Disclosures of Private Health Information
Why HIPAA (Health Insurance Portability and Accountability Act) is so important to CPAs and what you need to know about disclosing client medical data today.
March 20, 2008
by Martin Shenkman, PFS/JD
Why is HIPAA (Health Insurance Portability and Accountability Act) so important to CPAs? CPAs deal with a wide range of matters, transactions and documents that can require the disclosure of medical information. These transactions demonstrate the importance to practitioners of being familiar with HIPAA:
Editor Note: Martin Shenkman will be speaking at AICPA's Tax Strategies for the High Income Individual conference in Las Vegas, NV, May 8‑9, 2008.
What Is HIPAA?
HIPAA is short for the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191, 110 Stat. 1936 (1966)). HIPAA protects a patient's rights to confidential medical information, "Protected Health Information" or PHI. A goal of HIPAA is to provide protection for sensitive health information. This has broad implications to a wide range of personal, estate planning and business transactions.
When Can Health Information Be Disclosed?
The key to planning client transactions is to assure that the required health information is accessible by the client's personal representative and can be disclosed when needed. This concept is the focus of most CPAs' involvement with HIPAA. Specifically, when planning documents necessitate the need for disclosure of PHI, you need to assure that someone is authorized to be the personal representative to obtain medical disclosures. For example, a successor trustee may have to be designated the HIPAA representative for a prior trustee in order to obtain the written physician determination that the predecessor trustee is disabled and the baton of control should pass to the successor.
What Information Can Be Disclosed?
Medical providers should only disclose the minimum necessary to achieve the purpose of the requested disclosure. Your client should clearly delineate the specific purpose of the disclosure to protect and limit the scope of what is disclosed, so that this can be determined. For example, while it may be relevant for a co-shareholder to inquire of a client's physician whether he is permanently disabled, detailed information concerning the client's mental health records would be inappropriate.
Can an Agent Under a Power of Attorney Be a Client's HIPAA Representative?
There are circumstances that might warrant having an agent ("personal representative" in HIPAA jargon) act on a client's behalf with regard to HIPAA matters. The agent under a client's financial power of attorney is not always empowered to make health care decisions. Merely paying medical bills may not constitute making health care decisions. PHI requires adequately addressing HIPAA, when triggering a springing power of attorney based on disability requiring medical information. Most commentators have focused their HIPAA attention on the grantor of a power of attorney. But the same issue arises for any agent or trustee, who might become disabled.
A Client's Executor Is Their HIPAA Personal Representative
An executor of an estate has authority to act on behalf of the decedent with respect to PHI. This can be very important for matters, such as when the executor needs medical records to resolve outstanding medical bills. In the event of an IRS challenge of the decedent's competency to have affected estate planning transactions, the executor will have authority to access medical records.
Can a Successor Trustee Be Your Trustee's Personal Representative?
A mechanism could be included in a trust mandating that all trustees grant authorization to release their PHI to successor trustees for the purpose of determining disability. A HIPAA release must acknowledge that the person (trustee) can revoke it. This problem could be addressed by the trust providing that, if the revocation constitutes a termination of the trustee's position as a trustee. The medical disclosures could be limited to the minimum information necessary to making this determination.
Obtaining the Release of Personal Health Information (PHI)
A client's HIPAA representative has the right to authorize the release of PHI if the following requirements are met:
HIPAA affects a broad range of personal, financial and estate transactions with which CPAs are involved. Almost every key estate document and many key business documents need to address HIPAA disclosure issues to assure that various trigger mechanisms (succession of fiduciaries, determinations of disability, etc.) can occur. Because drafting and planning are complex issues, practitioners should guide their clients in these issues before problems arise.
Rate this article 5 (excellent) to 1 (poor).
Send your responses here.
Martin M. Shenkman, CPA, MBA, PFS, JD is an estate planner in Paramus, New Jersey. He is author of 36 books on tax, estate and related planning, the most recent of which, Life Cycle Planning for the CPA Practice, a practical form book for every phase of the solo to small CPA firm published by AICPA and available through CPA2BIZ.