HIPAA Demystified

By Barbara Boone McGinnis, Certified Elder Law Attorney

What is HIPAA?

HIPAA (Health Insurance Portability and Accountability Act of 1996) is a Federal law that sets national standards for how health plans, providers, and clearinghouses are to protect the privacy of a patient’s health information.

If the patient is present and has the capacity to make health care decision, when does HIPAA allow a health care provider to discuss the patient’s health information with the patient’s family, friends, or others involved in the patient’s care or payment for care?

If the patient is present and has the capacity to make health care decisions, a health care provider may discuss the patient’s health information with a family member, friend, or other person if the patient agrees or when given the opportunity does not object.  A health care provider also may share information with these persons, if using professional judgment , he or she decides that that the patient does not object.  In either case, the health care provider may share or discuss only the information that the person involved needs to know about the patient’s care or payment for care. 

However, if a patient has expressly requested that information not be shared with family then providers may not release such information. 

What if the patient is not present or is incapacitated, may a health care provider still share the patient’s health information with family, friends, or others involved in the patient’s care or payment for care?

Yes. If the patient is not present or is incapacitated, a health care provider may share the patient’s information with family, friends, or others as long as the health care provider determines, based on professional judgment, that it is in the best interest of the patient. When someone other than a friend or family member is involved, the health provider must be reasonably sure that the patient asked the person to be involved in his or her care or payment for care. The health care provider may discuss only the information that the person involved needs to know about the patients care or payment.

But, a provider is not required by HIPAA to share a patient’s information when the patient is not present of is incapacitated and can choose to wait until the patient has an opportunity to agree to the disclosure.

Do I have to sign a consent form before my health care provider can share information with my family?

While it is not a requirement for HIPAA compliance most providers will still ask you for signed authorization. 

Where can I find additional information about HIPAA?

The Office for Civil Rights, part of the Department of Health and Human Services, has a wide range of helpful information about HIPAA on its website

Contact Us

  • Enter security code:
     Security code