Accessing Deceased Patient Records—FAQ

Patients retain the right to keep their medical records private even after death. The laws surrounding just who has a legal right to view those records can lead to confusing and frustrating situations.

But new rules implemented through the HITECH Act’s HIPAA moficiation final rule have changed the rights of deceased patients and their loved ones to health information.

Below are frequently asked questions, recently updated to reflect the HITECH Act’s changes, on accessing a deceased patient’s medical records. (For more information, read a full feature article here.)

Q: Who may access a deceased person’s medical records?

A: The patient’s designated personal representative or the legal executor of his or her estate has a right under law to access the records.

If the patient died without naming a personal representative or executor, state law determines who by default possesses the right. States often establish a hierarchy of persons based on their relationship to the deceased person. Typically this begins with an adult member of the immediate family, such as a spouse, child, or sibling.

For those family members, relatives, and others who had access to the health information of the deceased prior to death, but had not qualified as a “personal representative” of the decedent under HIPAA Privacy Rule 164.502(g)(4) the final Privacy Rule allows covered entities to disclose a decedent’s protected health information to family members and others who were involved in the care or payment for care of the descendent prior to death, unless doing so is inconsistent with any prior expressed preference of the individual that is known to the covered entity.

Q: Does this change the personal representative’s rights under HIPAA?

A: This change to the Privacy Rule does not change the authority of the decedent’s personal representative.  The personal representative continues to have the right to access the decedent’s protected health information and have authority to authorize use and disclosures of the decedent’s protected health information that are not otherwise permitted or required by the HIPAA Privacy Rule.

Q: What legal documents ensure the right to access a deceased patient’s medical records?

A: A combination of the patient’s death certificate and a court document establishing estate executorship is sufficient to establish one’s right. In some states, alternative documentation can also be used.

Where a person does not rise to the level of personal representative, the HITECH-HIPAA final rule at 164.510(b) permits, subject to any prior expressed preference of the individual, a covered entity to disclose relevant protected health information, which may include persons who held a healthcare proxy for the individual or a medical power of attorney.

Q: What documentation or information will I need to meet the “reasonable assurance” for access to decedent’s medical record if I am not the personal representative? 

A. Reasonable Assurance criteria could be met by the person by indicating to the covered entity how he or she is related to the decedent or offering sufficient details about the decedent’s circumstances prior to death to indicate involvement in the decedent’s care.

Q: Do I have to go to probate court and become the executor of the deceased’s estate in order to access his medical records?

A: It depends on the state. Some state laws require people to submit legal proof of executorship to healthcare organizations in order to access records.

Other states follow a hierarchy of who becomes, by default, the personal representative of a deceased patient if the patient dies without naming an executor (as described above).

The Privacy Rule removes only the HIPAA requirement to deceased protected health information for family members and others who were involved in the care or payment for care of the decedent prior to death.  Some states may be more stringent than HIPAA.

Q: How do I find my state’s requirements and restrictions for releasing a deceased patient’s medical record?

A: The HIM department supervisor or the privacy officer of a local hospital can provide details on your state’s release-of-information laws. A local legal assistance group, particularly one that assists seniors, is another good resource.

Q: Does HIPAA forbid me from seeing my deceased relative’s medical records?

A: The federal Health Insurance Portability and Accountability Act (HIPAA) grants privacy protections to a person’s medical information up to 50-years post death. However, HIPAA also establishes that a patient’s designated personal representative has a legal right to access the patient’s records. A healthcare provider must provide the records to his or her designated personal representative if one exists. HIPAA leaves the definition of a personal representative up to individual state law.

The final Privacy Rule now opens the ability for family members, relatives, and others, who may have had difficulty obtaining access to such information.  The amendment to 164.510(b) permits covered entities to disclose a decedent’s information to family members and others who were involved in the care or payment for care of the decedent prior to the death, unless doing so is inconsistent with any prior expressed preference of the individual that is known to the covered entity.

However, these disclosures are permitted and not required and thus, a covered entity that questions the relationship of the person to the decedent or otherwise believes, based on the circumstances, that the disclosure of the decedent’s protected health information would not be appropriate, is not required to make the disclosure.

Q: I feel like I’m getting the run-around at my local hospital. Who can help me?

A: First talk to the hospital’s HIM department supervisor. Ask him or her to explain exactly what papers you would need to access the deceased patient’s record. The hospital’s privacy officer also can help determine if you have the right to access the record, and he or she can explain your specific state law.

If you are not allowed access to the records even if you have provided proper evidence of your right, file a written complaint with the Office for Civil Rights, which enforces the HIPAA privacy rule. Consulting an attorney who specializes in healthcare is another option.

Q: Is a signed HIPAA form authorizing release of medical records sufficient to view a patient’s records after his or her death?

A: Yes, the new provision 164.510(b) permits covered entities to disclose a decedent’s protected health information to family members and others who were involved in the care or payment for care of the descendent prior to death, unless doing so is inconsistent with any prior expressed preference of the individual that is known to the covered entity.  This may include persons who held a healthcare proxy for the individual or a medical power of attorney or a signed HIPAA authorization form.

Q: Does a medical power of attorney grant access to a patient’s records after his or her death?

A: Yes, the new provision 164.510(b) permits covered entities to disclose a decedent’s protected health information to family members and others who were involved in the care or payment for care of the descendent prior to death, unless doing so is inconsistent with any prior expressed preference of the individual that is known to the covered entity.  This may include persons who held a healthcare proxy for the individual or a medical power of attorney.

Q: Do special exemptions allow me to access the medical records of long-deceased patients for family genealogy projects or historical study?

A: Yes. The final Privacy Rule has removed a patient’s privacy rights 50 years after death and thus no longer subject to the Privacy Rule.  However, state laws may still apply.  Ask the facility what state law dictates.

Q: Is access to a deceased person’s psychiatric or substance abuse records treated any differently than access to other medical records?

A: HIPAA governs most healthcare providers and the records they keep; however, a different federal law governs many substance abuse programs (42 CFR Part 2). A substance abuse program can be covered under one, both, or neither regulation, depending on how it is funded.

Regarding deceased patient records, 42 CFR §2.15(b)(2) requires the facility to release records to a personal representative, such as an executor, administrator, or other person appointed under state law. However, stating that if there is no legally appointed personal representative, consent may be given by the patient’s spouse; if no spouse is present, consent may be given by any “responsible member” of the patient’s family.

Covered entities may continue to provide privacy protections to decedent information beyond the 50-year period, and may be required to do so under other applicable laws or as part of their professional responsibility.  Alternatively, covered entities may choose to destroy decedent’s information although other applicable law may prescribe or limit such destruction.

Psychiatric record disclosures follow the same rules as HIPAA, unless they receive additional protection under individual state law.

***

A special thank you to Mary Thomason, MSA, RHIA, CHPS, CISSP, senior compliance consultant at Intermountain Healthcare in Salt Lake City, for her contributions.

Other contributors, who updated this article in April 2013, include:

-Chris Apgar, CISSP, president of Apgar & Associates, LLC, a nationally recognized expert in information security, privacy, transaction and code sets, national identifier, HIPAA and electronic health information exchange.

-Judi Hofman CAP, CHP, CHSS, a privacy and information security officer for a four-hospital health system in central Oregon.  Hofman has been co-chair for the American Health Information Management Association’s ( national Privacy and Security Practice Council, is a contributing author, and presents nationally on HIPAA privacy and security.

-Kirk Nahra, JD, partner at Wiley Rein, a firm specializes in healthcare privacy law, and member of the Confidentiality, Privacy and Security subgroup for American Health Information Community (AHIC).

25 Comments

  1. AHIMA needs to print an article outlining each state’s laws about who has the right to a deceased patient’s records. This would save all members a lot of time. thanks

  2. I work with a provider that had a 17 year old die unexpectedly, the parents are being investigated by the Tennessee law do we release the records to the parents.

  3. Need fathers ss# deceasesd 2002

  4. Going to court is certainly financially burdensome on the deceased patient’s family. Does anything exist such as a pre-death authorization by the patient for release of records necessary for the processing of a life insurance claim?
    Obviously, if the patient had purchased life insurance, the patient expected the benefits to be paid

  5. The deceased was a suicide. Her Executor is a far away family member, rather than an immediate one. Does the Executor have any obligation to the entire rest of family to request any med or Dr. info about treatment of the deceased? Meds perscribed, mention of depression or wishing to die? Mainly meds history. Entire large family never got any info, tox screen results, or otherwise. Do fam members have a right to the info? Is Executor obligated at all? Thx.

  6. What are the HIPPA laws in New Hampshire for accessing my son’s records from an independent living (job search) service company. He was bipolar (I have no mental illness diagnoses) and my son (who could be irrational, at times) denied me access during his life, even though he lived with me and I helped him in many ways. I believe I could have saved his life if I could have been involved. He had no estate or family besides myself and his sister. Do I have to go through an expensive court proceeding in order to get to become his personal representative? Can I present his birth certificate and death certificate only? This service company told me I need to go to probate. I thought New Hampshire had more lenient restrictions on the HIPPA law.

  7. How does a long time partner become a personal representative in order to access medical records after death of their partner? Medical and General Power of Attorney cease once person dies. Should a will have been made? Thanks

  8. How long does a hospital have to keep medical records? I am trying to get information concerning my fathers cancer surgery for Aug.1974, but the hospital said they only have records back to 1981. My father died in 1996. I am in the state of Alabama.

  9. My father and I were estranged for 6 years prior to his death. He had left my family when I was 5 yet we kept in touch a little bit here and there. He did deal with addictions to prescription medicines, I think mostly narcotics, but I’m not quite sure. I know he claimed disability after he left in 1979 and dealt with some mental issues. When he passed away in August of 1999 in Bethlehem, Pennsylvania, the 3 children he had, including me were not informed of what exactly happened. The only living person that was close to him and related to him with his father and although my grandfather and I were close, he never disclosed what happened. He was very private about it for some reason and just stated that it was something heart related. I would really like to know the medical history of my father because obviously genetics play a major role in our health. Please, if anyone knows of a way that I can access or be privy to his medical records please let me know. My siblings and I are all very healthy people yet we seem to have high cholesterol and other things that just don’t seem to add up. I’m truly hoping that someone can help me find out how to access my deceased fathers medical records from Bethlehem, Pennsylvania. I would be extremely grateful. Thank you.

  10. My grandmother and siblings have tried to contact their brother for years. The lady who would go to my great uncles home would bathe him. She was a CNA from a home health. After his wife died she removed him from his home and moved him someplace elsewhere. She wouldn’t allow us to talk with or see him and this went on for 7years. She had gotten power of attorney over him. She had taken out 3 life insurances. A month before my uncle died, his will was changed that his share was will to her as a gift. There’s foul play. Wouldn’t you think. She should be going to jail. All this time we thought she was a girlfriend because my uncle said she was. We finally got a phone call december 28, 2012 sending a message to his oldest sister stating that her brother died. His siblings what’s medical records. How can they get a copy? Funeral home said he had a lot of bed sores. We need answers. Seem like she planned this to get his money.

  11. Can a sister of the deceased get medical records and pathology report in the state of minnesota. I am her executor of her estate and have all the other titles also, but when I went to the hospital to get records I was denied. What do I have to do now.

  12. I am trying to get information about a family member who was placed in a mental institution in Alabama in the early 1900’s. She died at this institution in 1929, and is buried on the grounds of the hospital. Her immediate family is deceased and has living grandchildren who are in their 80’s. what do we need to do to get access to her records?

  13. I really appreciate this FAQ as I went through these hoops after a parent passed away. I would also recommend anyone going through this to hire a probate attorney who is experienced in these matters.

  14. My mother passed away Jan. 4, 2013. She was divorced and only had three living children. How can I get her medical records when other two won’t appoint one of us as the administrator of her estate?

  15. My sister committed suicide on Oct. 12, 2011. I believe the statute of limitation expires on Oct. 12, 2013 so answers right now are deeply appreciated as I haven’t received much direction or answers from anyone…just the run-around. She left behind a 6 year old son. I am her younger sister by 2 years. My parents, siblings, etc. want to appoint me as representative. I am an Oregon resident, she was both Oregon and Washington but qualified as a Skamania Co., Washington resident at the time of her death. DHS, hospitals, etc. will not give me access. DHS did not convey my message to my sister or call an “intervention” meeting as requested. Can you point me in the direction of the correct form to fill out or procedure that I need to be appointed as her representative and also for a possibly “wrongful death” suit as the a friend had asked one of the Sheriff’s for help but was turned away and the hospital was required to keep her for observation (since she mentioned that she was suicidal) but released her…just hours later, she jumped off of the Bridge of the Gods. :(. There were mess ups with the local paper, the coroner and the evidence locker. I want justice for my sister, peace for my family and to be a voice for others so that they will not have to experience what we did. PLEASE, PLEASE, PLEASE HELP. Thank you so much!

  16. My mother died on August 16,2013 of pancreatic cancer, i requested her medical records from the doctors office, i was just notified by their office that they were advised not to release any medical records to me or the insurance company, without a court order signed by a judge, per their legal department, what do i have to do go get theses records, the insurance will not pay the claim, without those records, i was her caregiver, and was responsible for her well-being, i am the only named beneficiary on her insurance policy.
    What can i do without having to go to court, she did not have any assets, or property or anything, not even any money at all. PLEASE HELP ME,, PLEASE I NEED THIS MONEY TO PAY THE FINALLY PAY THE FUNERAL HOME THANKS FOR THE HELP

  17. how do i get medical records of my deceased wife.the insurance company will not pay car off without medical records evan though i sent them her death certificate. we lived in the state of arkansas.

  18. My mom passed away July 27th 2013 and I had the runaround getting her medical records..And Now I asked for a DPH investigation… They did one and Not the patient advocate at the hospital will not let me have them she said there sealed and I cant have them or the hospitals investigation…I am the executor…They said get a a lawyer to get them…Cause there hiding something I think…Whats ur oponion?

  19. This has been informative. I recently lost my mother and my stepfather refuses to disclose my mothers medical history in order to help me inform my adult children as well as grandchildren. the medical signs they should be aware of in there own medical history.

  20. Yes I wanting to know how long hipaa recommend physicians to keep patient records after death?

  21. I am wondering where I would start for getting medical records from the 1930’s on my mother who died in 1992. As a young girl her dress caught fire and as a result had burns on her upper body. She grew up in the Harrisburg, Pa area. I don’t know which hospital. I am trying to get the exact details to write a memoir of her life. Any help where to start would be appreciated. I do have her death certificate. Thank you

  22. I constantly get request to release medical record to insurance companies, in those cases it is the spouse that signs the authorization. I understand all the information provided, and it is great info!. But if the insurance company is stating that the person that signs the authrization is the beneficiary of the policy. Will I be able to release the record if the person signing the authorization is the beneficiary?

  23. I constantly get request to release medical record to insurance companies, in those cases it is the spouse that signs the authorization. I understand all the information provided, and it is great info!. But if the insurance company is stating that the person that signs the authorization is the beneficiary of the policy. Will I be able to release the record if the person signing the authorization is the beneficiary?

  24. I found out i need a new heart my mother is dead has been for a while the hospital were she died close i trying to get her records she left no will i am her olders daughter, I now nothing about my family medical history the doctors keep asking me i having nothing to tell .Can you help and tell me what to do ty.

  25. My daughter is disabled and I am her legal guardian, how can I obtain a copy of her deceased father’s pathology report if his wife of less than 30 days will not provide us a copy?

Submit a Comment

Share This

Share This

Share this post with your friends!