Written by attorney Matthew Allan Quick


The Health Insurance Portability and Accountability Act of 1996 (referred to as “HIPAA") was enacted as federal law to address two main issues: (1) health care insurance coverage of employees and their families when the employees change or lose their jobs; and (2) the establishment of a national standardized means of transferring health care information. When creating the standards regarding the transfer of health care information, privacy rules evolved concerning the dissemination of certain health information. These privacy rules regulate the use and disclosure of Protected Health Information that is held or transferred by Covered Entities. Protected Health Information is considered any information held by a Covered Entity which concerns health status, any provisions of health care, or payment for health care that can be linked to an individual. Protected Health Information has been interpreted rather broadly and, in practice, includes any part of an individual’s medical record or payment history. Covered Entities include hospitals, health care professionals, mental health care professionals, health care clearinghouses (billing services, health information management services, etc.), health insurance providers, and any other entity that processes or facilitates the processing of Protected Health Information.

Generally speaking, Covered Entities must keep Protected Health Information confidential, with the exception of a few limited circumstances: (1) Covered Entities must disclose Protected Health Information to the individual upon request and when required to do so by law, such as reporting suspected child abuse; (2) Covered Entities may disclose Protected Health Information to facilitate treatment, payment or health care operations regarding the individual; and (3) most relevant to this article, Covered Entities may disclose Protected Health Information to identified agents if authorization is obtained from the individual.

It is important to address the HIPAA privacy rules when planning one’s estate in order to allow health care attorneys-in-fact (agents or patient advocates that make health care decisions for another) to lawfully receive protected health care information so that the attorney-in-fact can make educated and informed health care decisions. The authorization required to allow Covered Entities to disclose Protected Health Information to health care attorneys-in-fact is called a HIPAA Waiver. A HIPAA Waiver (also referred to as an “Authorization for Use and Disclosure of Protected Health Information") waives the privacy rules of HIPAA as to Protected Health Information disclosed to certain, identified individuals (health care attorneys-in-fact).

The people who make health care decisions for us when we are unable need to be given broad access to our medical information to make the most informed decisions possible concerning our health care. For that reason a HIPAA Waiver is required for every estate plan.

Additional resources provided by the author

For more on Powers of Attorney: For more on Living Wills and Medical Orders: For more on Wills: For more on Trusts:

Free Q&A with lawyers in your area

Can’t find what you’re looking for?

Post a free question on our public forum.

Ask a Question

- or -

Search for lawyers by reviews and ratings.

Find a Lawyer