Hipaa Laws: Who's Watching The Board Of Examiners?

do hipaa laws apply to the board of examiners

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 protects the privacy of an individual's health information. This includes the right to access, amend, and receive an accounting of their health information, as well as the right to restrict its use and disclosure. While HIPAA generally applies to covered entities such as health plans, health care clearinghouses, and health care providers, there are specific circumstances where HIPAA also applies to the Board of Examiners.

HIPAA permits covered entities to disclose protected health information to law enforcement officials, including medical examiners and coroners, under certain conditions. This includes situations where there is a suspicion that the death of an individual resulted from criminal conduct, or where the covered entity believes the protected health information is evidence of a crime that occurred on its premises. In such cases, the Board of Examiners, acting as medical examiners or coroners, would be subject to HIPAA regulations.

Additionally, HIPAA specifically exempts coroners and medical examiners from requiring patient consent for the disclosure of protected health information. This exemption allows covered entities to disclose protected health information to coroners or medical examiners for the purpose of identifying a deceased person, determining the cause of death, or performing other authorized duties.

However, it is important to note that the application of HIPAA to the Board of Examiners may vary depending on state-specific laws and regulations. The interpretation of HIPAA and its applicability to the Board of Examiners can be complex and subject to ongoing debate.

Characteristics Values
Who does HIPAA apply to? Health plans, health care clearinghouses, and any health care provider that transmits health information in electronic form
What information is protected? All "individually identifiable health information"
Who is a "personal representative"? A person with authority to act on behalf of the decedent or the decedent's estate
How long does the HIPAA Privacy Rule protect the health information of a decedent? 50 years from the date of death
Who is exempt from HIPAA? Medical examiners and coroners

lawshun

Medical examiners and coroners are not covered entities under HIPAA

Medical examiners and coroners are not covered by the Health Insurance Portability and Accountability Act (HIPAA) of 1996. This means they are not classed as "covered entities" under the Act.

HIPAA was established to protect the privacy of an individual's health information, giving patients a set of national "health information rights". However, HIPAA specifically allows disclosure of health information to law enforcement, public health, and medical examiners and coroners.

Medical examiners and coroners have broad statutory authority to investigate deaths within their jurisdiction and require medical history as part of their investigations. They may request and obtain electronic health records from hospitals and clinics, and are also exempt from HIPAA when gathering information to determine a cause of death.

Despite this exemption, there are still ethical questions surrounding the extent of HIPAA's authority over the practices of medical examiners and coroners. For example, should the exemption from HIPAA extend to these professionals when they are releasing information to the public?

In some states, autopsy reports are public records, while in others, they are restricted. This means that, in cases where the deceased is a public figure, a public record autopsy report can become a "back door" to revealing restricted information. This has sparked ethical questions about how state-by-state regulations and laws concerning autopsies should be interpreted.

lawshun

HIPAA permits disclosure of PHI to law enforcement officials under certain circumstances

The Health Insurance Portability and Accountability Act (HIPAA) generally prohibits the disclosure of protected health information (PHI) without the patient's authorization. However, there are certain circumstances under which HIPAA permits the disclosure of PHI to law enforcement officials. These exceptions are outlined in the HIPAA Privacy Rule, which establishes national standards for the protection of health information.

  • Compliance with Legal Processes: Covered entities are allowed to disclose PHI to law enforcement officials to comply with a court order, court-ordered warrant, subpoena, grand jury subpoena, or other administrative requests.
  • Identifying or Locating Individuals: PHI can be disclosed to identify or locate a suspect, fugitive, material witness, or missing person. However, the information shared is typically limited to basic identifying details and does not include sensitive information like DNA or dental records.
  • Requests Regarding Victims: Law enforcement officials may request PHI about a victim or suspected victim of a crime. If the victim is unable to provide authorization due to incapacity or an emergency, the covered entity may disclose PHI if certain conditions are met, including the representation that the information will not be used against the victim.
  • Reporting Child Abuse: In cases of suspected child abuse, covered entities can disclose PHI to any law enforcement official authorized to receive such reports without requiring the agreement of the individual.
  • Reporting Adult Abuse: PHI can be disclosed to law enforcement officials regarding adult victims of abuse, neglect, or domestic violence if the individual agrees, if it is required by law, or if it is necessary to prevent serious harm based on professional judgment.
  • Alerting Law Enforcement of a Suspicious Death: Covered entities may disclose PHI to alert law enforcement about a death if there is a suspicion that the death resulted from criminal conduct.
  • Evidence of a Crime: If a covered entity believes that PHI is evidence of a crime that occurred on its premises, it can be disclosed to law enforcement officials.
  • Medical Emergencies Off-Site: In off-site medical emergencies, covered entities can disclose PHI to law enforcement to alert them about the commission and nature of a crime, the location, the identity of the perpetrator, and other relevant details.
  • Preventing or Lessening a Serious Threat: PHI can be disclosed to law enforcement officials who are reasonably able to prevent or lessen a serious and imminent threat to an individual or the public.
  • Escaped Individuals: Information can be shared to identify or apprehend individuals who have escaped from lawful custody.
  • National Security and Protective Services: HIPAA permits disclosures to federal officials conducting intelligence, counter-intelligence, and national security activities. It also covers situations involving protective services for individuals like the President.
  • Correctional Institutions: Covered entities may disclose PHI to correctional institutions or law enforcement officials with lawful custody of an inmate if it is necessary for providing health care, ensuring safety, or maintaining the security and good order of the correctional facility.

It is important to note that, in most cases, covered entities are required to make a "minimum necessary" determination, only sharing the information specifically needed for the law enforcement purpose. Additionally, covered entities should verify the identity and authority of the law enforcement official before disclosing PHI.

lawshun

HIPAA applies to the individually identifiable health information of a decedent for 50 years following their death

The Health Insurance Portability and Accountability Act (HIPAA) of 1996, the Privacy Rule, and the Omnibus Rule protect the privacy rights of decedents for 50 years from the date of death. This means that covered entities, including providers, health plans, and healthcare clearinghouses, must continue to protect the individually identifiable health information of a deceased person for 50 years. This protection balances the privacy interests of surviving relatives and other individuals connected to the decedent, with the need for historians and researchers to access old records.

During this 50-year period, the personal representative of the decedent—an executor, administrator, or other authorised person—can exercise rights under the Privacy Rule, such as authorising certain uses and disclosures of the decedent's health information. If there is no designated representative, state laws will determine a statutory hierarchy.

HIPAA permits covered entities to disclose a decedent's health information without the consent of the personal representative in specific circumstances. These include:

  • Alerting law enforcement about a death suspected to have resulted from criminal conduct.
  • Sharing information with coroners, medical examiners, and funeral directors to identify a deceased person, determine the cause of death, or perform other authorised duties.
  • Disclosing information for research purposes, but only on the protected health information of decedents.
  • Facilitating organ donation and transplantation by sharing information with relevant organisations.

Additionally, covered entities can disclose a decedent's health information to family members or other individuals involved in the decedent's healthcare or payment for care before death. However, this is only permitted if it does not conflict with any prior expressed preference of the deceased.

lawshun

HIPAA does not apply to deceased individuals who have been dead for over 50 years

The HIPAA Privacy Rule protects the individually identifiable health information of a decedent for 50 years following their death. This means that a covered entity, including providers, health plans, and health care clearinghouses, must follow the same steps as they would if the patient were alive, as required by the Privacy Rule.

During this 50-year period, the personal representative of the decedent has the ability to exercise rights under the Privacy Rule, such as authorizing certain uses and disclosures of, and gaining access to, the information. The personal representative is the person with the authority to act on behalf of the decedent or their estate. This could be an executor, administrator, or other person with authority under applicable state or other laws.

After the 50-year period, the information is no longer considered protected health information, and entities may use or disclose the information without regard to the Privacy Rule.

While HIPAA does apply to deceased individuals for 50 years after their death, it is important to note that not all providers are subject to HIPAA regulations for deceased patients. For example, a private nursing home staff disclosing information about a deceased patient would not be considered a HIPAA violation, as they are not required to safeguard the individual's protected health information.

Additionally, under limited circumstances, the HIPAA Privacy Rule allows covered entities to release a deceased patient's protected health information even without authorization. This applies specifically to medical examiners or forensic pathologists tasked with identifying the patient's cause of death, as authorized by law.

In summary, while HIPAA does provide protection for the health information of deceased individuals, this protection only lasts for 50 years following their death, and there are certain exceptions and special disclosure provisions that apply. After this 50-year period, the information is no longer considered protected health information, and entities are free to use or disclose it without restriction.

lawshun

Medical examiners and coroners are subject to state laws regarding the disclosure of autopsy reports

The disclosure of autopsy reports is subject to state laws in the United States. While HIPAA laws do apply to medical examiners and coroners, they are not considered "covered entities" and are subject to specific exemptions.

HIPAA Laws and Autopsy Reports

HIPAA laws allow for the disclosure of protected health information (PHI) to medical examiners and coroners for the purpose of identifying a deceased person, determining the cause of death, or fulfilling other duties as authorized by law. However, medical examiners and coroners are not permitted to further disclose this information to individuals without legal authority, such as personal representatives or family members.

State Laws and Autopsy Reports

The disclosure of autopsy reports varies across different states. Some states, such as Alabama, Arizona, Colorado, Florida, and Georgia, generally consider autopsy reports to be public records subject to disclosure under public records laws or Freedom of Information Acts (FOIA). However, there may be exceptions to this, such as in cases where there is a pending criminal investigation or to protect the privacy of family members.

In other states, such as Arkansas, California, Indiana, and New York, autopsy reports may be exempt from disclosure under specific state laws or considered confidential medical records. The release of autopsy reports in these states may require the authorization of next of kin or be restricted to specific individuals or entities, such as law enforcement or medical personnel.

It is important to note that the laws and regulations regarding the disclosure of autopsy reports can vary from state to state, and there may be additional factors or exceptions to consider in each case.

Frequently asked questions

No, HIPAA laws do not apply to the board of examiners. Medical examiners and coroners are not considered "covered entities" under HIPAA. However, they fall under the HIPAA law enforcement exception, which means that while a decedent's protected health information may be disclosed to them, they may not further disclose this information to any other individual.

A "covered entity" refers to health plans, health care clearinghouses, and health care providers that electronically transmit protected health information in connection with transactions for which the Secretary of Health and Human Services has adopted standards under HIPAA.

The HIPAA Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, including electronic, paper, or oral. This includes demographic data and other common identifiers such as name, address, birth date, and Social Security Number.

Yes, the Privacy Rule permits covered entities to disclose protected health information to law enforcement officials without the individual's written authorization under specific circumstances. This includes situations such as complying with a court order, responding to an administrative request, or reporting suspected criminal conduct.

HIPAA protects an individual's health information for 50 years following their death. During this time, the personal representative of the decedent has the right to authorize certain uses and disclosures of, and gain access to, the individual's health information.

Written by
Reviewed by
Share this post
Print
Did this article help you?

Leave a comment