Effective March 20, 2014, Ohio implemented changes to the durable power of attorney health care law that will have an impact on both individuals and health care providers.
Impact on Individuals
Possibly the most significant change is that an individual’s attorney-in-fact (the “Agent”) may have immediate access to an individual’s health information, including protected health information ("PHI") (i.e., an individual’s entire medical history).
Before March 20, 2014, a health care durable power of attorney (“HCPOA”) vested certain authority in the Agent only upon a physician’s determination that the principal had lost the capacity to make informed health care decisions. Under Ohio’s new law, the principal now has options:
- Allow the Agent named in the HCPOA document to have immediate access to health information and PHI upon the execution of the HCPOA.
- Allow access at a later specified time or under certain circumstances regardless of whether the principal lacks the capacity to make his or her own health care decisions.
- Allow access only upon incapacity.
Another noteworthy change is that a principal may nominate in the HCPOA document a guardian of the principal’s person, estate or both for a court to consider if guardianship proceedings begin at a later time. The principal may also file the HCPOA with the probate court for safekeeping.
Lastly, the amendment to the law adds to the list of ineligible witnesses to an HCPOA the alternate Agent named in the HCPOA document. The list of ineligible witnesses already includes any person who is related to the principal by blood, marriage or adoption, any person who is designated as an Agent, the attending physician of the principal and the administrator of any nursing home in which the principal is receiving care.
Given these changes in the law, the important takeaways for individuals are as follows:
- If a principal already has an HCPOA in place, that principal must execute a new HCPOA document to permit his or her Agent, if desired, to be able to access PHI prior to the onset of incapacity. Otherwise, the HCPOA will continue to be governed under prior law.
- A principal executing an HCPOA in Ohio must give thoughtful consideration about how and/or when his or her Agent will have access to PHI and if a guardian of the principal’s person, estate or both should be nominated in an HCPOA.
- A principal must make sure the individuals witnessing the execution of an HCPOA are eligible to do so under the law.
Attorneys in Taft's Private Client group are available to discuss with individuals the changes to this law and how it may affect their planning decisions.
Impact on Health Care Providers
These changes in Ohio’s HCPOA laws will also pose new and complex challenges for health care providers. Under the federal HIPAA privacy laws, in most instances, a patient’s “personal representative” (defined as an individual authorized under state laws to make health care decisions, including access to medical information) has the right to see and have copies made of a patient’s PHI. Now more than ever, Ohio hospitals, nursing homes, clinics and physician offices must carefully scrutinize a patient’s HCPOA document to determine whether the Agent is a “personal representative” with authority, under a properly executed HCPOA, to access PHI.
Following are the important takeaways for providers:
- A patient’s HCPOA executed prior to March 20, 2014, (i.e., already “on file” with the nursing home) remains valid until, if ever, a new HCPOA is executed, but the Agent cannot access records until the patient’s incapacity is established, as under prior law.
- A newer (after March 20, 2014) HCPOA must be carefully reviewed to determine whether the language permits the Agent to have access to PHI, even if the patient still has full capacity to make health care decisions.
- Under certain circumstances stated in the HIPAA rules, a provider can deny an Agent access to PHI even if the document explicitly authorizes it (i.e., risk of patient harm). Thus, the provider must also consider the circumstances before honoring an Agent’s request to access PHI.
- Ohio providers should review, and update as needed, their HIPAA Privacy and Security Policies on “Personal Representatives,” as defined under Ohio law.