HIPAA Privacy Rules Revealed

Just between you and me, what you don’t know could hurt you

Imagine you have a nineteen-year-old daughter away at college about three hundred miles from your home. Her roommate calls to say there’s something terribly wrong. She tells you that your daughter is speaking incoherently and behaving unusually, and you hear it for yourself when your daughter is put on the phone. Knowing that there’s a serious medical problem, you suggest that the roommate call 9-1-1. You’re worried and eager to get to the hospital, but a hurricane has made traveling impossible.

The next day, you and your spouse are finally able to venture out to check on your daughter, but although the weather is more accommodating, hospital policy is not. After introducing yourself to the clerk at the emergency room desk, you’re asked for a Health Care Surrogate form authorizing you to have access to her medical information.

“But we’re her parents,” you reply. “She’s a college student here, and we’re the ones who suggested she be brought to the hospital.”

You’re told there are new regulations and patients’ privacy must be protected. “Without that form, we can’t even verify that she is a patient in this facility,” the clerk says.

Can you imagine what you would do if this happened to you? It’s a parent’s nightmare…but it’s also a real life scenario experienced by the Singer family of Ft. Lauderdale, Florida.

Harlan Singer is a Special Care Planner1 with the Eppy Financial Group, a part of DBS Financial Group, a general agency with the Massachusetts Mutual Life Insurance Company (MassMutual). He helps families with someone who has special needs create life care plans that prevent situations such as this one. He was well aware that the hospital had every right to treat his daughter, who had reached the age of majority, as an adult. He was also familiar with the Health Insurance Portability and Accountability Act (HIPAA), which had been enacted by the U.S. Congress in 1996 to, among other things; protect the medical privacy of individuals. But here he was, unable to be involved in his daughter’s medical care. Perhaps his professional expertise simply didn’t kick in because his family doesn’t have special needs, or because it’s easy for any parent to overlook the legal implications of a child becoming an adult, or because, like so many of us, he just hadn’t yet gotten around to taking the necessary precautions. All of these reasons are perfectly understandable, but regardless, he and his wife faced a tremendously upsetting and apprehensive situation. And they aren’t the only parents in recent years to do so.

Could HIPAA affect you and your family? Yes! Just as with any state or federal law, it most certainly can. You may have already worked with your financial professional, medical care provider, attorney, or even a Special Care Planner to take measures to have the legal right to make medical decisions for a family member with special needs. But do you have other children of adult age? What about your spouse? It’s important to take the same precautions for all family members, but first, let’s examine the law itself.

HIPAA was established to do three major things. First, it regulates group and individual health insurance plans, and it helps protect health insurance coverage for workers and their families, especially those who have preexisting conditions, when there is a job loss or change. Next, it establishes national standards for identifying medical providers, insurers, and employers, and requires that all patient information, including billing and claim information, be maintained electronically. Finally, it sets rules to increase the level of privacy – and security – of individuals’ medical records.

Let’s Talk Privacy
State laws can build upon (but cannot detract from) HIPAA’s benefits, protection, and privacy, further complicating the ability of administrators to thoroughly understand the law. In order to avoid steep penalties for improper practices, which can include fines and imprisonment, many medical providers set strict policies regarding patient privacy, sometimes beyond what the law requires.

The law states that certain information, referred to as Protected Health Information (PHI), must be kept confidential. This PHI includes your name, address, phone numbers, Social Security number and other such identifiable data, plus account numbers, health plan information (including your medical claims history), your medical history (including conversations your health care providers have about your care), and more. You have the right to have a copy of your medical records and request to have corrections made. You also have the right to allow – or not allow – others have access to your PHI. Whenever you receive medical care, you should be given paperwork, known as the Notice of Privacy Practice, describing how your PHI will be shared. It’s important to read it carefully before signing it, so you are fully aware of how your privacy will be maintained. If you have questions, ask before you sign.

But what happens in an emergency situation when you aren’t conscious or coherent enough to make these decisions? In that case, the health professional treating you may, if need be, make the decision for you, especially if notifying someone (a family member or friend, for instance, or the individual who brought you in for treatment) might make a difference in the treatment you receive. This is where interpretation of the law and professional integrity come into play and where many health care providers could be caught in a sticky situation while attempting to look out for the  best interest of the patient. In a litigious society such as ours, some institutions set policies that ensure that while the patient is receiving the best care possible, the institution itself is best protected from patient privacy violations.

You just can’t be sure what situation you might find yourself experiencing. A spokesperson for a large hospital in Massachusetts said, “Patient privacy never trumps patient care,” and its policy may be less strict than the hospital the Singers daughter was brought to. But who knows? Had the Singers arrived shortly after their daughter had been admitted, rather than being delayed by the hurricane, they may have been greeted by a different interpretation of law and hospital policy. Or maybe not. The bottom line is this: Be prepared.

What You Can Start to Do Right Now
“As a father who has been through the experience,” says Singer, “I recommend that all families take precautions to prevent the harrowing ordeal my wife and I experienced.” From a professional perspective, he recommends three documents – a living will (may state your desire whether to be put on artificial life support), a durable power of attorney (gives someone you trust the legal right to make decisions on your behalf, health-related or otherwise), and a health care surrogate declaration (or health care proxy; gives someone you trust the right to make health-related decisions for you). While sample copies are available on the Internet or at office supply stores, Singer recommends you consult with your attorney. Your best protection is to complete these forms for any family member of the age of majority.

Once you’ve completed, signed, and had these documents notarized, the next step is to keep them someplace safe and handy, and that’s not a safe deposit box, a desk drawer, or your lawyer’s office. They’ll be of no use to you in an emergency stashed away like that. Computer technology gives us a few great alternatives!

“Print outs of these notarized documents will be accepted at health care facilities,” Singer attests. “After the incident with my oldest daughter in 2005, we completed these documents, and I emailed them to myself. We were prepared when our other daughter, now 19 herself, had an emergency room visit in November 2006.”

If you have an email account with an Internet Service Provider that allows you to access your mail from a computer other than your own, send a note to yourself with the PDF documents attached. If your child or other family member is hospitalized and you need these documents, all you need to do is access your email, then print the necessary forms or email them to the health professional who requested them. You may want to let other family members know how to access your email account (or have them mail the documents to their own accounts) in case you’re the one hospitalized.

Another option is to create a secure family web site where all the documents are privately posted and easily  accessible by any family member who logs onto the site by password. This solution is more time-consuming and incurs some expense for hosting fees and if you must hire a web designer to create the site. However, it’s a viable alternative if you don’t have remote access to your email.

The simplest solution is to use a USB memory stick (also called a flash drive or thumb drive). This small, inexpensive device, which can be attached to your key chain, is capable of storing everything on your personal computer – programs, passwords, documents, photographs, everything. Of course, there’s no need for all that. Just copy the PDF files and the Adobe® Reader® program onto it, label the stick as “Emergency Medical Information,” and put it on your key chain. When the documents need to be accessed, you just plug the stick into any computer’s USB port. It’s as simple as that.

Want to take your health care precautions a step further? Since the USB stick has such a large capacity, you could also include other medical information such as your health care surrogate’s contact info (name, address, home and cell phone numbers, place of employment and phone number, and any other data that would make locating your surrogate quick and easy), a description of any serious medical conditions, therapy or treatments you may be receiving regularly for an illness such as cancer, any allergies you have, prescriptions you take and the dosages, copies of your medical files, names and contact info of all your doctors, and anything else that can help health professionals give you the best possible care in an emergency situation. Remember to keep the info updated.

For more information about HIPAA, visit www.HIPAA.com (includes access to the actual legislation), www.hhs.gov/ocr/HIPAA (a highly useful feature on this site is “Your Frequently Asked Questions about Privacy” under “Educational Materials”), or type HIPAA into your browser’s search bar to search the Web yourself.

And Now Back to Our Story
Just how was the Singer’s experience described at the top of this article resolved? Fortunately, the Singer’s daughter became aware of her parents presence in the hospital and signed the appropriate forms to share her medical information with them. “It was nerve-racking and time-consuming,” he said. “All we wanted to do was be with our daughter. Lesson learned!” And, by the way, both daughters are fine.

The information provided herein is not written or intended as tax or legal advice and may not be relied on for purposes of avoiding any federal tax penalties. Entities or persons distributing this information are not authorized to give tax or legal advice. Individuals are encouraged to seek specific advice from their personal tax or legal counsel.

1 The Special Care Planner receives advanced training in estate and tax planning, special needs trusts, government programs, and the emotional dynamics of working with people with disabilities and other special needs and their families. The certificate program is offered by The American College in Bryn Mawr, PA, exclusively for MassMutual financial professionals. State insurance departments recognize that the Special Care Planner certificate program provides essential information on the profession of special care by granting continuing education (CE) credits (varies by state).

A Special Care Planner through MassMutual’s SpecialCareSM program can assist parents in drafting Letters of Intent and can help make a difference in the quality of life for an individual with special needs, their caregiver and other family members. Through SpecialCare you will learn valuable financial strategies, identify financial strategy solutions, access vital information, and meet certified specialists who will work with you and your professional advisors – your banker, accountant or financial planner, lawyer, social workers and health care providers – to review your financial picture and offer options to fit the needs of each situation. For more details, visit MassMutual’s website at http://www.MassMutual.com/specialcare, or call 1-(800)-272-2216.

About MassMutual
MassMutual Financial Group is the fleet name for Massachusetts Mutual Life Insurance Company (MassMutual) and its affiliates, with more than $450 billion in assets under management at year-end 2006. Assets under management include assets and certain external investment funds managed by MassMutual’s subsidiaries.

Founded in 1851, MassMutual is a mutually owned financial protection, accumulation and income management company headquartered in Springfield, Mass. MassMutual’s major affiliates include: OppenheimerFunds, Inc.; Babson Capital Management LLC; Baring Asset Management Limited; Cornerstone Real Estate Advisers LLC; MML Investors Services, Inc., MassMutual International LLC and The MassMutual Trust Company, FSB. MassMutual is on the Internet at www.massmutual.com.

Leave a Reply