The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") was enacted by Congress

under the auspices of the U.S. Department of Health and Human Services to improve the efficiency and

effectiveness of the nation's health care system by encouraging the widespread use of electronic data

interchange in health care.

Congress simultaneously recognized that this could pose a threat to the security and privacy of personal information.

Consequently, they incorporated The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") was

enacted by Congress under the auspices of the U.S. Department of Health and Human Services to improve the efficiency

 and effectiveness of the nation's health care system by encouraging the widespread use of electronic data interchange in health

care. Congress simultaneously recognized that this could pose a threat to the security and privacy of

personal information.

Consequently, they incorporated The privacy rules require the following parties

to implement procedures and safeguards to prevent the unauthorized use and release of PHI:

 • Doctors, nurses, pharmacies, clinics, nursing homes and most health care providers;

• Health insurance companies and most employer group health plans; and

• Certain government sponsored health care programs such as

    Medicare and Medicaid. There are civil and criminal penalties for individuals and entities who\which,

violate the HIPAA privacy rules or otherwise fail to adequately protect PHI.

Consequently, without specific authorization from a patient, the patient's family, friends Health Care Proxy and even their Attorney-iniFact

 (i.e. agent designated pursuant to a Power of Attorney) will be denied access to the patient's PHI. However,

 that information may be essential to address and resolve a billing dispute on behalf of the patient. More

 importantly, a patient's legally designated agent may be denied information critical to make an informed

decision regarding the patient's continued care or course of treatment.

A duly executed Health Care Proxy and\or Power of Attorney designating a particular individual to act on behalf of a patient are useless to

obtain PHI in the absence of a properly prepared and executed HIPAA authorization. The authorization must

be in a writing signed by the patient before a notary public and must contain specific information and instructions

 regarding a number of key matters including, but not limited to:

The name or other specific identification of thepatient; The name or specific identification of the person(s) to whom

the information is to be disclosed; The purpose for the request; An expiration date or event for the authorization; A statement that the patient may

 revoke the authorization 'in writing; Although you may come across an 'authorization form' on your own, due

to the complexity of the HIPAA privacy rules and the potentially life threatening consequences of not having

access to a patient's PHI, we encourage you to contact us to discuss the significance of supplementing your

Health Care Proxy and\or Power of Attorney HIPAA authorization form and ensuring that it is legally sufficient

 and properly executed.