{"id":2002,"date":"2004-07-27T11:38:25","date_gmt":"2004-07-27T15:38:25","guid":{"rendered":"http:\/\/resources.evans-legal.com\/?p=2002"},"modified":"2019-11-26T11:02:02","modified_gmt":"2019-11-26T16:02:02","slug":"estate-lawyers-need-know-hipaa-protected-health-information","status":"publish","type":"post","link":"https:\/\/resources.evans-legal.com\/?p=2002","title":{"rendered":"What Estate Lawyers Need to Know about HIPAA and ‘Protected Health Information’"},"content":{"rendered":"\n

This article was originally published in <\/em>Probate & Property, Vol. No. 4, p. 20 (July\/August 2004). Citations have not been confirmed or updated.<\/em><\/p>\n\n\n\n

If you’ve been to a doctor or hospital in the last few months, you’ve been asked to sign a piece of paper titled something like “HIPAA Notice of Privacy Practices,” which probably told you all sorts of stuff about your medical records that you either didn’t understand or didn’t really care about.\u00a0 Well, the same federal law that has doctors asking patients to sign all of those pieces of paper also imposes penalties on doctors (and hospitals and other health care providers) who make unauthorized disclosures of “protected health information” about their patients, and that means that health care providers are not going to be talking about (or otherwise disclosing information about) the medical condition of a patient to the families of the patient, or the lawyer for the patient, which can lead to problems when families and lawyers are trying to figure out whether the patient is disabled for purposes of durable powers of attorneys, advance medical directives, trusts, employment contracts, and other kinds of contracts and documents.<\/p>\n\n\n\n

This article will therefore explain the history and\ngeneral provisions of HIPAA and its regulations and discuss how those\nregulations may affect various estate planning documents and practices.<\/p>\n\n\n\n

History and Background<\/h2>\n\n\n\n

The Health Insurance Portability and Accountability Act of\n1996 (“HIPAA”), H.R. 3103, P.L. 104-191, sometimes known as the\nKennedy-Kassebaum bill, had as its primary goals the portability of health\ninsurance coverage from one employer-provided health insurance program to\nanother employer’s health insurance program, as well as the reduction of fraud\nin Medicaid, Medicare, and other kinds of health insurance and health care\ncosts.  In order to carry out those\ngoals, HIPAA instituted new standards for recording health care information\nelectronically, and new standards for how that health care information could be\nshared electronically among health insurers and governmental regulators.  Finally, having begun regulating how health\ncare information should be shared, Congress felt it necessary to regulate how\nhealth care information should NOT be shared, and so a section of HIPAA\nauthorizes the Secretary of Health and Human Services to promulgate regulations\non how health care information must be kept confidential and under what\ncircumstances health care information may be disclosed.<\/p>\n\n\n\n

To establish standards for health records, 42 U.S.C.\n\u00a71173, added by section 262 of HIPAA, gives the Secretary of Health and Human\nServices broad discretion in adopting standards to enable health information to\nbe exchanged electronically, as well as security standards for health\ninformation.  Section 1173(d)(2) also\nrequires those who maintain or transmit health information to maintain\nreasonable and appropriate safeguards in order (among other things) “to\nprotect against any reasonably anticipated \u2026 unauthorized uses or disclosures\nof health information.”<\/p>\n\n\n\n

Section 264 of HIPAA required the Secretary to recommend\nstandards with respect to the privacy of individually identifiable health\ninformation and, if those recommended standards were not enacted as\nlegislation, the Secretary was required to issue regulations addressing:<\/p>\n\n\n\n

“(1) The rights that an individual who is a subject of individually identifiable health information should have.
(2) The procedures that should be established for the exercise of such rights.
(3) The uses and disclosures of such information that should be authorized or required.”\u00a0 <\/p>HIPAA, section 264(b).<\/cite><\/blockquote>\n\n\n\n

HIPAA, section 264(b).<\/p>\n\n\n\n

The Secretary published regulations on December 28, 2000,\nat 65 FR 82802, then modified the regulations on August 14, 2002, 67 FR 53182,\nand the modified regulations became effective April 14, 2003.  The regulations can be found at 45 CFR\n\u00a7\u00a7164.500 et seq.<\/p>\n\n\n\n

The penalties for disclosing (or obtaining)\n“individually identifiable health information” in violation of HIPAA\nare severe.  Under 42 U.S.C. \u00a71177, as\nadded by section 262 of HIPAA, a person violating the privacy provisions of\nHIPAA can be fined not more than $50,000 and imprisoned not more than one\nyear.  However, if the violation is\n“under false pretenses,” then the fine can be $100,000 and the\nimprisonment can be 5 years. and if the violation is “with intent to sell,\ntransfer, or use individual identifiable health information for commercial\nadvantage, personal gain, or malicious harm,” the fine can be $250,000 and\nthe imprisonment can be 10 years.<\/p>\n\n\n\n

Privacy Regulations<\/h2>\n\n\n\n

The HIPAA privacy regulations at 45 CFR \u00a7\u00a7164.500 et. seq.\ncontain a number of detailed provisions about health information that may be\nshared or disclosed to carry out treatments, billing and payments, health care\noperations, and other purposes, and those details are beyond the scope of this\narticle.  However, estate practitioners\nshould know what is “protected health information,” the circumstances\nunder which it can be disclosed to family members or legal representatives, and\nwhat procedural remedies might exist for failure to disclose.<\/p>\n\n\n\n

The discussions that follow generally use the same\nterminology as the regulations themselves, with two exceptions.  The regulations apply to “covered\nentities,” which includes not only doctors, hospitals, and other health\ncare providers but also health plans, employers, and health care clearinghouses.  Because practitioners will most often be\ndealing with doctors, hospitals, and other health care providers as their\nsource of health information, the discussions below will refer to health care\nproviders even when the regulations refer more broadly to “covered\nentities.”  The regulations also\nrefer to the health information of an “individual,” but for\nconvenience and clarity the discussions below will often refer to the health\ninformation of a “patient.”<\/p>\n\n\n\n

The regulations apply generally to “protected health\ninformation,” which is defined by 45 CFR \u00a7164.501 as “individually\nidentifiable health information” that is either transmitted by electronic\nmedia, maintained in any electronic media, or transmitted or maintained in any\nother<\/em> form or medium (subject to certain exceptions not relevant\nhere).  “Individually identifiable\nhealth information” is defined by 42 USC \u00a71171(6) as any information (1)\ncreated or received by a health care provider, health plan, employer, or health\ncare clearinghouse that (2) relates to the past, present, or future physical or\nmental health or condition of an individual, the provision of health care to an\nindividual, or the past, present, or future payment for the provision of health\ncare to an individual, and (3) either identifies the individual or with respect\nto which there is a reasonable basis to believe that the information can be\nused to identify the individual.<\/p>\n\n\n\n

These definitions are quite broad, and would apparently include any<\/em> information about a patient’s medical condition or treatment, transmitted in any<\/em> form (including orally).<\/p>\n\n\n\n

Protected health information can obviously be disclosed to\nthe patient himself (45 CFR \u00a7164.502(a)(1)(i)) and must<\/em> be disclosed to\nthe patient (subject to various exceptions, including an exception for\npsychotherapy notes) if requested by the patient (45 CFR \u00a7164.524).  There are specific provisions for the review\nof the denial of a patient’s request for protected health information (45 CFR\n\u00a7164.528), amendments to protect health information (45 CFR \u00a7164.526), and\naccounting for past disclosures of protected health information (45 CFR\n\u00a7164.528).<\/p>\n\n\n\n

The regulations also specify that, for purposes of\ndisclosure, the patient’s “personal representative” is treated in the\nsame way as the patient, meaning that the personal representative has the same\nrights and powers as the patient to protected health information.  The definition of “personal\nrepresentative” is a functional definition, because the regulations state\nthat, if a person has the authority to act on behalf of an adult or emancipated\nminor “in making decisions in relation to health care,” that person\nmust be treated as the “personal representative” with respect to\nprotected health information “relevant to such personal representation.”  45 CFR \u00a7164.502(g)(2).  The issue of who is a “personal\nrepresentative” is therefore a function of state law, and the information\nthat can be obtained by the personal representative is a function of the health\ncare decisions that can be made by the personal representative under state law.<\/p>\n\n\n\n

Similar rules allow a parent, guardian, or other person\nacting in loco parentis to an unemancipated minor to be treated as the personal\nrepresentative of the minor with respect to protected health information\nrelevant to health care decisions that may be made by that person under\napplicable law (45 CFR \u00a7164.502(g)(3)) and allow the executor or administrator\nof a decedent’s estate to be treated as the personal representative of the\ndecedent (45 CFR \u00a7164.502(g)(4)).<\/p>\n\n\n\n

However, the regulations do not require health care\nproviders to follow state law in all cases. \nA health care provider can refuse to treat a person as a personal\nrepresentative for a patient if the health care provider has a reasonable belief\nthat the personal representative may have abused the patient, or that treating\nthe person as the personal representative could endanger the individual, if the\nhealth care provider decides, “in the exercise of professional\njudgment,” that it is not in the best interests of the patient to treat\nthe person as the personal representative. \n45 CFR \u00a7164.502(g)(5).  See also,\n45 CFR \u00a7164.512(c)(2)(ii) and \u00a7164.524(a)(3)(iii).<\/p>\n\n\n\n

Protected health information (other than psychotherapy\nnotes) can also be disclosed in accordance with a “valid\nauthorization” signed by the patient. \n45 CFR \u00a7164.508.  A valid\nauthorization is a document written in “plain language” (45 CFR\n\u00a7164.508(c)(2) and must contain the following information (45 CFR\n\u00a7164.508(c)(1)):<\/p>\n\n\n\n

  • A description of the information to be disclosed that identifies the information in a specific and meaningful fashion;<\/li>
  • The name or other specific identification of the health care providers or other persons (or class of persons) authorized to make the requested disclosure;<\/li>
  • The name or other specific identification of the persons (or class of persons) to whom the disclosure may be made;<\/li>
  • The purpose of the requested disclosure (which may be “at the request of” the patient if the patient initiates the request and does not wish to state the purpose);<\/li>
  • An expiration date or an expiration event that relates to the patient or the purpose of the disclosure; and<\/li>
  • The signature of the patient and date.\u00a0 If the authorization is signed by a personal representative of the patient, the document must describe the source of the representative\u2019s authority.<\/li><\/ul>\n\n\n\n

    The authorization must also include statements adequate to\nput the patient on notice that (a) the patient has the right to revoke the\nauthorization in writing and how the patient may revoke the authorization, (b)\nwhether or not any treatment, payment, or enrollment is conditioned on the\nauthorization, or the consequences of not signing the authorization (if any),\nand (c) the potential for disclosed information to be disclosed further because\nit may no longer be subject to HIPAA regulations once disclosed.<\/p>\n\n\n\n

    The regulations also state that a valid authorization\nshould not be combined with “any other document” to create a compound\nauthorization.  45 CFR\n\u00a7164.508(b)(3).  The goal seems to be to\nprevent confusing a patient by combing two different authorizations for two\ndifferent purposes into one document.  In\nthat case, both the literal language of the regulation and the purpose of the\nregulation would allow an authorization to be included as part of a larger document\n(such as a revocable trust, as discussed below) that is related to the\nauthorization but does not include any other authorization for disclosure of\nhealth information.  However, health care\nproviders are required to keep copies of all authorizations (45 CFR\n\u00a7164.508(b)(6)), and so it would be better to have a short, separate document\nfor the health care provider’s records, rather than a longer document with\ninformation about the client’s estate plan (or other affairs) that the health\ncare provider has no business knowing. \nFor both these reasons, it will usually be better to create separate\nwritten authorizations whenever an authorization to disclose protected health\ninformation is needed.<\/p>\n\n\n\n

    As can be seen from the foregoing, a family member or\nfriend who is not a “personal representative” may be left in the dark\nabout the medical condition of a spouse, parent, adult child, or other close\nfamily member.  The regulations seem to\nrecognize only four circumstances in which the medical condition of a patient\nmight be shared with family members or friends (if the patient does not\nobject):<\/p>\n\n\n\n

    • Protected health information may be disclosed to a family member, other relative, close personal friend, or other person identified by the patient to the extent that the information is directly relevant to the person’s involvement with the patient’s care or payment for the health care.\u00a0 45 CFR \u00a7164.510(b)(1)(i).\u00a0 This would allow doctors to discuss the relevant aspects of the patient’s care with those who are living with the patient and who will be involved with her care, as well as with those who are paying for the health care.<\/li>
    • Protected health information may be disclosed to family members, a personal representative, or another person responsible for the care of the patient in order to notify them of the patient’s location, general condition, or death.\u00a0 45 CFR \u00a7164.510(b)(1)(ii).\u00a0 So it will not be a violation of federal law for a hospital to call a patient’s next of kin to let them know that the patient is in the hospital and not doing well (or has died).<\/li>
    • Protected health information may be disclosed to others in the presence of the patient if the patient is capable of making medical decisions and the patient (i) consents, (ii) does not object (after being given an opportunity to object) or (iii) it appears from the circumstances (based on an “exercise of professional judgment”) that the patient does not object.\u00a0 45 CFR \u00a7164.510(b)(2).\u00a0 So, when the doctor visits the patient in the hospital and the family is visiting and a family member asks a question about the patient’s condition, the doctor can answer if the doctor first asks the patient or if the doctor reasonably believes that the patient has no objection.<\/li>
    • If the patient is not present, or there is an emergency or an incapacity, but it is in the “best interests” of the patient, using “professional judgment” and “experience with common practice,” protected health information may be disclosed that is directly relevant to the person’s involvement with the patient’s care, such as allowing the person to pick up prescriptions, medical supplies, or X-rays.\u00a0 45 CFR \u00a7164.510(b)(3).<\/li><\/ul>\n\n\n\n

      These exceptions seem to be an attempt to formalize the\n“rules” under which doctors in the past typically advised family\nmembers about a patient’s condition.<\/p>\n\n\n\n

      Although these new rules may cause problems for family\nmembers trying to learn about the medical condition of a patient from a doctor,\nthe problems that most estate lawyers will confront will relate to how the\nregulations relating to “personal representatives” and “valid\nauthorizations” apply to powers of attorney and other estate planning\ndocuments and procedures.<\/p>\n\n\n\n

      Powers of Attorney<\/h2>\n\n\n\n

      Many practitioners have expressed concerns that durable\npowers of attorney that include the power to make medical decisions (or durable\nhealth care powers of attorney) may need to be rewritten to comply with\nHIPAA.  Several legal groups and\nindividual lawyers have published new language (sometimes very lengthy and\ncomplex language) that they recommend be added to forms of powers of\nattorney.  However, the language of the\nHIPAA regulations show that no changes should be needed for Pennsylvania powers\nof attorney that follow the statutory definitions for powers relating to\nmedical care.<\/p>\n\n\n\n

      By statute, Pennsylvania allows a principal to empower an\nagent to “authorize medical and surgical procedures,” which means\nthat the agent “may arrange for and consent to medical, therapeutical and\nsurgical procedures for the principal, including the administration of drugs.”  20 Pa.C.S. \u00a75603(h)(2).<\/p>\n\n\n\n

      As explained above, the regulations under HIPAA require\nhealth care providers to treat the personal representative in the same way as\nthe patient, and a “personal representative” is the person who, under\napplicable law, has the power to make medical decisions for the patient.  A properly authorized agent under a power of\nattorney is a person who, under Pennsylvania law, has the power to make medical\ndecisions for the principal, so the agent should be entitled to the same\nmedical information as the principal.<\/p>\n\n\n\n

      Practitioners redrafting powers of attorney to include\nspecific powers relating to health information should also consider that the\nHIPAA regulations make no provisions whatsoever for a “power of\nattorney” to receive health information or to authorize disclosures of\nhealth information.  In order to be the\n“personal representative,” a person needs to have the authority to\nmake medical decisions for the patient. \nOnce a person has that power, all other powers granted by the document\nare superfluous.  Authorizing an agent to\nreceive or disclose health information is simply a waste of paper and ink,\nbecause there is no such thing as a “personal representative” of the\npatient who has the power to authorize disclosures but does not have the power\nto make medical decisions.<\/p>\n\n\n\n

      In order to make sure that an agent under a durable power\nof attorney has access to health information, it might be possible to write a\nbroad “valid authorization” in favor of the agent, but that may be\ncontrary to the spirit and structure of the regulations.  The regulations are consistent with the\nprinciple that a person who has the power to make medical decisions for a\npatient should be entitled to the same medical information as the patient, but\nthe regulations are hostile (or at least suspicious) of disclosures by written\nauthorizations.  As shown above, written\nauthorizations are supposed to be “specific” in what is to be\ndisclosed, for what purpose, from whom, to whom, and for how long.  A broad general authorization to disclose all\nmedical information from all sources, with no time limit, might not be valid\nunder the regulations (or at least the regulations provide reasons for health\ncare providers to hesitate before honoring such a document).<\/p>\n\n\n\n

      Most of the problems that are being encountered with\nhealth care professionals, HIPAA, protected health information, and powers of\nattorney are undoubtedly due to the newness of the regulations and the\nuncertainty of their application.  Many\nof these problems should disappear with time so that, in the long run, the best\nway to make sure that an agent under a power of attorney has access to all\nmedical information is to make sure that the agent has the power to make all\nmedical decisions, and not through additional wording in waivers or authorizations.<\/p>\n\n\n\n

      “Springing” Powers<\/h2>\n\n\n\n

      A “springing” power of attorney (that takes\neffect only upon the disability of the principal) may create new problems under\nHIPAA, because how is an incapacitated principal going to be able to authorize\naccess to the medical information needed to prove that the principal is\nincapacitated?<\/p>\n\n\n\n

      In order to avoid court proceedings and litigation (which\nis the purpose of most if not all powers of attorney), many springing powers\nstate that the principal shall be deemed to be disabled upon the written\nopinions of some specific number of physicians. \nBut under the HIPAA regulations, the principal’s physicians are\nprohibited from disclosing information about the principal’s medical condition\nwithout the permission of the principal or the personal representative of the\nprincipal.  The principal can’t give\npermission because the principal is already incapacitated.  The agent under the power of attorney is not\nthe “personal representative,” and can’t give permission, because the\nagent will have the power to make medical decisions for the principal only\nafter the power of attorney becomes effective and the power of attorney will\nnot be effective until after the physicians have given their opinions.<\/p>\n\n\n\n

      Catch-22.<\/p>\n\n\n\n

      The best solutions to this dilemma are either (a) stop\nusing springing powers or (b) arrange for the principal to sign a separate\n“valid authorization” along with any springing power, so that the\nprincipal’s physicians are authorized to disclose the protected health\ninformation relevant to whether or not the principal is suffering from a\ndisability.  See the discussion above of\n“valid authorizations” under 45 CFR \u00a7164.508.<\/p>\n\n\n\n

      Health Care Declarations (“Living Wills”)<\/h2>\n\n\n\n

      Following the model of the Pennsylvania statute (20\nPa.C.S. \u00a75404(b)), most advance health care declarations in Pennsylvania\nappoint a “surrogate” to make health care decisions in the event that\nthe signer is “incompetent and in a terminal condition or in a state of\npermanent unconsciousness.”<\/p>\n\n\n\n

      Consistent with the HIPAA regulations, a “surrogate”\nappointed under an advance health care declaration is not going to be treated\nlike the declarant for all disclosure purposes, but is going to be treated as a\n“personal representative” only after the advance health care\ndirective becomes effective, which is only after the declarant is\n“incompetent and in a terminal condition or in a state of permanent\nunconsciousness.”  Because the\nauthority of the surrogate could be seen as limited in scope (i.e., the surrogate\nis only authorized to decide whether a medical treatment will unnecessarily\nprolong life or is necessary to relieve pain), a health care provider could\nlimit the disclosures of protected health information to the surrogate to the\ninformation relevant to those decisions.<\/p>\n\n\n\n

      Whether limitations on the information and authority of a\n“surrogate” are a problem depends on how practitioners themselves see\nthe role of the surrogate.  If it is\nbelieved to be necessary or advisable for a family member to have full access\nto all medical information even before a patient might be incompetent or in a\nterminal condition, the best solution is to make sure that there is in force a\ndurable power of attorney with the authority to make medical decisions, or a\ndurable health care power of attorney, rather than attempting to revise or\nre-word an advance health care declaration.<\/p>\n\n\n\n

      Guardianship Proceedings<\/h2>\n\n\n\n

      Like “springing” powers of attorney,\nguardianship proceedings themselves may be subject to an additional procedural\nhurdle in order to authorize the alleged incapacitated person’s physicians to\ntestify in court (and necessarily disclose protected health information).<\/p>\n\n\n\n

      The HIPAA regulations specifically recognize judicial\nproceedings as an authorized disclosure. \n45 CFR 164.512(e).  However, the\nregulations draw a distinction between an order of the court and a subpoena,\nand health care providers are not necessarily required to comply with subpoenas\nunless certain conditions are met.  See\n45 CFR \u00a7164.512(e)(1)(ii).  In order to\nget a court order (and not just a subpoena), it may be necessary to file a\npetition and get a preliminary order for the disclosure of medical records and\nthe testimony of physicians before there is an actual hearing on the issue of\nincapacity.  This will ultimately depend\non whether health care providers are willing to honor a subpoena in\nguardianship proceedings or whether they will require a court order, and only\ntime will tell what policies or attitudes the health care industry will adopt.<\/p>\n\n\n\n

      Trust Agreements<\/h2>\n\n\n\n

      Like “springing” powers of attorney, many revocable\ntrusts provide for the removal of the grantor as trustee, changes in\ndistributions, or other consequences upon the disability of the grantor.  And, once again, many documents define the\n“disability” of the grantor in terms of an opinion by physicians that\nthe physicians will not be willing to provide without compliance with HIPAA.<\/p>\n\n\n\n

      It would seem that there could be three possible solutions\nto this problem.<\/p>\n\n\n\n

      One possible solution is to change the language of the\nrevocable trust so that a failure of the trustee to authorize the release of\nthe medical information necessary for the opinion of the physicians would\nitself become an event causing the grantor to be removed as trustee or\notherwise considered to be disabled for the purpose of the trust.  So, if the grantor were unable or unwilling\nto authorize the release of the medical information, the disability provisions\nwould automatically take effect.<\/p>\n\n\n\n

      Another possible solution is to arrange for a separate\nauthorization for the disclosure of the protected health information needed for\nthe opinion of the physicians.  Although\na broad and unlimited authorization might not be a “valid\nauthorization” under the regulations, an authorization for the specific\npurpose of determining disability within the meaning of the trust document\nshould be specific enough to pass muster under anything but the most stringent\nreading of the regulations.<\/p>\n\n\n\n

      A third possible solution is to include an authorization\nfor the disclosure of the necessary health information within the trust agreement\nitself.  As discussed above, this is not\nrecommended because the health care provider that discloses the health\ninformation will then be required to keep a copy of the trust document (45 CFR\n\u00a7164.508(b)(6)), which seems like a needless disclosure of the client’s estate\nplan.<\/p>\n\n\n\n

      Employment and Other Contracts<\/h1>\n\n\n\n

      There are other documents related to estate planning that\nmay include definitions of disability or a need for medical determinations,\nincluding employment agreements with disability benefits, shareholder or\npartnership agreements that allow or require transfers of business interests\nupon disability, and possibly even antenuptial agreements or separation\nagreements.  In each case, practitioners\nwill need to reconsider how to get the necessary authorizations for the\ndisclosure of health information.<\/p>\n\n\n\n

      Where it is to the benefit of the individual to provide\nthe evidence of disability, then it would seem that very little needs to be\ndone except to make sure that the individual has a durable power of attorney that\nincludes the power to make medical decisions.<\/p>\n\n\n\n

      The more difficult case is that in which it is to the\nbenefit of other parties to demonstrate the disability of the individual, and\nin those cases the best drafting solutions will probably follow the suggestions\nmade above with respect to revocable trusts. \nThat is, that the documents be drafted so as to put the burden of proof\non the individual and for the other parties to the contracts to be able to\nclaim the existence of a disability if the individual is unable (or unwilling)\nto execute a valid authorization to disclose the necessary health\ninformation.  Or that the individual\nsigned a valid authorization for the disclosure of health information when the\ncontract is signed, so that the other parties to the contract may be able to\nobtain the necessary health information when needed.<\/p>\n\n\n\n

      Conclusions<\/h2>\n\n\n\n

      Like many new laws, the HIPAA privacy regulations are\ncausing confusion and uncertainty. \nHowever, contrary to the fears of many practitioners, durable powers of\nattorney that give the agent the power to make medical decisions should\ncontinue to be honored under HIPAA and should allow the agent both access to\nprotected health information and the power to authorize disclosures of\nprotected health information.  Other problems\nthat practitioners may encounter should be solvable with separate\nauthorizations for the disclosure of protected health information, as well as\ntrust and contractual agreements that recognize the problems of obtaining\nhealth information and reallocate the resulting burdens and presumptions.<\/p>\n\n\n\n\n\n

      <\/p>\n","protected":false},"excerpt":{"rendered":"

      An introduction to the federal regulations under the Health Insurance Portability and Accountability Act of 1996 that lawyers helping clients plan for future medical decisions should be aware of.<\/p>\n Continue reading →<\/span><\/a>","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":"","footnotes":""},"categories":[32],"tags":[],"class_list":["post-2002","post","type-post","status-publish","format-standard","hentry","category-articles","pmpro-has-access"],"_links":{"self":[{"href":"https:\/\/resources.evans-legal.com\/index.php?rest_route=\/wp\/v2\/posts\/2002","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/resources.evans-legal.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/resources.evans-legal.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/resources.evans-legal.com\/index.php?rest_route=\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/resources.evans-legal.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2002"}],"version-history":[{"count":5,"href":"https:\/\/resources.evans-legal.com\/index.php?rest_route=\/wp\/v2\/posts\/2002\/revisions"}],"predecessor-version":[{"id":7349,"href":"https:\/\/resources.evans-legal.com\/index.php?rest_route=\/wp\/v2\/posts\/2002\/revisions\/7349"}],"wp:attachment":[{"href":"https:\/\/resources.evans-legal.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2002"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/resources.evans-legal.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2002"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/resources.evans-legal.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2002"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}