• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

How patient privacy lapses happen and how you can prevent them in the future


Intentionally or not, your practice doesn't always completely safeguard your patients' privacy. Learn what you can do to better protect that confidentiality in the future.

Key Points


Doctor-patient privilege means that a patient's information is protected and cannot be obtained by any third party. Although you own the records, the patient owns the privilege. A patient must waive the privilege before you can release records or discuss his or her case with others.

A patient, rightfully, does not want or expect his or her personally identifiable health information to be shared with others. But in your office, you never know who is listening. It could be a friend, a relative, or a reporter. If a patient authorizes a third party to be present, however, then the privilege regarding that third party is waived.

Patients have the right to sue you if you violate their privilege and they are damaged as a result. In one example, a patient's employer heard from a physician that an employee had AIDS and, as a result, fired the employee/patient. The doctor was sued and lost.


Federal HIPPA laws are superimposed on state confidentiality laws. Federal laws usually supersede state laws, but state law still may prevail if it is more strict.

HIPAA protects all personally identifiable health information. It includes all information that identifies, or could reasonably be used to identify, a patient regardless of medium employed. Although originally envisaged as a regulator of electronic health records (EHR), it applies to paper records and verbal communication as well.

HIPAA allows the transfer of personally identifiable health information without a patient's consent in three circumstances: for treatment, payment, and healthcare operations.

Although HIPAA regulations often are burdensome, they help clarify some issues for physicians. Before HIPAA, patients had no specific waiver that allowed physicians to share information, yet good practice and avoidance of malpractice dictate the abundant sharing of information. This conundrum for the physician is now resolved.

HIPAA also adds more penalties. Patients can still sue, but they can also complain to the federal government. The government can investigate and can impose fines.

Related Videos