How patient privacy lapses happen and how you can prevent them in the future

Published on: 

Intentionally or not, your practice doesn't always completely safeguard your patients' privacy. Learn what you can do to better protect that confidentiality in the future.

Key Points



Doctor-patient privilege means that a patient's information is protected and cannot be obtained by any third party. Although you own the records, the patient owns the privilege. A patient must waive the privilege before you can release records or discuss his or her case with others.

A patient, rightfully, does not want or expect his or her personally identifiable health information to be shared with others. But in your office, you never know who is listening. It could be a friend, a relative, or a reporter. If a patient authorizes a third party to be present, however, then the privilege regarding that third party is waived.

Patients have the right to sue you if you violate their privilege and they are damaged as a result. In one example, a patient's employer heard from a physician that an employee had AIDS and, as a result, fired the employee/patient. The doctor was sued and lost.


Federal HIPPA laws are superimposed on state confidentiality laws. Federal laws usually supersede state laws, but state law still may prevail if it is more strict.

HIPAA protects all personally identifiable health information. It includes all information that identifies, or could reasonably be used to identify, a patient regardless of medium employed. Although originally envisaged as a regulator of electronic health records (EHR), it applies to paper records and verbal communication as well.

HIPAA allows the transfer of personally identifiable health information without a patient's consent in three circumstances: for treatment, payment, and healthcare operations.

Although HIPAA regulations often are burdensome, they help clarify some issues for physicians. Before HIPAA, patients had no specific waiver that allowed physicians to share information, yet good practice and avoidance of malpractice dictate the abundant sharing of information. This conundrum for the physician is now resolved.

HIPAA also adds more penalties. Patients can still sue, but they can also complain to the federal government. The government can investigate and can impose fines.