Part 1: Learning About HIPAA (FAQ 7 of 65)

7. Do Privacy Rights Survive Death?

Yes. Under HIPAA, a patient's privacy rights survive death and last forever. We are not sure how much sense that makes, but that is what the rule provides. A deceased patient's legally authorized executor or administrator, or a person who is otherwise legally authorized to act on the behalf of the deceased patient or patient's estate, can exercise the privacy rights of a patient.

It is important to know that disclosures for treatment do not require consent or authorization of the patient or the patient's representative. That means, for example, if information about the deceased patient is relevant to the care of the surviving spouse, the information can be disclosed to the health care provider for the surviving spouse.

Privacy for the dead can be especially messy when questions arise in the period after death and before anyone is formally authorized to act for the patient or the patient's estate. For many individuals, there may be no formal legal process following death. These questions are often best resolved with more attention to common sense and less attention to legal formalities. A doctor is more likely to know the best thing to do, and a lawyer is more likely to get in the way. The authority in the HIPAA rule that permits disclosure of information to a patient's caregiver may also help resolve problems during that period.

Jump to list of FAQs 1-65 | See all of Part 1