When HIPAAs Attack

As many of you know, I have been learning, up close and personal, a lot about elder issues, as my family comes together to help my father, who will be 89 in a few weeks, navigate the shoals of elder care on all sorts of levels — the financial, the medical, the legal, etc., etc., etc. There are many levels.

It’s all been very life-affirming, but by no means easy.

Dad came home last week after a bad bout of pneumonia that, when all was said and done was, believe it or not, more scary than the stroke he had this summer.

Today he’s receiving ’round the clock care. We’ll see if my folks can deal with having someone around all the time; it’s not their idea of fun. I keep telling them that, if they don’t want all that help, then I’ll be more than happy to take if off their hands. I could really use some help around here . . .

*  *  *

In the months ahead I’ll be writing a lot about this experience, to share with others what I’ve learned.

Today’s topic is HIPAA (pronoucned HIP’ uh), also known as the Health Insurance Portability and Accountability Act, and a major chunk of which is about privacy and information flow.

Now I am no HIPAA expert, but I am currently the world’s greatest expert on how it has impacted my father’s access to information, and I can tell you that it has gotten in the way quite a bit.

My dad, you see, has great access to his information. Which is fine, except when he is too sick to use the information!

Making matters worse, we do not have great access to his information. True, we can log onto the website for the hospital he’s been at and see all sorts of information about him, including lab tests and whatnot. That’s all to the good.

But when it comes to his insurers — Blue Cross Blue Shield of Illinois (for Medigap coverage) and CNA (for Long Term Care coverage), mum’s mostly the word.

You could have an elderly parent on his or her deathbed, and be in great need of some information the InsCo might have, and they will tell you nothing — no, not a thing.

*  *  *

HIPAA release forms are supposed to solve much of the problem. These are forms which tell the company involved to provide information to certain people (e.g. spouse and children).

Similarly, we’ve used generic forms over the years to direct lots of different entities (brokerages, the VA, etc.) to (a) tell me anything I want to know, and (b) send me cc copies of everything they send to my folks.

The first part has worked just fine with every company, including the InsCos; telephone calls seem to be pretty well immune to HIPAA interference. So, now when I call one of my folks’s InsCos, they authenticate me, first using information about my folks and then information about me, and then I ask questions and get answers. That’s all well and good.

And, not to put too fine a point on it, but I am much better at interfacing with an insurance company than either of my folks. It’s in my wheel house; to them it’s a foreign country. We do believe in division of labor; it helps a lot.

*  *  *

It’s important to do these authorizations well ahead of when you might need the info-flow, because InsCos really don’t believe in email or pdf scans, and only infrequently (never?) will accept a fax for something of this nature. So expect the document flow process — the one that grants you entre’ into the instant info flow process — to take one to two weeks. It’s a little ironic.

Action Item Number 1, then, is for you to get yourself info-flow authorized on every important financial and medical relationship your loved ones have. And do go broad here: include in the term “loved ones” your spouse, your parents, your children, etc. — anyone who is 100% comfy with you having 100% access to the over-the-phone info-flow the company involved might push out to your loved one (and, once the authorization is in place, will push out to you).


*  *  *

One detail: powers of attorney can accomplish much in this context, but these HIPAA documents are specifically about information flow, exclusively, and do not provide anyone with any powers over another person’s person or property (as they say). Lots of people are OK providing others with info-flow, but providing powers of attorney is something most people do quite gingerly and usually rarely. On the flip-side, a lot of people are comfortable having the info-flow power, but not so much having the power of attorney power.

*  *  *

So the info-flow over the phone works OK. So what I am griping about?

The problem comes from the document-flow part — the part about getting copies of everything that’s mailed to my folks also sent to me. That part has proved highly problematic and, to date, insurmountable in some cases.

Imagine, if you will, then, that an elderly family member of yours receives a five-page long EOB — that Explanation of Benefits thing that your insurance company sends to you which, if you’re lucky, you find hard, but not impossible, to understand and, if you’re not, is totally incomprehensible. You know: it’s that computer-output’y, big-ledger’y, densely numbered thing that, if you can decipher it, shows what the InsCo paid and what it did not.

It would be nice — real nice — to get a cc copy of any EOB that goes out to my folks also sent to me at the same time. I can read these things better than they can. EOBs tend to be pretty scary and offputting.

CNA tells me, though, that the only way I can do that is to cut off my parents’ mail flow. In other words, they can send documents to only one person — no cc’s allowed — so either my folks get the document or I do, but not both of us. The reason they give for this is HIPAA. That’s also the reason they give for not being able to use email and can only use faxes when sending blank forms (and when they say blank, they really mean it).

So, HIPAA, I’m big on privacy and all, but, as CNA interprets things anyway, you are way in the way.

*  *  *

I add that every brokerage, mutual fund house, etc., is set up to send multiple cc copies of everything they send out to their customers; you need only direct them to do so in writing. Indeed, much of the in-house regulatory compliance brokerages et al. use is based on the house receiving cc copies of their employees’ financial account statements — all the better to see if the employees are up to no good, you see.

Not so with InsCos, leery of being in the info-shadow of HIPAA.

*  *  *

So my advice to all of you is that you make sure that you have a HIPAA-oriented document that tells every InsCo in each of your loved ones’ lives that you are inside, rather than outside, your loved ones’ HIPAA-zone-of-information-flow. And I do mean every loved one. If they’ll allow you in.

And if anyone knows better about how to get around the problems described here, please do get in touch or post a reply.


1,238 words (about a 13 minute read, give or take, and sans links)


Leave a Comment