4 Ways HIPAA Works for You as a Patient

Jack Berberian

HIPAA, the Health Insurance Portability and Accountability Act, is supposed to protect your privacy as a patient. It’s complicated, and complicated laws are apt to have unintended consequences or be misunderstood. Sometimes it can seem to get in the way of necessary communication, but the better you understand it, the less likely you are to have problems. If you understand how HIPAA works, you can make sure that your healthcare providers will feel confident informing people who need to know.


Make your wishes explicit
HIPAA lets providers exercise their judgment. They’re allowed to share information with spouses, family members, and friends if it’s directly relevant to their involvement. If you’re available, they have to get your permission or ask if you object. If you’re unconscious or can’t be reached, they can exercise professional judgment.

On the other hand, they aren’t required to share information with anyone, unless they’re your personal representatives. A “personal representative” means someone who can make decisions for you, such as the parents of a minor or a person with power of attorney. If you want information freely shared with anyone else, such as your spouse, it’s best to say so explicitly and in writing.

By the same token, if there’s someone you don’t want given any information and might come asking for it, make sure to tell your provider. HIPAA doesn’t specify how stringently an office has to check a person’s identity. If that’s a concern, let them know they need to watch out.

HIPAA gives you protections
The information your healthcare provider shares has to be relevant to your condition, so you generally don’t have to worry about sharing of past information unless it affects your current situation.

Medical offices are usually on guard against giving out information too freely. You’re more likely to run into reluctance to share it when you’d like them to. If they have something from you that says it’s alright to tell certain people, that will smooth communication a lot. If it’s alright to tell them everything, say so, or else they’ll most likely share the minimum amount necessary.

If you’re going in for surgery, you should make sure to tell the surgeon’s office whom they can discuss your case with. They’ll give you a form to provide this information; don’t hesitate to name more than one person if you think it will help.

Tailoring your requests
Another issue is how your healthcare provider delivers information. You might be fine with having them notify a certain person, but want them to use only certain channels. Email is notoriously insecure, so you might prefer that they give information only by phone or on paper. Under HIPAA, your doctor’s office has to accommodate your reasonable requests.

You can specify restrictions on what you want discussed. If your treatment involves drug abuse or mental illness, you can authorize notifying a person in an emergency but not giving them sensitive information.

If there’s a “serious and imminent” danger, your doctor can override your wishes and notify family members or even law enforcement. Few doctors will abuse that right, but you should be aware of it.

Your own health information
Under HIPAA, you have a right to receive your own health information. This includes information about treatment you have received. Medical bills and insurance statements are often cryptic about what procedures you’re being billed for, but if you ask for specific information, you’re entitled to it.

Having this information can help you to decide if you’re receiving appropriate treatment. You may not have as much medical knowledge as your doctor, but it’s your body, and ultimately it’s your decision about how and whether you want to be treated.

The HHS website has lots of information on HIPAA for patients. Become familiar with it, and you’ll be in a better position to convey your wishes to your healthcare providers.

Leave a Comment

Cybersecurity Road Map for Small Businesses—Provided by ESET®Why Is It Important For You To Be HIPAA Compliant?