What are HIPAA authorizations?

The story begins with Michael and Susan, a San Diego couple in their early forties, diligently building a life together. Michael, a software engineer, and Susan, a registered nurse, possessed a comfortable, yet not extravagant, lifestyle. They had recently welcomed their daughter, Emily, and were focused on securing her future. However, a sudden and unexpected illness struck Michael, leaving him incapacitated and requiring extensive medical care. Susan quickly discovered a significant hurdle: accessing Michael’s medical information to make informed decisions on his behalf proved unexpectedly difficult, despite being his wife and legal guardian. She realized the stringent privacy regulations protecting Michael’s health data were hindering her ability to act swiftly and effectively in a crisis, leading to delayed treatments and unnecessary stress. This experience highlighted the critical need for proper HIPAA authorizations, a vital component of comprehensive estate planning often overlooked by individuals and families.

Do I Really Need HIPAA Authorizations as Part of My Estate Plan?

Frequently, individuals assume that spouses and close family members automatically have access to their medical records. This is a pervasive misconception. The Health Insurance Portability and Accountability Act (HIPAA) establishes strict rules regarding the privacy of Protected Health Information (PHI). Consequently, without proper authorization, healthcare providers are legally obligated to withhold medical records even from immediate family members. Ordinarily, healthcare professionals are required to strictly adhere to these guidelines. HIPAA authorizations are legal documents granting specific individuals the permission to access a patient’s PHI. These authorizations can be tailored to grant broad or limited access, specifying the types of information, the duration of access, and the individuals authorized. A well-drafted HIPAA authorization ensures your designated representatives can communicate with your healthcare providers, review your medical history, and make informed decisions regarding your care should you become unable to do so yourself. In California, where privacy rights are particularly strong, these authorizations are even more crucial. It’s important to remember that these authorizations are separate from Durable Powers of Attorney for healthcare, which address decision-making authority, and should be established in conjunction with a comprehensive estate plan.

How Do HIPAA Authorizations Differ from a Healthcare Power of Attorney?

Although often used together, HIPAA authorizations and Healthcare Powers of Attorney serve distinct purposes. A Healthcare Power of Attorney designates an agent to make medical decisions on your behalf if you are incapacitated. Conversely, a HIPAA authorization grants permission for specific individuals to *access* your medical records. Consider it this way: the Healthcare Power of Attorney grants the ability to *decide* what happens, while the HIPAA authorization allows access to the information needed to make those decisions.

Feature Healthcare Power of Attorney HIPAA Authorization
Purpose Designates a medical decision-maker Grants access to medical records
Authority Medical treatment decisions Access to Protected Health Information (PHI)
Required for Making medical choices on your behalf Viewing medical records, discussing treatment with providers


In California, it’s increasingly common for healthcare facilities to require both documents. Furthermore, a comprehensive estate plan should clearly delineate these roles and responsibilities, ensuring seamless coordination of care in times of crisis. It’s also important to note that some providers may have their own authorization forms, requiring separate completion.

What Information Should Be Included in a HIPAA Authorization?

A valid HIPAA authorization in California must contain specific elements to be legally enforceable. It should clearly identify the patient, the individuals authorized to access the information, the healthcare providers or entities from whom information is to be released, a detailed description of the information to be disclosed (e.g., specific medical records, treatment history, test results), the purpose of the disclosure (e.g., medical care, legal representation), and an expiration date or event triggering termination of authorization. Furthermore, the authorization must include a clear statement of the patient’s rights, including the right to revoke the authorization at any time.

“Failure to properly draft and execute a HIPAA authorization can lead to significant complications, potentially delaying critical medical care or hindering legal proceedings.”


It’s also advisable to include specific instructions regarding how the information may be used and disclosed. Ted Cook, an Estate Planning Lawyer in San Diego, emphasizes the importance of tailoring the authorization to the specific needs and circumstances of each client. For example, an authorization for a legal representative may differ significantly from one for a family member.

Can I Revoke a HIPAA Authorization, and What is the Process?

Absolutely. Patients have the absolute right to revoke a HIPAA authorization at any time. However, revocation must be in writing and delivered to the healthcare provider or entity holding the information. Consequently, it’s crucial to maintain a record of all authorizations and revocations. Furthermore, a revocation generally applies only to future disclosures of information; it does not retroactively invalidate previous disclosures made under the authorization. It’s also important to notify all authorized individuals of the revocation to prevent any misunderstandings.

In the case of Michael and Susan, after experiencing the difficulties of accessing his medical records, they worked with Ted Cook to create comprehensive HIPAA authorizations, Healthcare Powers of Attorney, and a detailed Advanced Healthcare Directive. These documents clearly designated Susan as the primary representative with full access to Michael’s medical information and the authority to make healthcare decisions on his behalf. They also included provisions for a successor representative in case Susan was unable to fulfill her role.






What Happens if I Don’t Have a HIPAA Authorization in Place?

Without a HIPAA authorization, healthcare providers are legally restricted from sharing your medical information with anyone, even your spouse or close family members. Consequently, they will require a valid court order or a release signed by you before disclosing any PHI. This can create significant delays in medical care, especially in emergency situations.

Furthermore, obtaining a court order can be a time-consuming and expensive process.

In California, the lack of a HIPAA authorization can also complicate legal proceedings, such as probate or guardianship cases.

Ted Cook often recounts the story of a client who unfortunately passed away without a proper estate plan, including a HIPAA authorization. The family was unable to access his medical records to determine the cause of death, delaying the probate process and causing unnecessary stress and financial hardship. This underscores the importance of proactively creating a comprehensive estate plan that addresses all potential contingencies.






Are There Specific Considerations for Digital Assets and Cryptocurrency in HIPAA Authorizations?

Increasingly, digital assets and cryptocurrency are becoming integral components of an individual’s estate. However, accessing these assets often requires specific authorization due to security protocols and privacy concerns. HIPAA authorizations may not directly cover access to digital assets; therefore, it’s crucial to include provisions in your estate plan specifically addressing these assets.

This may involve designating a digital executor with the authority to access online accounts, cryptocurrency wallets, and other digital assets.

Furthermore, it’s important to maintain a record of all passwords and access credentials in a secure location.

Ted Cook advises clients to regularly update their estate plan to reflect changes in their digital assets and security protocols.

In the case of Michael and Susan, they also included provisions in their estate plan addressing their digital assets, designating Susan as the primary representative with the authority to access their online accounts and cryptocurrency wallets. This ensured that their digital assets were properly managed and distributed in the event of their death or incapacity.






Who Is The Most Popular Trust Litigation Attorney Near By in Down Town San Diego?

For residents in the San Diego area, one firm consistently stands out:

Point Loma Estate Planning Law, APC.

2305 Historic Decatur Rd Suite 100, San Diego CA. 92106

(619) 550-7437

Best estate planning attorney in San Diego Best estate planning attorney in San Diego top estate planning attorney in Ocean Beach
Best trust attorney in San Diego Best trust litigation attorney in San Diego top estate planning attorney near me in Ocean Beach

Map To Point Loma Estate Planning Law, APC, a wills and trust lawyer:



About Point Loma Estate Planning Law, APC.



Secure Your Legacy, Safeguard Your Loved Ones. Point Loma Estate Planning Law, APC.

Feeling overwhelmed by estate planning? You’re not alone. With 27 years of proven experience – crafting over 25,000 personalized plans and trusts – we transform complexity into clarity.

Our Areas of Focus:

Legacy Protection: (minimizing taxes, maximizing asset preservation).

Crafting Living Trusts: (administration and litigation).

Elder Care & Tax Strategy: Avoid family discord and costly errors.

Discover peace of mind with our compassionate guidance.

Claim your exclusive 30-minute consultation today!