Revenue Cycle Management
COVID-19
Reimbursement
Diabetes Awareness Month
Risk Management
Patient Retention
Staffing
Medical Economics® 100th Anniversary
Coding and documentation
Business of Endocrinology
Telehealth
Physicians Financial News
Cybersecurity
Cardiovascular Clinical Consult
Locum Tenens, brought to you by LocumLife®
Weight Management
Business of Women's Health
Practice Efficiency
Finance and Wealth
EHRs
Remote Patient Monitoring
Sponsored Webinars
Medical Technology
Billing and collections
Acute Pain Management
Exclusive Content
Value-based Care
Business of Pediatrics
Concierge Medicine 2.0 by Castle Connolly Private Health Partners
Practice Growth
Concierge Medicine
Business of Cardiology
Implementing the Topcon Ocular Telehealth Platform
Malpractice
Influenza
Sexual Health
Chronic Conditions
Technology
Legal and Policy
Money
Opinion
Vaccines
Practice Management
Patient Relations
Careers

Deceased patients and privacy

March 4, 2005

Article

I've been told that the HIPAA privacy rule no longer applies after a patient dies. Is this correct?

Q: I've been told that the HIPAA privacy rule no longer applies after a patient dies. Is this correct?

A: No. Under HIPAA, doctors and other covered entities must protect the health information of a deceased patient. But in deciding who may access this medical information or authorize its release, HIPAA defers to individual state law. For instance, if you're in a state that permits an executor, administrator, or other authorized person to act on behalf of the deceased or his estate, you must treat that person as the patient's "personal representative," with all the rights to protected medical information that the patient herself enjoyed before her death.

Although broad, these rights are not unlimited. For example, access to psychotherapy notes (notes maintained by a mental health professional separate from the medical record) may be denied. Doctors may also deny access to the patient's medical record if they or another licensed healthcare professional believe it's reasonably likely that granting such access will endanger someone's life or physical safety. If you do deny access, the patient's personal representative retains the right to appeal the denial to a neutral third party.