• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Deceased patients and privacy


I've been told that the HIPAA privacy rule no longer applies after a patient dies. Is this correct?

Q: I've been told that the HIPAA privacy rule no longer applies after a patient dies. Is this correct?

A: No. Under HIPAA, doctors and other covered entities must protect the health information of a deceased patient. But in deciding who may access this medical information or authorize its release, HIPAA defers to individual state law. For instance, if you're in a state that permits an executor, administrator, or other authorized person to act on behalf of the deceased or his estate, you must treat that person as the patient's "personal representative," with all the rights to protected medical information that the patient herself enjoyed before her death.

Although broad, these rights are not unlimited. For example, access to psychotherapy notes (notes maintained by a mental health professional separate from the medical record) may be denied. Doctors may also deny access to the patient's medical record if they or another licensed healthcare professional believe it's reasonably likely that granting such access will endanger someone's life or physical safety. If you do deny access, the patient's personal representative retains the right to appeal the denial to a neutral third party.

Related Videos