Latest Breaking News
In reply to the discussion: Epstein's Death Was On 4Chan Before Officials Announced It -- Now Authorities Are Investigating [View all]cannabis_flower
(3,764 posts)I have had to deal with HIPAA before but it's been a few years so I had to look it up. I worked for a call center and we had to take a course in HIPAA because we might (but seldom did) come into contact with health information and since we were business associates of the Georgia Department of Human Resources we would be required to comply if we had to deal with any health information
So here is the information on how long HIPAA applies and who is required to comply with HIPAA.
Does the HIPAA Privacy Rule apply to deceased individuals?
The HIPAA Privacy Rule states that individuals identifiable health information remain protected for 50 years following their death.
The Rule explicitly excludes from the definition of protected health information individually identifiable health information regarding a person who has been deceased for more than 50 years, the Department of Health and Human Services (HHS) explains on its website. During the 50-year period of protection, the Privacy Rule generally protects a decedents health information to the same extent the Rule protects the health information of living individuals but does include a number of special disclosure provisions relevant to deceased individuals.
The provisions where a covered entity can disclose the PHI of a deceased individual include the following:
(1) to alert law enforcement to the death of the individual, when there is a suspicion that death resulted from criminal conduct
(2) to coroners or medical examiners and funeral directors
(3) for research that is solely on the protected health information of decedents
(4) to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of cadaveric organs, eyes, or tissue for the purpose of facilitating organ, eye, or tissue donation and transplantation
(5) to a family member or other person who was involved in the individuals health care or payment for care prior to the individuals death, unless doing so is inconsistent with any prior expressed preference of the deceased individual that is known to the covered entity
https://healthitsecurity.com/news/how-do-hipaa-regulations-apply-after-death
Who Must Comply With The HIPAA Privacy Rule?
The HIPAA Privacy Rule pertains to health care providers, health plans, and health care clearinghouses and to the business associates of these entities.
https://www.healthit.gov/faq/who-must-follow-hipaa
So, doctors, the jail, insurance etc. are required to comply with HIPAA. But if I was say a bystander that just happened to be around when someone was being pronounced dead, such as another inmate, a bystander at the hospital such as another patient who happens to be standing around in the hallway when someone is brought in, a reporter, and a relative or friend of Mr. Epstein, I would not be committing a violation of HIPAA if I posted that Epstein was dead before it was officially released by the hospital.
If I'm not a healthcare provider, a health plan, a health care clearinghouse or an employee or business associate of these entities, I would not be committing a HIPAA violation by disclosing that he was dead.