The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is vast. When Congress enacted HIPAA on August 21, 1996, however, one of its critical concerns was protecting the privacy of the average American citizen.
The Privacy Rules
Prior to the HIPAA Privacy Rules (which were enacted in their current form on August 14, 2002), there was a confusing mélange of federal and state laws to govern the transmission of, and access to, health information. Under these pre-existing laws, an individual's health information could be shared freely between doctors, hospitals, insurers, and third party payers, without either notice to, or authorization from, the individual. In an attempt to curtail this free disclosure of personal health information, the HIPAA Privacy Rules set federal minimum standards for the disclosure of an individual's private health information. The rules attempt to strike a balance between the necessary disclosures of health care information and the privacy interests of those who seek medical care. Given that the health care marketplace is diverse, the rules are designed to be flexible and comprehensive to cover the variety of uses and and disclosures that need to be addressed.
Powers of Attorney
Historically, health care providers have accepted Powers of Attorney without questioning their validity. In the post-HIPAA world, however, one can expect a higher level of scrutiny. In fact, the HIPAA Privacy Rules can potentially create a conflict with respect to the traditional language of Powers of Attorney. Thus, to be effective, Powers of Attorney should be drafted to comply with the requirements of the Privacy Rules.
The Granting of Authority
Powers of Attorney are designed to allow an individual the ability to grant authority to another in order to allow the Agent to act on behalf of the Principal. Powers of Attorney can be drafted to be effective now (current powers) or effective in the future occurrence of a specific event (springing powers). Pennsylvania law (20 Pa.C.S. § 5602(h) and (i)) allows the Principal under the Power of Attorney to grant the Agent the power to authorize "my admission to a medical, nursing, residential or similar facility and to enter into agreements for my care and the power to authorize medical and surgical procedures." While Powers of Attorney can be drafted to provide for a wide variety of situations, this article is limited to the impact that the Privacy Rules have on General Durable Powers of Attorney that are presently effective.
In order to be effective under HIPAA, the specific authority granted to the Personal Representative (Agent) under the state defined Power of Attorney rules must, therefore, be consistent with the definition of Personal Representative under the federally defined HIPAA Privacy Rules. Under the Privacy Rules, a Power of Attorney that is intended to allow the Personal Representative (Agent) the power to access medical records, to authorize information disclosures, and to Participate in medical decisions on behalf of the Principal, but not drafted to allow the Personal Representative (Agent) the presently effective power to make health care decisions on behalf of the Principal, may be technically deficient, and the Agent may lack the critical necessary powers to act on behalf of the Principal in time of need.
The Effective Clause
To address this issue of presently effective powers, I use the following clause in clients' Durable General Powers of Attorney, as well as in Advance Directives for Health Care: "to have and utilize the presently effective power and authority to act in accordance with and pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), its attendant Privacy Rules, 45 CFR Part 164, and/or other federal and state legislation, by having the presently effective power and authority to make any and all health care decisions on my behalf; to give informed consent for any and all health care decisions on my behalf; to be deemed to be my Personal Representative; to act in any and all matters as my Personal Representative; to obtain any and all of my Protected Health Information; to consent to the disclosure and use of any and all of my Protected Health Information; and to have the presently effective power and authority to effectuate any and all of the above."
Estate planners must stay ahead of the definitions and tenets of the HIPAA Privacy Rules. Knowledge of the precise meanings of Protected Health Information, Personal Representative, and other HIPAA terms, and how they impact our practice are fundamental to our role as counselors. A Power of Attorney is a highly effective document when drafted correctly. Only with the proper wording in light of HIPAA, the Privacy Rules, and the changing practice of today's health care profession, will the Power of Attorney remain the powerful tool it is mean to be.