You’ve probably heard of HIPAA, the law that protects your medical privacy. In short, HIPAA limits how healthcare providers, insurers and employers can use and share your health information. But once you go beyond the basics, the finer details of your privacy rights can be confusing, and myths and misunderstandings abound. We’ve compiled a few of the most common myths to help you separate fact from fiction.
Myth #1: Your doctor can’t discuss your care with family members
Fact: Healthcare providers can tell your family, other relatives or close friends any information they need to know to be involved or informed about your care. And as long as you don't object, providers can also share other medical details with your family or other people that are close to you. If you’re unconscious or otherwise not able to give consent, then it’s up to the doctor’s professional judgment to decide what to tell. If a doctor or hospital refuses to share information with your family, that’s the provider’s policy, not the law.
Myth #2: Hospitals cannot give your room number without your consent
Fact: Unless you tell the hospital to exclude your name from their directory, you will be listed as a patient. If someone asks for you by name, the hospital can tell them what room you’re in and your general condition. However, hospitals are required to give you a chance to opt out.
Myth #3: Your healthcare provider needs your approval before they can release your health information to another provider
Fact: Doctor’s offices can share your medical records for treatment purposes. That includes consultations about your care and referrals from one doctor to another.
Myth #4: Providers can disclose your health information to an employer
Fact: Unless you've given explicit, written consent, your healthcare provider is prohibited from sharing your personal health information with your employer. Employers can ask you for a note from your doctor related to sick leave, worker’s compensation or insurance, but they can’t ask the doctor directly.
Myth #5: Your doctor can’t communicate with you by email
Fact: Healthcare providers are free to email you—or send your health records by email—as long as they use encryption or another way to protect your health information from unwanted access or tampering. Likewise, it’s okay for healthcare providers to fax your records, but they must have security measures in place.
Myth #6: Providers are discouraged from leaving voicemail messages
Fact: If you have an outgoing message that verifies your name or phone number, providers are allowed to leave a message. And they can also leave a message with someone else if you've given that person permission to receive your messages.
Myth #7: If you think your health privacy has been violated, you can sue
Fact: No matter how serious the violation, the law doesn’t give you the right to sue. Your first recourse is to contact the Privacy Officer of the provider where you think the violation happened. If you can’t resolve the issue that way, you should file a formal, written complaint with the Department of Health and Human Services’ Office for Civil Rights. But note that you must file your complaint within 180 days.
