Drexel University Clinical Covered Entities
Privacy Program Policies and Procedures
Policy Title: Decedents
Policy Number: IM-25
Effective Date: September 23, 2013
Last Revision: September 1, 2017
Responsible Officer: Vice President, Chief Compliance, Privacy and Internal Audit Officer
Table of Contents
This policy applies to all Covered Entities within Drexel University.
Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.
To clarify authorization rights for deceased patients.
Drexel University (DU) will extend the HIPAA privacy obligations to deceased patients' protected health information for a period of fifty (50) years following a patient's death. Following a patient's death, DU may disclose the decedent's protected health information to the decedent's family members and to other persons who were either involved in the decedent's care or payment for care prior to death, unless doing so is inconsistent with a prior expressed preference of the decedent that was known to DU.
During a patient's care, to the extent communicated to DU personnel, DU personnel shall document in a patient's medical record any patient preference restrictions regarding disclosures by DU to family members or others involved in the patient's care or payment for care following death.
Back to Top