- Being a patient does not have to be a solo experience. Many patients benefit from caregiver and family engagement - and many providers encourage collaborative decision-making. While HIPAA regulations exist to secure the rights of patients to keep their health information private, the law can also enable approved personal representatives to help individuals receive the best possible care.
HIPAA is a notoriously confusing law, especially with regard to patient and family member access to medical records.
While clinicians frequently cite HIPAA as a barrier to data exchange and patient data sharing, the rule does not prohibit any and all disclosure of protected health information (PHI) if the patient gives his or her explicit consent to share data with friends, family, and caregivers.
Healthcare organizations can support patients and their families by by ensuring both practice staff and patients are aware of the rules and rights surrounding the disclosure of personal information.
A personal representative is an individual authorized by the patient to access the patient’s medical records and make healthcare-related decisions.
Many patients will appoint a personal representative to make healthcare decisions when they are incapacitated as a part of end-of-life planning. Usually, personal representatives are charged with making healthcare decisions regarding artificial life support.
Mentally handicapped adult patients might also have an appointed guardian who helps the patient make healthcare decisions, or makes decisions for the patient.
“The personal representative stands in the shoes of the individual and has the ability to act for the individual and exercise the individual’s rights,” according to HIPAA rules. “In addition to exercising the individual’s rights under the Rule, a personal representative may also authorize disclosures of the individual’s protected health information.”
The HHS created these HIPAA provisions because there may be circumstances under which the patient cannot make her own healthcare decisions or want help doing so.
“The Department [of Health & Human Services] recognizes that there may be times when individuals are legally or otherwise incapable of exercising their rights, or simply choose to designate another to act on their behalf with respect to these rights,” the HIPAA rule states.
Healthcare proxies who make decisions in times of medical crisis or when the patient is incapacitated ensure that treatment options (such as the use of artificial life support) adhere to patient wishes.
For pediatric patients, personal representatives are parents, legal guardians, or other individuals acting with legal parental authority, HIPAA says.
In the case of adults and emancipated minors, personal representatives are individuals with legal authority to make healthcare decisions for patients. These can include court-appointed legal guardians or those with healthcare power of attorney.
HIPAA makes a distinction in the case of adult and emancipated minor patients. In instances of abuse, domestic violence, or neglect, the clinician may deny the personal representative access to the patient’s medical records.
When a physician or other covered entity reasonably believes that an individual, including an unemancipated minor, has been or may be subjected to domestic violence, abuse, or neglect by the personal representative, or that treating a person as an individual’s personal representative could endanger the individual, the covered entity may choose not to treat that person as the individual’s personal representative, if in the exercise of professional judgment, doing so would not be in the best interests of the individual.
There are also situations in which the clinician must treat the personal representative as equal to the patient. In cases where personal representatives have broad authority over the patient – such as in cases of pediatric patients – clinicians may treat representatives as the patient. These personal representatives are privy to all healthcare goings on for these patients and are involved in all healthcare decisions.
However, in some cases the personal representative only acts in the patient’s place with regard to certain procedures – such as with regard to artificial life support. Personal representatives may only make decisions about this specific procedure.
Patients do not need to appoint a personal representative in order to allow family members or other caregivers to view their medical records. The designation of a personal representative is more geared towards ensuring a trusted individual is making medical decisions, in many cases acting as a healthcare proxy.
Patients have options for disclosing health information to family members that do not involve a personal representative. Patients can sign off on allowing certain individuals to obtain medical records and records containing PHI, for example.
“The individual’s request to direct the PHI to another person must be in writing, signed by the individual, and clearly identify the designated person and where to send the PHI,” say the HIPAA regulations. “A covered entity may accept an electronic copy of a signed request (e.g., PDF), as well as an electronically executed request (e.g., via a secure web portal) that includes an electronic signature.”
In these cases, rules about individual patient access to medical records still apply. Family members must present signed permission for data access and a form of identification. Loved ones also face the same fees and rules surrounding data access, HIPAA states.
Patients may also share personal copies of their medical records with whomever they choose. Individuals can use their patient portal access, for example, to allow their adult children review notes from their last primary care check-up.
Some providers have a legal process by which adult children may obtain their own log-in to their parents’ patient portal accounts. In other cases, the patient might just review the portal alongside their loved ones.
Patients sign off on disclosing their medical records to caregivers or family members in an effort to involve their loved ones in patient care. Family members who can view and assess patient medical records can improve patient safety, experts say.
“When a patient is in the hospital, they need an extra set of eyes and ears to understand things,” explained Jill Harrison, PhD, Director of Research at patient advocacy group Planetree. “Having a family member by their bedside after surgery is one of the greatest things a family member can do in terms of safety.”
Likewise, allowing a family member to view patient medical records allows for the family member to learn more about the patient condition and to catch medical record mistakes.
Additionally, patients who share their medical information and data with their loved ones incorporate the loved one into the care plan. Families involved in the care plan may drive patient knowledge and offer encouragement for patient health behavior change.
It is beneficial for healthcare organizations to have a firm grasp on the HIPAA regulations surrounding personal representatives and family caregiver data access. When health information managers and other clinical professionals understand these patient and family rights, it becomes easier to drive better data access, family engagement, and, ideally, outcomes.