My daughter and her classmates excitedly counted down the last seconds of the last minute of her high school career. Squeezed together in the auditorium, the seniors slowly chanted “5-4-3-2-1” in unison. As they reached the end of the countdown, all of the seniors jumped up in the air simultaneously. Bam!
As they launched themselves into space, someone’s back connected with my daughter’s hand. Hard. Her screams of joy turned to screams of pain. An X-ray confirmed her left hand was broken. Luckily, the brace she wore for the next month didn’t cramp her style in attending graduation and other festivities. But as a result of this accident, we learned a difficult lesson about HIPAA privacy laws.
As you may have read, once your child turns 18, you lose the ability to access their medical records without their permission. Even if your kids are on your insurance – as many children are until they turn 26 – there can still be delays in health professionals releasing the necessary information to you.
Legally, if your child gets into an accident you may not be able to get any information on your child’s condition at all. Even worse, you may not have the legal right to make any medical decisions on your child’s behalf if he/she is incapacitated based on HIPAA’s privacy clause.
Luckily, my daughter’s broken hand wasn’t particularly serious so learning we couldn’t get access to her medical records was an annoyance rather than a life or death matter. While I knew that once my daughter turned 18, I was no longer able to attend her physical check-ups, I didn’t grasp the larger issue.
It wasn’t until one of my daughter’s health care providers called me that I realized HIPAA’s full constraints. My daughter had missed a follow-up appointment. Her provider was trying to track her down to give her information about her latest X-ray. Of course, my daughter’s voicemail was full so the provider couldn’t leave her a message and called me instead.
“Just give me the information and I’ll pass it on to her,” I said.
“Legally, we can’t do that,” the provider replied.
“Can you tell me if it’s anything serious?” I asked.
“I’m sorry but we can’t release any information without her permission,” the provider explained – kindly — but still not giving up anything.
“Well, is she okay? Should she be in the hospital now?” I pressed. I figured this was not the case but I was only just then realizing how the privacy law worked.
“I’m sorry — I can’t give you any more information but just have her call us at her earliest convenience.”
I immediately called my daughter, chastising her for missing the appointment and not checking her voicemail (something Millennials don’t seem to think exists).
What are the HIPAA Privacy Laws?
Despite being familiar with the acronym, I felt compelled to learn more about the privacy piece of the HIPAA law. Passed in 1996, HIPAA, or the Health Insurance Portability and Accountability Act, includes several key provisions, including the privacy restriction.
The privacy rule was largely crafted to protect patients’ personal or protected health information. The rule is triggered once your child turns 18 and can potentially restrict you from getting or sharing information on your child’s health. While your child may not want you to get access to their healthcare records on an ongoing basis, it’s a good idea to have a means of circumventing HIPAA in the event of an emergency.
Stories abound of spring break incidents or falls during an “adventure trip” or service program in a remote location. In these cases, frustrated and worried parents were unable to help their children or get them transported quickly to a location where there were better hospitals and quality of care.
While no one wants think about a medical emergency, legal and medical professionals suggest planning for worst-case scenarios by having your child sign authorization forms.
These forms include a HIPAA release as well as a medical power of attorney. The documents are essentially permission slips for healthcare providers to release and share medical information with parents and guardians in an emergency.
To set up power of attorney, your child just needs to decide who they will designate to make health care decisions for them. In many states, HIPAA authorization is rolled into a Power of Attorney form so you need one rather than two forms.
If your child attends college out of state, ensure the forms reference your home state as well as the state in which school they attend is located.
You Don’t Have to Know Everything
While your child may readily agree to having you involved in a medical emergency, he or she may be anxious about your having access to additional and potentially sensitive medical details. You can address this concern by limiting the disclosure to exclude information on mental health, prescriptions, sex, or other details your child may want to keep private.
Once you and your child have signed and notarized these forms, ensure you make copies for your hard drive, phone, as well as saving a copy to a cloud server. You want to be able to access these forms and transmit them in an instant if necessary to a healthcare provider. While some professionals advocate using an attorney to prepare the forms, you don’t have to – I found a web site with downloadable forms and templates created by a legal team that covered my daughter’s relevant states.
Hopefully, you won’t ever have to use these forms but in the interim, definitely add this step to your college checklist!
Posts You’ll Also Love Reading: