Does HIPAA Apply After Death? Everything You Should Know

HIPAA regulations benefit consumers by protecting sensitive and private health information. Each year, over 84% of adults and 94% of children see a health professional. 

That’s a lot of personal health information floating around in cyberspace! The HIPAA regulations for privacy are strict. And they protect your personal information from falling into the wrong hands. 

Most people know the basics when it comes to HIPAA. But, does HIPAA apply after death? Is your personal information still protected even after you die?

Read on for more information about the HIPAA laws and how they apply after death. 

What’s HIPAA?

HIPAA is an acronym for the Health Insurance Portability and Accountability Act. Created in 1996, the law has been in effect since 2003. The Office for Civil Rights enforces HIPAA.

HIPAA is a federal law. It provides privacy protections for consumers across the United States. 

The federal law meets several objectives:

  • Portability
  • Combats fraud and abuse through the Medicaid Integrity Program
  • Simplifies administrative aspects
  • Privacy and security of electronic protected health information (PHI)

These objectives maintain the minimum amount of privacy for all Americans. Many states also provide extra privacy protections for patients. 


Changing employers? Because of HIPAA, there’s now renewable, available health coverage on the open marketplace. Preexisting conditions can’t exclude you from any health plans. 

Medicaid Integrity Program

The Medicaid Integrity Program combats fraud and abuse through anti-fraud contractors. The program guarantees funding for integrity enforcement. 

Administrative Simplification

HIPAA created standardized transactions and code sets for electronic transactions. Each employer has a unique employer identifier. 

Privacy and Security

One of the most obvious provisions of HIPPA for consumers is privacy and security. A doctor’s visit now includes signing privacy and security information required by HIPPA. 

Who’s Affected by HIPAA?

HIPAA affects the entire healthcare system. Doctors, hospitals, and treatment centers all operate under HIPAA laws. 

Mental health providers also abide by HIPAA rules. That includes any mental health facility as well as therapists, counselors, and psychiatrists.

All health plans, including private and commercial, fall under HIPAA regulations. HIPAA affects any business that electronically stores health information. This includes healthcare clearinghouses. 

A healthcare clearinghouse is a third-party billing service between providers and insurance companies. Many healthcare providers use clearinghouses due to the complex nature of medical billing. 

Does HIPAA Apply After Death?

Many might argue that once you’re dead, your personal information shouldn’t matter. But it often matters to surviving loved ones and friends.

Celebrities, for instance, shouldn’t fear their personal information becoming public upon death. Some diseases carry a stigma. Families don’t want their loved one’s health information publicized.

You might not think anyone would want your personal health information after you die. But that’s not true. There are many good reasons why your personal information is valuable. 

Biographers, historians, and archivists all use personally identifiable information in their jobs. They use old records in pursuit of historical information. 

The HIPAA Privacy Rule “explicitly excludes from the definition of ‘protected health information’ individually identifiable health information regarding a person who has been deceased for more than 50 years.”

Enforcement of the rule for a person who has died is the same as for the living. Yet, there are some exceptions.

What Are the Exceptions?

There are times when it’s legal for a covered entity to disclose the PHI of a deceased individual. These include:

  1. To alert law enforcement to the death of the individual when there is a suspicion that death resulted from criminal conduct.
  2. To Coroners or medical examiners or funderal directors.
  3. For research that is solely on the protected health information of decedents.
  4. To organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of cadaveric organs, eyes, or tissue for the purpose of facilitating organ, eye, or tissue donation and transplantation.

Were you involved in the deceased’s healthcare or payment for care before he died? In that case, the healthcare provider can release some information to you.

A patient can express a desire before they die against the release of the info. In that case, the health entity can’t release the health information.

The info disclosed must be relevant to the person’s involvement in the care of the deceased. Information involving payment of care is also sometimes disclosed.

It is possible for the release of PHI not permitted by HIPAA. That requires written authorization from a personal representative of the decedent. The representative needs the authorization to act for the decedent under State law. 

This includes people such as an executor of the decedent’s estate.  

Is the PHI for Your Medical Care?

Family health information is often helpful for doctors when treating patients. Are you looking for access to a relative’s PHI for a better understanding of your own health?

Ask the healthcare provider who treated your deceased family member. 

HIPAA-covered entities can disclose PHI of a decedent without authorization. In that case, the information goes straight to the provider. And it’s only given when a surviving relative is being treated. 

The Role of HIPAA for the Deceased

Most people never think to ask, “Does HIPAA apply after death?” The answer is a definite “yes.”

Your medical records remain protected in the same manner after death as they were before. There are only a few exceptions.

It’s a good idea to think about how you want your personal information treated after your death.

Talk to your family about health information important for their own health treatment. That way they won’t worry about the added step of asking for an exception to HIPAA. 

Do you have other questions about HIPAA and HIPAA compliance? Read our HIPAA Security Suite blog here.

HIPAA Security Reminders


HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top