In the process of handling release of information requests, ScanSTAT often receives requests for deceased patient records. These requests typically stem from life insurance claims, wrongful death suits, and other litigious matters that require a review of medical treatment prior to the patient’s passing. Because the patient rarely signs their own release post-mortem, ScanSTAT must handle these requests differently than the majority of requests which are signed by the patient.

Since these requests are signed by individuals other than the patient, ScanSTAT must ensure that the person authorizing the distribution of information is permitted to do so. HIPAA establishes protections for patient privacy 50 years past the death of the deceased.1 ScanSTAT must ensure that the person authorizing the distribution is legally entitled to do so. HIPAA indicates that upon death, an administrator of an estate, an executor of a will or anyone appointed under state law legally has the same right to release information as the patient.2

Although each state is different, ScanSTAT maintains a broad process that integrates exceptions based on state law. For each request of a deceased patient’s records, ScanSTAT requires documentation indicating the person signing the release authorization is an executor or administrator of the estate. Supporting documents may include:

  • Copy of the Last Will and Testament naming the signer as executor, administrator, fiduciary or trustee
  • Copy of Court Appointed Representative for the Estate documentation
  • Copy of Court Appointed Representative for Patient (for signature other than patient compliance)
  • Letter of Probate from the court
  • Power of Attorney or Durable Power of Attorney with language indicating that it extends into death

When ScanSTAT receives a request without this documentation, a letter is sent with the request to the requestor indicating the need for proof of the signer’s authority to request and release the deceased patient’s information. If this validation of authority is included, it is processed as a standard release of information request.

Broadly speaking, there are some instances where ScanSTAT does not require this documentation. These instances are those in which an authorization is not normally necessary, as indicated by §164.502(f).3 These situations may include:

  • Coroner / Medical Examiner’s Office Requests
  • County Child Fatality Prevention
  • Government Requests
  • Health Insurance Claim
  • Insurance Reviews
  • Subpoenas

Of course, there are a number of state laws that alter how a process may be handled. Because of this, exceptions do apply. Should you have any questions regarding how ScanSTAT processes requests in certain instances, or in your state, please contact your ScanSTAT Client Experience Representative.


1 45 CFR §160.103 – Definition of “Protected Health Information” (2)(iv)

2 45 CFR §164.502(g)(1)

3 45 CFR §164.502