How does HIPAA influence estate planning?

According to the study ‘Estate Planning for Cohabitants’ published in Journal of the American Academy of Matrimonial Lawyers, “The best planning is done using the tools available to accomplish an enforceable result. This should include the use of powers of attorney for finances and health care and a HIPAA release during life and possibly a use of a cohabitation agreement, wills and trust and nonprobate transfers to accomplish transfers at death.”

Under HIPAA, healthcare providers, insurers, and other covered entities cannot disclose protected health information (PHI), including medical records, diagnoses, or treatment plans, to third parties, including family members or legal representatives, unless authorized by the patient or their legally designated agent. 

HIPAA can create challenges in estate planning, particularly when determining a person’s mental capacity to execute documents like wills or trusts, or when managing healthcare decisions for incapacitated individuals. For example, suppose a healthcare power of attorney (POA) lacks specific HIPAA compliant language. In that case, the designated agent may face delays or denials when attempting to access medical records required to make informed decisions. 

HIPAA also necessitates estate planners to integrate explicit PHI release clauses into advance directives, ensuring executors, trustees, or agents can legally obtain medical information. Without such provisions, fiduciaries may need court orders to override privacy protections. 

What HIPAA protects and who it affects

As The Surgical Oncology Clinics of America journal article notes, “The primary goal of the law is to make it easier for people to keep health insurance (Title 1, Portability), protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs (Title II Administrative Simplification).” 

HIPAA protects PHI, including any identifiable health data, such as names, contact information, medical records, and biometric identifiers, that relates to an individual's past, present, or future physical or mental health condition, the provision of health care, or payment for health care. 

The Privacy Rule restricts the use and disclosure of PHI, permitting it without individual authorization only for specific purposes like treatment, payment, health care operations, public health activities, and certain research scenarios.​

Common estate planning documents impacted by HIPAA

• Healthcare powers of attorney: Must explicitly authorize agents to access PHI to make informed medical decisions.
• Living wills: May need provisions allowing healthcare providers to share prognosis data with designated decision-makers.
• Revocable trusts: If trustees manage healthcare-related assets, they may require PHI access to fulfill fiduciary duties.
• Advance directives: Without HIPAA waivers, hospitals may withhold health data from family members, delaying end-of-life decisions.

Why including HIPAA language in estate plans is essential

HIPAA restricts healthcare providers from disclosing PHI without explicit authorization, even to close family members or agents holding a power of attorney. An excerpt from Families Caring for an Aging America expands on this idea, noting, “A caregiver who is the individual's ‘personal representative’ has the authority, under applicable law, to act on behalf of an individual in making decisions related to health care and has the same rights of access.”

It means that, without proper HIPAA authorization, individuals such as spouses or adult children may face obstacles in obtaining medical information, potentially hindering timely medical decision-making or management of health-related assets.

If a trustee needs to verify a beneficiary's medical condition to administer a special needs trust, the absence of HIPAA authorization could delay distributions. Furthermore, HIPAA authorization can preempt the need for court orders, streamlining processes during medical crises. Therefore, including HIPAA language in estate planning documents is beneficial to facilitate access to medical information by authorized individuals. 

The impact of Scharlach v. Scharlach 

The case of Estate of Scharlach, 809 A.2d 376 (Pa. Super. Ct. 2002), discussed courts’ rigorous scrutiny of fiduciary duties in estate administration, illustrating why trustees and executors must have unfettered access to decedents’ information. The Orphans’ Court approved a surcharge against the corporate guardian for failing to follow an expert’s recommended diversification plan, effectively surcharging the trustee for breaching its duty to the trust estate. 

On appeal, the Superior Court affirmed that the trustee had failed its fiduciary duties by ignoring the trust’s investment scheme, mandating restitution to protect beneficiaries. The court further held that the defense of laches was waived when the guardian failed to plead it timely. Federal HIPAA Privacy Rule provisions dovetail with these principles by treating personal representatives, but only those recognized under state law, such as executors and administrators, as individuals for purposes of PHI access, granting them the right to disclosures as the individual under 45 C.F.R. § 164.502(g). 

The case summary elaborates that a caregiver serving as a personal representative may request PHI to make healthcare decisions or manage health-related assets, reinforcing that estate fiduciaries need explicit HIPAA authorization to avoid barriers. HIPAA’s protections extend into postmortem contexts, continuing to shield a decedent’s medical records after death, so without clear HIPAA compliant estate planning language, executors may be denied information. 

Estate planning authorities thus recommend embedding standalone HIPAA authorization clauses within powers of attorney, trusts, and wills to ensure PHI access without court orders. Proposed federal rules to extend deceased individuals’ PHI protections for up to 50 years postmortem further underline the need for precise, forward-looking HIPAA directives for estate administrators.

The role of estate planning attorneys in navigating HIPAA

Estate planning attorneys serve as translators between clients’ wishes and HIPAA’s requirements. They must ensure that any document granting PHI access includes language that satisfies the rule’s formalities. The above-mentioned excerpt stems from a chapter on aging demographics that goes on to explain, “A HIPAA authorization is a document … that identifies the scope of information that may be disclosed, to whom, and for what purposes, and it meets other specifications under the Privacy Rule.” By embedding that precise authorization into powers of attorney and trusts, attorneys guarantee that designated agents qualify as personal representatives.

Counsel advise clients on selecting appropriate fiduciaries through advance directives, noting that “anyone appointed health care agent or proxy under such a document should have all the rights to access and control of information that the individual has” once the directive becomes effective. Attorneys coordinate with healthcare providers to confirm that these documents meet HIPAA standards, preventing scenarios where a caregiver relying on a HIPAA authorization may still encounter barriers to access due to technical deficiencies in the authorization. 

They also educate clients on junctures, such as proving incapacity to modify trusts or contest wills, where timely PHI access can mean the difference between fiduciary action and costly delays. They then incorporate HIPAA waivers into durable powers of attorney and testamentary trusts.

Related: HIPAA Compliant Email: The Definitive Guide (2025 Update)

FAQs

What is a Personal Representative under HIPAA?

A caregiver who is the individual’s ‘personal representative’ has the authority, under applicable law, to act on behalf of an individual in making decisions related to health care and has the same rights of access.

How should attorneys incorporate HIPAA Authorizations and Directed Right to Access into estate documents?

Attorneys should draft these authorizations to mirror 45 C.F.R. § 164.508 requirements and include a Directed Right to Access clause, which provides mandatory disclosure rights unless an exception applies.

What are the differences between HIPAA Authorization and a Durable Power of Attorney for Healthcare?

HIPAA Authorization permits specific PHI disclosures but remains subject to minimum necessary limits and may encounter provider discretion, whereas a Healthcare Power of Attorney (as a personal representative) grants full PHI rights under 45 C.F.R. § 164.502(g) to treat a personal representative as the individual for purposes of this subchapter. Estate planning should include both to cover varied scenarios.

Who can serve as a personal representative and when does this authority commence?

State law confers personal representative status via (1) advance directives or healthcare powers of attorney, (2) default surrogate decision-making statutes, or (3) guardianship appointments.