A general durable power of attorney (GDPOA) and a medical power of attorney (MedPOA) are two of the most important estate planning documents you can have, but in some instances they may be useless if they don't comply with the federal privacy law.

A GDPOA allows someone you designate (your "agent" or "attorney-in-fact") to make decisions for you if you become incapacitated. A MedPOA specifies who will make medical decisions for you. For these documents to be effective, your agents may need to be able to access your medical information. However, medical information is private. The Health Insurance Portability and Accountability Act (HIPAA) protects health care privacy and prevents disclosure of health care information to unauthorized people. HIPAA authorizes the release of medical information only to a patient's "personal representative."

HIPAA can be a problem especially if you have a "springing" power of attorney. A springing POA doesn't go into effect until you become incapacitated. This means your agent doesn't have any authority until you are declared incompetent, but, under HIPAA, the agent won't be able to get the medical information necessary to determine incompetence until the agent has authority.

To make sure your agent doesn't get caught in this "Catch-22," your GDPOA and MedPOA should contain a HIPAA clause that explains that the agent is also the personal representative for the purposes of health care disclosures under HIPAA. You should also sign separate HIPAA release forms that explain what medical information can be disclosed, who can make the disclosure, and to whom the disclosure can be made.

Contact us to make sure your POA and MedPOA do not conflict with HIPAA.