Adults should have a HIPAA Authorization.

Many laws and safeguards exist to protect health records.

One of these laws is the Health Information Portability and Accountability Act, otherwise known as HIPAA.

This Act provides directions regarding who has access to health information.

According to a recent HIPAA Journal article titled “What is HIPAA Authorization?,” you can authorize exceptions to the limitations outlined in the Health Information Portability and Accountability Act.

A HIPAA authorization allows for health care personnel to release information to specified individuals.

These exceptions must be outlined in a legal document known as a HIPAA Authorization.

This authorization or release is often included in estate planning.

For example, while we provide HIPAA Authorizations in our Advance Health Care Directive, General Durable Power of Attorney, and Revocable Living Trust documents, we also include a "standalone" HIPAA Authorization that itself authorizes appointed agents, attorneys in fact, and trustees to access health information and providers.

To be legally binding and effective, the authorization must satisfy certain requirements.

What are they?

For starters, it is prudent to have the authorization use clear language and specifically describe the information to be disclosed and the purpose of the disclosure.

You should include the name of the person you are authorizing to release information and the person or institution you are authorizing to receive the information.

Adding a time frame for the released information as well as an expiration date for the HIPAA Authorization is also helpful.

For example, the time frame for our "standalone" HIPAA Authorization is two years postmortem.

In other words, authorization for access to medical information continues for two years after the death of a client (for statute of limitations purposes) in case medical malpractice was involved.

Be sure to sign and date the form.

Any HIPAA Authorization should provide notification to you regarding the right to revoke the authorization in writing and any exceptions to the right to revoke or the extent of the inclusion of the information in the notice of privacy practices for the organization.

The HIPAA Authorization should provide language describing whether the signing or refusal to sign the authorization will impact enrollment, payment, condition treatment, or eligibility for benefits.

In other words, the document will either say the organization may not condition treatment contingent on the signing of the authorization or it may condition treatment contingent on the signing of the authorization.

If you sign a HIPAA Authorization, you should be provided a copy of the signed document for your personal records.

Reference: HIPAA Journal (Oct. 9, 2021) “What is HIPAA Authorization?”