HIPAA myths

3 HIPAA Myths and Misconceptions

Every patient wants their private health information to stay private, and most understand that HIPAA is one of the ways that can be ensured. However, there are many HIPAA myths that distort the truth about what a HIPAA violation is and when your right to privacy has been violated.

Myth: Patients must sign an authorization or give specific consent when a healthcare provider releases information to another healthcare provider for the purpose of treatment or payment.

This is one of the more common HIPAA myths, as HIPAA does not require patients to give formal written permission for doctors to be able to disclose protected health information (PHI) to another provider for the purpose of treatment or payment. However, the patient’s identity will need to be verified to avoid the wrong person getting access to the information. This verification can be done using the last four digits of your SSN, address, or date of birth.

Myth: Sign-in sheets at medical offices and calling a patient by their first and last name in front of other patients in a waiting room are HIPAA violations.

No, this is another one of the HIPAA myths that some patients mistakenly believe. As long as a sign-in or registration sheet does not have more than the minimum of information to accurately call and identify a patient for their appointment, it is not a HIPAA violation. Things like the name of the patient (first and last), appointment time, and doctor you are seeing are all reasonable questions to ask. However, asking you to write down the reason for your appointment or your phone number and email address would be inappropriate. Additionally, using the first and last name is common practice for names that are common or that sound similar to other names.

Myth: Telehealth providers are not subject to HIPAA.

There has been a big push toward telehealth over the past couple of years, and that has led to even more HIPAA myths. HIPAA rules still do apply to all telehealth services, but some companies have put into place COVID-19 exception regulations that allow certain providers to use non-HIPAA programs to offer healthcare services. What does this mean? You may technically receive services over a platform that is not HIPAA-compliant, like FaceTime or Skype, but not over an app that is public-facing like Twitch or TikTok.

Contact Mobley & Brown, LLP for Help With Your Privacy

If you want to ensure that your rights are not violated during the process of receiving medical care, contact Mobley and Brown, LLP today. We are committed to using our experience along with facts from your specific case in order to achieve the result you deserve. Our experienced legal team is looking forward to working with you to meet your needs. Call us now at (410) 385-0398.