [...] - Reader Questions:
Know the Rules on Sharing Restricted PHI
Question: Does our practice have to honor a patient’s request to limit or restrict disclosures of [...] - Industry Notes:
HHS Boosts HIT With COVID-19-Inspired Program
Since the pandemic began, many systemic healthcare issues have been in the news. Among the [...] - Industry Notes:
OIG Offers Insight Into Telehealth Trends During COVID
Telehealth visits performed during the public health emergency (PHE) continue to be on the HHS [...]