What is HIPAA

Michael Brennan • November 3, 2017

Answers to Frequently Asked Questions

Most of us believe that our medical and other health information is private and should be protected, and we want to know who has this information. In a world that in continuously becoming more connected, the exchange of such information is simplified, and there was an increasing risk that it could end up in places we may not want. With that in mind, in 1996, Congress passed a set of statutes known as the Health Insurance Portability and Accountability Act of 1996, or in more common lingo, HIPAA.

While most have heard the term HIPAA used in some context before, many still don’t know exactly what it means to them.

Basically, HIPAA contains two major parts that are applicable to each of us as consumers of health insurance and medical services. Those are the Privacy Rule and the Security Rule.

The Privacy Rule gives consumers rights over their health information and sets rules and limits on who can look at and receive that information. For example, medical conditions, history or past treatments are protected information under HIPAA. It applies to any form of medical information- whether written, oral or electronic which a “covered entity” (i.e. health care providers; insurance companies) has on you.

The Security Rule sets standards which must be followed by those entities to ensure that your health information in electronic form remains secure.

Who is subject to HIPAA?

Entities that are subject to HIPAA are known as “covered entities”. They include:

Health Plans: including health insurance companies, health maintenance organizations (HMOs), employer health plans, Medicare and Medicaid.

Most Health Care Providers: including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies and dentists.

Health Care Clearinghouses: including any entities that process health information into some form.

Who is NOT subject to HIPAA?

A number of organizations which possess your individual healthcare information are not bound by the protections of HIPAA, such as: life insurers, employers, worker’s compensation carriers, most schools, a number of state agencies, many law enforcement agencies and municipalities.

What information is protected?

* Information your doctors, nurses, and other health care providers put in your medical record

* Conversations your doctor has about your care or treatment with nurses and others

* Information about you in your health insurer’s computer system

* Billing information about you at your clinic

* Most other health information about you held by those who must follow these laws

How is information protected?

* Covered entities must put in place safeguards to protect your health information.

* Covered entities must reasonably limit uses and disclosures to the minimum necessary to accomplish their intended purpose.

* Covered entities must have contracts in place with their contractors and others ensuring that they use and disclose your health information properly and safeguard it appropriately.

* Covered entities must have procedures in place to limit who can view and access your health information as well as implement training programs for employees about how to protect your health information.

What rights do I have over my protected health information?

You have the right to:

* Ask to see and get a copy of your health records

* Have corrections added to your health information

* Receive a notice that tells you how your health information may be used and shared

* Decide if you want to give your permission before your health information can be used or shared for certain purposes, such as for marketing

* Get a report on when and why your health information was shared for certain purposes

If you believe your rights are being denied or your health information isn’t being protected, you can file a complaint with your provider or health insurer, or even file a complaint with the U.S. Government

Who is permitted to look at and receive my health information?

The Privacy Rule sets rules and limits on who can look at and receive your health information. To make sure that your health information is protected in a way that does not interfere with your health care, your information can be used and shared:

* For your treatment and care coordination

* To pay doctors and hospitals for your health care and to help run their businesses

* With your family, relatives, friends, or others you identify who are involved with your health care or your health care bills, unless you object

* To make sure doctors give good care and nursing homes are clean and safe

* To protect the public's health, such as by reporting when the flu is in your area

* To make required reports to the police, such as reporting gunshot wounds

Your health information CANNOT be used or shared without your written permission unless this law allows it. For example, without your authorization, your provider generally cannot:

* Give your information to your employer

* Use or share your information for marketing or advertising purposes

* Share private notes about your health care

If I do not object, can my health care provider share or discuss my health information with my family, friends, or others involved in my care or payment for my care?

Yes. As long as you do not object, your health care provider is allowed to share or discuss your health information with your family, friends, or others involved in your care or payment for your care. Your provider may ask your permission, may tell you he or she plans to discuss the information and give you an opportunity to object, or may decide, using his or her professional judgment, that you do not object. In any of these cases, your health care provider may discuss only the information that the person involved needs to know about your care or payment for your care.

Here are some examples:

* An emergency room doctor may discuss your treatment in front of your friend when you ask that your friend come into the treatment room.

* Your hospital may discuss your bill with your daughter who is with you at the hospital and has questions about the charges.

* Your doctor may talk to your sister who is driving you home from the hospital about your keeping your foot raised during the ride home.

* Your doctor may discuss the drugs you need to take with your health aide who has come with you to your appointment.

* Your nurse may tell you that she is going to tell your brother how you are doing, and then she may discuss your health status with your brother if you did not say that she should not.

BUT:

Your nurse may not discuss your condition with your brother if you tell her not to.

If I am unconscious or not around, can my health care provider still share or discuss my health information with my family, friends, or others involved in my care or payment for my care?

Yes. If you are not around or cannot give permission, your health care provider may share or discuss your health information with family, friends, or others involved in your care or payment for your care if he or she believes, in his or her professional judgment, that it is in your best interest. When someone other than a friend or family member is asking about you, your healthcare provider must be reasonably sure that you asked the person to be involved in your care or payment for your care. Your health care provider may share your information face to face, over the phone, or in writing, but may only share the information that the family member, friend, or other person needs to know about your care or payment for your care.

Do I have to give my health care provider written permission to share or discuss my health information with my family members, friends, or others involved in my care or payment for my care?

HIPAA does not require that you give your health care provider written permission. However, your provider may prefer or require that you give written permission. Due to varying policies it is safe to have a HIPAA release and authorization handy to give to any healthcare provider.

If my family or friends call my health care provider to ask about my condition, will they have to give my provider proof of who they are?

HIPAA does not require proof of identity in these cases. However, your health care provider may have his or her own rules for verifying who is on the phone.

How can I help make sure my health care providers share my health information with my family, friends, or others involved in my care or payment for my care when I want them to?

Execute a HIPAA Release and Authorization indicating who may have access to your protected information. Working with an attorney is the best way to ensure that your form is sufficiently detailed and covers all applicable situations. However, there are forms online if you do a little searching.

Where can I find more information on HIPAA or have my specific questions answers?

For additional information, you can check out http://www.hhs.gov/ocr/privacy/ or contact an attorney to discuss any specific issues.

Michael F. Brennan runs a virtual law office helping clients in Illinois, Wisconsin, and Minnesota with estate planning. He can be reached at michael.brennan@mfblegal.com with questions or comments, or check out his website at www.thevirtualattorney.com.

The information contained herein is intended for informational purposes only and is not legal advice, nor is it intended to create an attorney-client relationship. For specific legal advice regarding a specific legal issue please contact me or another attorney for assistance.

Admitting a New Member to an LLC - Everything You Need To Know

By Michael Brennan September 21, 2022
It’s a fairly common situation to find yourself in as a small business owner—for one of a wide range of reasons you’ve decided it’s time to being a new partner into your business in some capacity.

Beneficiaries under an Estate Plan: A Few Things to Consider

By Michael Brennan August 23, 2022
Have you thought about your beneficiaries under your estate plan? There may be more to it than meets the eye.

[WATCH] Illinois Just Made it Easier Than Ever to Make a Power of Attorney

By Michael Brennan September 9, 2021

Illinois Just Made It Easier Than Ever to Make a Power of Attorney

By Michael Brennan September 2, 2021
A power of attorney for health care enables an individual to appoint a trusted agent to make medical decisions on his or her behalf if the individual is unable or unwilling to do so for themselves. For example, if a situation arises where you are in an accident and need emergency medical care, doctors will look to a trusted individual to make decisions on your behalf. Typically, this is family members, and technically, most state laws set an order of precedence on who doctors should turn to in the absence of any specific (and legally binding) instructions from the patient. However, the most ideal situation is one in which doctors rely on the instructions the patient has detailed in a valid power of attorney. Powers of attorney for health care do not have many specific requirements for validity. But, they do need to be signed by the patient and at least one witness (this varies by state). Often, someone may decide that they need a health care power of attorney in a pinch. For example, an older parent may be going in for surgery and want to cover their bases if something goes wrong. They may decide the day of the surgery that they would like to name an adult child as their health care decision-maker if something happens, so that child cannot serve as the witness. Typically, an estate planning attorney could witness the document, but that may mean scrambling at the last minute for an appointment or coordinating a meeting quickly on the way to the hospital. Not ideal. Now, however, Illinois has amended the Illinois Power of Attorney Act to permit electronic signatures. The Act states that: “The signature and execution requirements set forth in this Article are satisfied by: (i) written signatures or initials; or (ii) electronic signatures or computer-generated signature codes .” The Illinois Electronic Wills and Remote Witnesses Act permits those witnesses not only to sign electronically, but also to sign remotely. So, instead of a mad last-minute scramble to sign and witness an 11th hour power of attorney, one can be e-signed online through video conferencing with the principal and estate planning attorney quickly linking up on zoom from the comfort of their home, office, or even the hospital bed, with much more simplicity and convenience. The Power of Attorney Act was further amended to permit powers of attorney for health care to be in electronic format. So, it is no longer a requirement to dig the paper hard copy out of the basement filing cabinet and remember to bring it to the hospital. Instead, an electronic copy can simply be sent to the hospital through its patient portal, once that functionality is set up by the health care provider at least. The power of attorney can now easily form a seamless part of a health care record, neatly kept in an electronic medical file. The pandemic of 2020-2021 forced institutions to make things more efficient and reflective of the technologically-centric world we now live in. That is not more evident in many places as it is the area of law. And, few practicing attorneys would tell you that’s a bad thing.

Illinois Electronic Wills and Remote Witnesses Act Enacted

By Michael Brennan August 5, 2021
On June 26, 2021, Illinois adopted the Electronic Wills and Remote Witnesses Act. Plainly, the Act is a generational game changer for estate planning. Gone are the days of scheduling a formal office appointment with your attorney to sign estate planning documents as the law office staff witnesses and notarizes those documents on the spot.

Illinois' Electronic Wills and Remote Witnesses Act is a Game Changer

By Michael Brennan July 30, 2021
Preparing a last will and testament has always required the inclusion of original signatures of both the person making the will and witnesses. Understandably, coordinating the signing of the will could pose some administrative challenges, especially for small law firms and solo practitioners—not to mention the many people who elect to draft a will without an attorney’s help—who may not have a crowded office full of willing witnesses. Along with wills, estate plans typically include powers of attorney for finances and health care decision making as well. Those documents also require original signatures from their creators, witnesses, and notaries. Predictably, COVID-19 and the resulting government shutdowns of businesses and encouragement of social distancing and remote work complicated the task of signing and witnessing these important estate documents (Notaries are also now permitted to act remotely under a separate but related piece of legislation). Luckily, in many states, temporary orders permitted the remote execution of many documents, and a framework for conducting remote document signings began to take form. On June 26, 2021, Illinois adopted the Electronic Wills and Remote Witnesses Act. Plainly, the Act is a generational game changer for estate planning. Gone are the days of scheduling a formal office appointment with your attorney to sign estate planning documents as the law office staff witnesses and notarizes those documents on the spot. Now, under the EWRWA, the need for the conference table signing is gone. Wills, powers or attorney, and other important estate documents can be validly signed and witnessed remotely through audio-video communications. More so, “electronic wills”—those not physically printed on paper—are now an acceptable form of will in Illinois that can be probated just as paper wills have for decades. Some of the highlights of the new law are below. Electronic Copies of wills are now valid. Electronic Wills are now an option. The new law defines an electronic will as simply “a will that is created and maintained as a tamper-evident electronic record.” What is “tamper-evident” exactly? Well, the statute defines it as a “feature of an electronic record by which any change to the electronic record is displayed.” So, popular document signature software like Docusign and Hellosign would do the trick. Individuals and Witnesses can now sign on multiple signature pages with one master document being compiled later on. If a platform like Docusign is not used to create and sign an electronic will, there is now an option to use multiple signature pages for the testator and witnesses. In practice, this enables a testator to sign a will while the witnesses watch over audio-video means, like Zoom. They can then each sign the signature page sitting with them at their physical location. The testator and witnesses can then send the originals to a central location (likely the estate planning attorney) to be compiled into one master document. Previously, this was impermissible, as the document would have had to have been signed in the conscious presence of each other. The Electronic Wills and Remote Witnesses Act redefines “presence” to expressly include, “being in a different physical location from another person, but able, using audio-video communication, to know the person is signing a document in real time.” Witnesses can witness signings (and sign) remotely through video-conferencing. As mentioned, witnesses to a will previously had to be physically present with the testator. Under the new law, witnesses can now be remote. If an electronic will is prepared for signatures, the witnesses can simply sign the electronic will after watching the testator sign. If a paper copy is being used, then the witnesses can watch the testator sign his or her own paper copy, and then sign a separate signature page in their remote location. For paper copies, the witnesses and testator must physically compile all the signature pages within 10 days. The person appointed by the testator to compile all the signature pages must state that the signature pages were attached within 10 business days of signing and that the pages were attached to the testator’s complete and correct will for the will t be admitted to probate. So, best practice is to attach those statements to the will at the time of its signing or the time at which the master document is compiled. Wills can be signed electronically. Electronic signatures have previously not been permissible forms of signing a will. Now, however, the new Act changes everything. Testators and witnesses alike can not e-sign wills. To do so validly, the will must designate Illinois as the state of its execution, be signed by the testator or by some person at the testator’s direction and in their presence, and be attested to in the presence of the testator by two or more credible witnesses who are located in the United States at the time of execution. The change of the “presence” requirement is revolutionary, as “presence” now includes being in a different physical location from another person, but able to know the person is signing a document in real time using audio-video communication. Additional Documents, like Powers of Attorney can now be signed virtually Wills are not the only estate planning documents that require witness signatures. Powers of attorney and living wills are just as essential to creating a comprehensive estate plan. Illinois’ Electronic Wills and Remote Witnesses Act also authorizes the witnessing of any document other than a will using audio-video communication. The signatures of the principal and witnesses may be on the same or different pages provided the master document is compiled within 10 business days. While COVID-19 forced the legal industry to adjust, it appears that some of those adjustments were just what was needed to bring estate planning into the 21st century.

New Estate Planning Considerations After the SECURE Act

By Michael Brennan June 15, 2020
The Setting Every Community Up for Retirement Enhancement Act of 2019 (the SECURE Act) took effect at the beginning of 2020 and has brought some significant changes to how retirement accounts may need to be planned for.

Assessing Business Risk After COVID-19

By Michael Brennan June 1, 2020
Here are five things that business owners should be doing now to alleviate the effects of COVID-19

Executing Estate Planning Documents During COVID-19

By Michael Brennan April 23, 2020
Executing estate plan documents during the stay-at-home order can be a challenge. But there are still options to get things done now.

Selecting a Guardian For Your Children

By Michael Brennan April 16, 2020
It's something every parent thinks about--who will take care of my kids if I'm gone? It's a huge decision, but it may not be as tough a choice as you think.
More Posts