top of page
Search

A Records Project Turns Into a Privacy Puzzle

  • Writer: Jessica Zeff
    Jessica Zeff
  • 4 days ago
  • 3 min read
Patient date of death verification illustration showing a medical record folder labeled “Date of Death” positioned between a heart icon and a shield with a lock, representing the balance healthcare organizations must maintain between compassionate handling of deceased patient records and HIPAA privacy protections.

We’re in the middle of a records retention clean-up project—one of those dusty, backroom compliance jobs where nobody gets excited until someone discovers a red flag.


In our case? It was this deceptively simple question:


“How do we confirm whether a patient is deceased so we can apply our retention policy?”


You’d think it would be easy. But in practice, determining a patient’s date of death isn’t always straightforward—especially when there’s no family notification, no claim activity, and no official record in your EHR.


So what do you do when the clock on your records retention policy depends on confirming a fact no one is officially telling you?


Why Date of Death Matters

In most states and under many retention policies, medical records must be maintained for a defined number of years after the last patient encounter—or, in some cases, after the patient’s death.


If your retention schedule includes “X years after death,” you need an accurate way to confirm that date—and document it.

Without it, you may:


  • Over-retain data longer than necessary (adding cost and risk)

  • Under-retain and dispose of records prematurely (a legal liability)


Either outcome can cause problems if the records are later requested or audited.


The Usual Methods—And Their Limitations


  1. Family Notification

    • Pros: Typically reliable and timely

    • Cons: Inconsistent; many families never notify providers


  2. Returned Mail / Inactive Status

    • Pros: Triggers a review

    • Cons: Doesn’t confirm death—only non-engagement


  3. EHR Death Flags (from ADT feeds or HIEs)

    • Pros: Integrated with hospital systems or registries

    • Cons: May not capture deaths outside your network or in other states


  4. Claims Data (from payers)

    • Pros: Often includes date of death for coverage termination

    • Cons: Not always accessible or current


That’s where the suggestion comes in: “Can we just Google them and look for an obituary?”


Googling Obituaries: Clever or Concerning?

From a practical standpoint, Googling a patient’s name for an obituary can work. In fact, many HIM and compliance teams quietly use this method to fill in the blanks when other data sources fail.


But should we?


Here’s the ethical and legal balance to consider:


  • Pro: Public obituaries are legally accessible and can provide useful, corroborated data


  • Con: Searching for patient info online—especially with limited identifiers—can risk misidentification or accidental PHI exposure (if searches are not well-controlled or documented)


Some compliance teams have formalized the practice by:


  • Creating a scripted search protocol (e.g., name + city + birthdate)

  • Requiring a second reviewer to verify the match

  • Documenting the source (link or screenshot of the obituary)

  • Retaining that documentation in the patient’s record audit file


Others prefer more formal approaches, like subscribing to:


  • The Social Security Death Index (SSDI)

  • Third-party verification services that consolidate death data from multiple sources


Official Sources: What About the Death Master File?

One often-overlooked but powerful tool is the Death Master File (DMF) maintained by the Social Security Administration (SSA). This file includes names, dates of birth and death, and Social Security Numbers of individuals reported deceased to the SSA.


It sounds like the perfect solution—but there’s a catch.

To use it, your organization must apply for access to the Limited Access Death Master File (LADMF) through the National Technical Information Service (NTIS). This process requires:


  • A formal application

  • Annual certification

  • Demonstrated security safeguards

  • Use only for approved purposes (such as fraud prevention or compliance-related verification)


If your organization qualifies, the DMF can be a highly reliable source of verified death data. However, because access is tightly controlled, many healthcare organizations either:


  • Don’t have access

  • Rely on third-party vendors that do

  • Or turn to publicly available obituaries as a backup


Still, if you're routinely trying to verify patient death for retention purposes, evaluating whether DMF access is feasible may be worth your time.


Risk-Reducing Tips for All Verification Methods

Whether you’re using obituaries, claims, or SSA sources, treat death verification like any other compliance process:


  • Use at least two identifiers to verify matches

  • Archive the source of the death date (screenshot, obituary, system note)

  • Document the verification date and method

  • Avoid assumptions—if there’s doubt, flag for additional review


Final Thought: Respect and Recordkeeping

There’s something deeply human about this topic. These aren’t just data points—we’re talking about people who were once our patients. The fact that we must rely on Google at times is a reflection of gaps in the healthcare ecosystem, not a failure of diligence.


Still, as compliance professionals, we have to work with what we’ve got—and that means balancing accuracy, privacy, and practicality.


Do you have questions about this blog?

 

Comments

bottom of page