Nothing personal, but you really do need an authorization. An authorization signed by you, that can be used by your family members, significant others, and close friends in the event that something happens to you and you are either unconscious, or a physician has declared you to be not competent to make decisions about your care, can be a very handy little item to have.
And not just any old authorization, either. You need one that has all the elements required by the HIPAA Privacy Rules.
Just like me, you probably are relatively healthy, maybe a little high cholesterol and a little too much padding, but really, you’re okay. So you’re thinking no, you really don’t need to carry around an authorization. Umm, yes, you do. And here’s why.
What if you get hit by a bus on the way home tonight? Highly unlikely, and certainly we don’t want this to happen, but stay with me on this. You get hit by a bus, you’re taken to the best Emergency Department in the area, and your husband is called. He comes to the ED, and starts to ask questions about you: how are you, can he see you, what is happening or going to happen to you, etc.
Now, let’s say at this hospital the staff have been trained with respect to the HIPAA Privacy Rules. But, they’ve been badly trained. They think that they can’t talk to your husband about you, because that would be “against HIPAA.”
Or, worse, the staff have been well-trained in the HIPAA Privacy Rules but they just don’t feel like dealing with your husband, so they tell him that they can’t talk to him about you, once again because that would be “against HIPAA” and a violation of your privacy.
Think it can’t happen to you? I sincerely hope it doesn’t. But, it’s in your best interest, and that of your family, too, for you and all adult members of your family to have an authorization on hand that can be used in the event that you are unable to make a decision about your healthcare.
The HIPAA Privacy Rules have some very specific requirements regarding what needs to be included in a valid authorization – one that will be honored by that hospital or any of your healthcare providers, insurance companies, etc. Let’s go through them.
Per the HIPAA Privacy Rules (see 45 CFR 164.508[c]-), the authorization must include all of the following items:
1. A description of the information to be used or disclosed that identifies the information in a specific and meaningful fashion: what stuff can your healthcare provider disclose to whoever you’ve named in the authorization?
2. The name or other specific identification of the person(s), or class of persons, authorized to make the requested use or disclosure: that would be you.
3. The name or other specific identification of the person(s), or class of persons, to whom the covered entity may make the requested use or disclosure: that would be your family members, next of kin, significant other(s), close friends, etc. – who can the hospital or healthcare provider disclose your healthcare information to? (Be sure to include your name here. Trust me.)
4. A description of each purpose of the requested use or disclosure: the statement “at my request” is a sufficient description of the purpose when you initiate the authorization and do not, or elect not to, provide an additional statement of the purpose: either state “at my request” (or similar verbiage), or spell out in plain language the reason why you are authorizing healthcare information about you to be disclosed.
5. An expiration date or an expiration event that relates to (you) or the purpose of the use or disclosure: the statement “end of the research study,” “none,” “December 31, 2010” or all similar language is okay.
6. Your signature and the date. (Note: If the authorization is signed by a personal representative of the individual [for example, by a parent or guardian of a minor], include a description of the representative’s authority to act for the individual.)
7. A statement regarding your right to revoke the authorization in writing.
8. The exceptions to the right to revoke and a description of how you may revoke the authorization.
9. A statement that the covered entity (healthcare provider, hospital, etc.) may not condition treatment, payment, enrollment or eligibility for benefits on whether you sign the authorization: this means they cannot refuse to treat you just because you didn’t sign an authorization (not useful for you in most situations, but nonetheless a requirement).
10. The potential for information disclosed pursuant to the authorization to be subject to re-disclosure by the recipient and no longer be protected by this subpart: this means that you agree that if the hospital, for example, discloses information about you to your significant other – then the hospital is not responsible if your significant other subsequently discloses your information (gossips) to someone else.
11. The authorization must be written in plain language. Yeah.
Here are my recommendations: all adult members of your family, your significant others, and/or close friends, attorney, etc., should have a copy of your authorization for them to obtain healthcare information about you in the event that you are incapacitated, or incompetent, or even just to pick up your latest prescription. And, just as important, you should encourage them to have authorizations, too, with the names of all the individuals they would like to be able to obtain healthcare information about them in the event that they become incapacitated or incompetent, etc.
An authorization DOES NOT replace a medical power of attorney – you should ensure that all adult members of your family have a signed medical power of attorney prepared by a competent attorney in your state.
But, for situations in which a person may be unconscious or otherwise temporarily unable to authorize a disclosure of their current health situation to another family member or friend, having an authorization in your pocket of purse can save everyone a lot of stress and upset.
If you would like a copy of a HIPAA-proof blank authorization that you can use, email me at firstname.lastname@example.org, and I’ll send you one, for free. This offer is only valid until I get my website online; when it’s ready to go then I’ll be offering these authorizations for a fee.
I blog here fairly regularly on all subjects related to patient privacy, the HIPAA Privacy & Security Rules, patient advocacy, etc. I invite you to send me any questions you may have about your medical records, healthcare privacy rights, etc., to email@example.com.
If you happen to be a nurse or nursing student, check out cathylwhite.wordpress.com for information about legal issues affecting nurses.