Information Management
HIPAA Uncovered: What Information Is Shareable?
Nash Riggins
Jan 12, 2024
Concerns around data security have risen rapidly in recent years. According to researchers at Deloitte, 67% of consumers are worried about the safety of their personal information.
Fortunately, the US Government has stringent rules that dictate who is allowed to share medical information and under what conditions the data is processed. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HIPAA Privacy Rule underline these rules.
We created this guide to help you understand what information is shareable under HIPAA and your rights as a patient. Read on to find out what HIPAA is, what information can or can’t be shared under HIPAA, and how to keep your medical information secure using Trustworthy.
Key Takeaways
HIPAA is a federal law that dictates how medical professionals and their business partners handle and transfer patient information.
HIPAA allows certain groups to share health information as required for medical treatment, payment for medical treatment, operations, oversight of healthcare, and other disclosures required by law.
Anyone who breaks the HIPAA Privacy Rule can face a fine of up to $50,000 or one year in jail.
What Is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law requiring the U.S. Department of Health and Human Services (HSS) to create and publish rules around sharing medical information.
To meet those requirements, HSS created and published a set of rules in 1999 known as the “HIPAA Privacy Rule.” Several revisions were then made to the HIPAA Privacy Rule before a final draft was approved in 2002.
Dr. Kelvin Fernandez, M.D., a Tutor and Medical Residency Advisor at Ace Med Boards explains:
“HIPAA, at its core, is a federal law ensuring the confidential handling of sensitive patient health information by healthcare entities. It provides strict guidelines on how, when, and to whom medical information can be shared.”
What Information Is Shareable Under HIPAA?
The HIPAA Privacy Rule has strict rules on the types of information that can and can’t be shared, and requires consent from the patient in many circumstances.
However, practitioners say the rules largely depend on the context of the data transfer and who is involved.
Dr. Fernandez explains:
“Information that can be shared under HIPAA mainly includes treatment details, payment information, and healthcare operations data necessary for quality assessment, accreditation, and licensing.”
Generally speaking, HIPAA permits the disclosure and sharing of most "individually identifiable health information" for the purposes of medical treatment, payment for medical treatment, operations, oversight of healthcare, and other disclosures required by law.
Medical information shared for any other reason is likely in violation of HIPAA.
The HIPAA Privacy Rule says identifiable information is anything that relates to:
A patient’s past, present, or future medical condition
A patient’s provision of healthcare
A patient's past, present, or future payment for healthcare provision
The rules also apply to any form of data, including digital, oral, or paper records.
That being said, there are a couple of exceptions.
If personal identifying information like a name or a phone number is maintained by a healthcare provider outside of a patient’s designated medical record and doesn’t contain health information, that means HIPAA does not protect it.
For example, let’s say your dentist’s office maintains a contacts database to promote its services via email. Because that list is separate from the health records of its patients, the office could technically share the list without breaking the HIPAA Privacy Rule.
Ashley Murry, Chief Clinical Officer at Sana Lake Recovery Centers explains:
“In my clinical field, HIPAA is a law that presents rules and standards relating to the use, management, storage, and sharing of protected health records. Using HIPAA, we have always ensured that our patient’s sensitive information and records are protected, like billing records and health insurance.”
HIPAA dictates that healthcare professionals should get informed consent and permission before sharing patients’ sensitive information.”
In addition to covering what information can be shared under the HIPAA Privacy Rule, the standards also have rules around the data rights of patients.
Samuel Greenes, an insurance broker and CEO of BLUE Insurance explains:
“Rights include obtaining full copies of medical records, restricting certain sharing with insurers or third parties, being notified of any breaches involving your PHI, approving uses beyond care/payment, and complaining to the Department of Health and Human Services regarding perceived violations investigated through audits.
Patients also have the right to request specific transmission or access restrictions.”
What Information Is Not Shareable Under HIPAA?
While HIPAA enables healthcare providers to share a range of patient information, it’s important to note that not all data is shareable under the standards.
“Psychotherapy notes, certain research data, and substance abuse records are examples of information that are generally not shareable under HIPAA, unless with specific consent,” says Dr. Fernandez.
Anyone who knowingly breaks HIPAA Privacy Rule by sharing individually identifiable information about a patient can face a fine of up to $50,000 or one year in jail.
Who Is Allowed To Share Information Under HIPAA?
Under HIPAA, a patient’s medical information can be shared and accessed by four groups:
Healthcare providers
Healthcare plans
Healthcare clearinghouses
Business associates
The Privacy Rule applies to every healthcare provider regardless of size.
However, according to Greenes, access to your medical information should always be limited to the doctors, nurses, technicians, billing staff, or insurance personnel involved in your direct care, administration, or payment of provided services.
He explains:
“Without explicit written authorization, other parties like family members cannot access Protected Health Information (PHI) except in emergency or incompetent situations with documented good faith justification.”
How to Ensure Your Medical Data Is Secure
While the HIPAA Privacy Rule dictates standards around how health practitioners and their business partners process patient data, it’s important to remember that not all personal data threats stem from external parties.
Ben Michael, an attorney at Michael & Associates explains:
“These days, there are increasing legal implications of telehealth. The biggest risks are always going to come from the users, including both the patients and the practitioners.”
That’s why patients must ensure they’re protecting their health information by using a safe and secure digital platform like Trustworthy.
Trustworthy is a digital Family Operating System® that gives users one, centralized view of all their important family documents. This might include everything from family IDs and tax returns to medical bills and health treatment records.
When you upload documents onto Trustworthy, you create a digital copy protected by two-factor authentication, hardware keys, and AES 256 bit encryption. Trustworthy even redacts sensitive information on-screen to protect your personal data from prying eyes.
Trustworthy empowers you with the ability to collaborate online and share health information with those you trust. For example, you could grant access to a hospital bill with your financial adviser or treatment information to a new doctor.
Learn more about Trustworthy’s range of features and how it can help you secure your personal information.
Frequently Asked Questions
What describes the sharing of information with other covered entities?
The “sharing of information with other covered entities” is a process included within the HIPAA Privacy Rule that explains how different entities should process, store, and share personal data.
Can protected health information (PHI) be shared with anyone at any time?
Protected Health Information (PHI) can be shared as long as the HIPAA Privacy Rule allows it or the patient gives their authorization to share the information.
What are examples of information not covered by the privacy rule?
Examples of information sharing that would not be allowed under the HIPAA Privacy Rule include anything about research, marketing activity, or psychotherapy notes.
Information Management
HIPAA Uncovered: What Information Is Shareable?
Nash Riggins
Jan 12, 2024
Concerns around data security have risen rapidly in recent years. According to researchers at Deloitte, 67% of consumers are worried about the safety of their personal information.
Fortunately, the US Government has stringent rules that dictate who is allowed to share medical information and under what conditions the data is processed. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HIPAA Privacy Rule underline these rules.
We created this guide to help you understand what information is shareable under HIPAA and your rights as a patient. Read on to find out what HIPAA is, what information can or can’t be shared under HIPAA, and how to keep your medical information secure using Trustworthy.
Key Takeaways
HIPAA is a federal law that dictates how medical professionals and their business partners handle and transfer patient information.
HIPAA allows certain groups to share health information as required for medical treatment, payment for medical treatment, operations, oversight of healthcare, and other disclosures required by law.
Anyone who breaks the HIPAA Privacy Rule can face a fine of up to $50,000 or one year in jail.
What Is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law requiring the U.S. Department of Health and Human Services (HSS) to create and publish rules around sharing medical information.
To meet those requirements, HSS created and published a set of rules in 1999 known as the “HIPAA Privacy Rule.” Several revisions were then made to the HIPAA Privacy Rule before a final draft was approved in 2002.
Dr. Kelvin Fernandez, M.D., a Tutor and Medical Residency Advisor at Ace Med Boards explains:
“HIPAA, at its core, is a federal law ensuring the confidential handling of sensitive patient health information by healthcare entities. It provides strict guidelines on how, when, and to whom medical information can be shared.”
What Information Is Shareable Under HIPAA?
The HIPAA Privacy Rule has strict rules on the types of information that can and can’t be shared, and requires consent from the patient in many circumstances.
However, practitioners say the rules largely depend on the context of the data transfer and who is involved.
Dr. Fernandez explains:
“Information that can be shared under HIPAA mainly includes treatment details, payment information, and healthcare operations data necessary for quality assessment, accreditation, and licensing.”
Generally speaking, HIPAA permits the disclosure and sharing of most "individually identifiable health information" for the purposes of medical treatment, payment for medical treatment, operations, oversight of healthcare, and other disclosures required by law.
Medical information shared for any other reason is likely in violation of HIPAA.
The HIPAA Privacy Rule says identifiable information is anything that relates to:
A patient’s past, present, or future medical condition
A patient’s provision of healthcare
A patient's past, present, or future payment for healthcare provision
The rules also apply to any form of data, including digital, oral, or paper records.
That being said, there are a couple of exceptions.
If personal identifying information like a name or a phone number is maintained by a healthcare provider outside of a patient’s designated medical record and doesn’t contain health information, that means HIPAA does not protect it.
For example, let’s say your dentist’s office maintains a contacts database to promote its services via email. Because that list is separate from the health records of its patients, the office could technically share the list without breaking the HIPAA Privacy Rule.
Ashley Murry, Chief Clinical Officer at Sana Lake Recovery Centers explains:
“In my clinical field, HIPAA is a law that presents rules and standards relating to the use, management, storage, and sharing of protected health records. Using HIPAA, we have always ensured that our patient’s sensitive information and records are protected, like billing records and health insurance.”
HIPAA dictates that healthcare professionals should get informed consent and permission before sharing patients’ sensitive information.”
In addition to covering what information can be shared under the HIPAA Privacy Rule, the standards also have rules around the data rights of patients.
Samuel Greenes, an insurance broker and CEO of BLUE Insurance explains:
“Rights include obtaining full copies of medical records, restricting certain sharing with insurers or third parties, being notified of any breaches involving your PHI, approving uses beyond care/payment, and complaining to the Department of Health and Human Services regarding perceived violations investigated through audits.
Patients also have the right to request specific transmission or access restrictions.”
What Information Is Not Shareable Under HIPAA?
While HIPAA enables healthcare providers to share a range of patient information, it’s important to note that not all data is shareable under the standards.
“Psychotherapy notes, certain research data, and substance abuse records are examples of information that are generally not shareable under HIPAA, unless with specific consent,” says Dr. Fernandez.
Anyone who knowingly breaks HIPAA Privacy Rule by sharing individually identifiable information about a patient can face a fine of up to $50,000 or one year in jail.
Who Is Allowed To Share Information Under HIPAA?
Under HIPAA, a patient’s medical information can be shared and accessed by four groups:
Healthcare providers
Healthcare plans
Healthcare clearinghouses
Business associates
The Privacy Rule applies to every healthcare provider regardless of size.
However, according to Greenes, access to your medical information should always be limited to the doctors, nurses, technicians, billing staff, or insurance personnel involved in your direct care, administration, or payment of provided services.
He explains:
“Without explicit written authorization, other parties like family members cannot access Protected Health Information (PHI) except in emergency or incompetent situations with documented good faith justification.”
How to Ensure Your Medical Data Is Secure
While the HIPAA Privacy Rule dictates standards around how health practitioners and their business partners process patient data, it’s important to remember that not all personal data threats stem from external parties.
Ben Michael, an attorney at Michael & Associates explains:
“These days, there are increasing legal implications of telehealth. The biggest risks are always going to come from the users, including both the patients and the practitioners.”
That’s why patients must ensure they’re protecting their health information by using a safe and secure digital platform like Trustworthy.
Trustworthy is a digital Family Operating System® that gives users one, centralized view of all their important family documents. This might include everything from family IDs and tax returns to medical bills and health treatment records.
When you upload documents onto Trustworthy, you create a digital copy protected by two-factor authentication, hardware keys, and AES 256 bit encryption. Trustworthy even redacts sensitive information on-screen to protect your personal data from prying eyes.
Trustworthy empowers you with the ability to collaborate online and share health information with those you trust. For example, you could grant access to a hospital bill with your financial adviser or treatment information to a new doctor.
Learn more about Trustworthy’s range of features and how it can help you secure your personal information.
Frequently Asked Questions
What describes the sharing of information with other covered entities?
The “sharing of information with other covered entities” is a process included within the HIPAA Privacy Rule that explains how different entities should process, store, and share personal data.
Can protected health information (PHI) be shared with anyone at any time?
Protected Health Information (PHI) can be shared as long as the HIPAA Privacy Rule allows it or the patient gives their authorization to share the information.
What are examples of information not covered by the privacy rule?
Examples of information sharing that would not be allowed under the HIPAA Privacy Rule include anything about research, marketing activity, or psychotherapy notes.
Information Management
HIPAA Uncovered: What Information Is Shareable?
Nash Riggins
Jan 12, 2024
Concerns around data security have risen rapidly in recent years. According to researchers at Deloitte, 67% of consumers are worried about the safety of their personal information.
Fortunately, the US Government has stringent rules that dictate who is allowed to share medical information and under what conditions the data is processed. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HIPAA Privacy Rule underline these rules.
We created this guide to help you understand what information is shareable under HIPAA and your rights as a patient. Read on to find out what HIPAA is, what information can or can’t be shared under HIPAA, and how to keep your medical information secure using Trustworthy.
Key Takeaways
HIPAA is a federal law that dictates how medical professionals and their business partners handle and transfer patient information.
HIPAA allows certain groups to share health information as required for medical treatment, payment for medical treatment, operations, oversight of healthcare, and other disclosures required by law.
Anyone who breaks the HIPAA Privacy Rule can face a fine of up to $50,000 or one year in jail.
What Is HIPAA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law requiring the U.S. Department of Health and Human Services (HSS) to create and publish rules around sharing medical information.
To meet those requirements, HSS created and published a set of rules in 1999 known as the “HIPAA Privacy Rule.” Several revisions were then made to the HIPAA Privacy Rule before a final draft was approved in 2002.
Dr. Kelvin Fernandez, M.D., a Tutor and Medical Residency Advisor at Ace Med Boards explains:
“HIPAA, at its core, is a federal law ensuring the confidential handling of sensitive patient health information by healthcare entities. It provides strict guidelines on how, when, and to whom medical information can be shared.”
What Information Is Shareable Under HIPAA?
The HIPAA Privacy Rule has strict rules on the types of information that can and can’t be shared, and requires consent from the patient in many circumstances.
However, practitioners say the rules largely depend on the context of the data transfer and who is involved.
Dr. Fernandez explains:
“Information that can be shared under HIPAA mainly includes treatment details, payment information, and healthcare operations data necessary for quality assessment, accreditation, and licensing.”
Generally speaking, HIPAA permits the disclosure and sharing of most "individually identifiable health information" for the purposes of medical treatment, payment for medical treatment, operations, oversight of healthcare, and other disclosures required by law.
Medical information shared for any other reason is likely in violation of HIPAA.
The HIPAA Privacy Rule says identifiable information is anything that relates to:
A patient’s past, present, or future medical condition
A patient’s provision of healthcare
A patient's past, present, or future payment for healthcare provision
The rules also apply to any form of data, including digital, oral, or paper records.
That being said, there are a couple of exceptions.
If personal identifying information like a name or a phone number is maintained by a healthcare provider outside of a patient’s designated medical record and doesn’t contain health information, that means HIPAA does not protect it.
For example, let’s say your dentist’s office maintains a contacts database to promote its services via email. Because that list is separate from the health records of its patients, the office could technically share the list without breaking the HIPAA Privacy Rule.
Ashley Murry, Chief Clinical Officer at Sana Lake Recovery Centers explains:
“In my clinical field, HIPAA is a law that presents rules and standards relating to the use, management, storage, and sharing of protected health records. Using HIPAA, we have always ensured that our patient’s sensitive information and records are protected, like billing records and health insurance.”
HIPAA dictates that healthcare professionals should get informed consent and permission before sharing patients’ sensitive information.”
In addition to covering what information can be shared under the HIPAA Privacy Rule, the standards also have rules around the data rights of patients.
Samuel Greenes, an insurance broker and CEO of BLUE Insurance explains:
“Rights include obtaining full copies of medical records, restricting certain sharing with insurers or third parties, being notified of any breaches involving your PHI, approving uses beyond care/payment, and complaining to the Department of Health and Human Services regarding perceived violations investigated through audits.
Patients also have the right to request specific transmission or access restrictions.”
What Information Is Not Shareable Under HIPAA?
While HIPAA enables healthcare providers to share a range of patient information, it’s important to note that not all data is shareable under the standards.
“Psychotherapy notes, certain research data, and substance abuse records are examples of information that are generally not shareable under HIPAA, unless with specific consent,” says Dr. Fernandez.
Anyone who knowingly breaks HIPAA Privacy Rule by sharing individually identifiable information about a patient can face a fine of up to $50,000 or one year in jail.
Who Is Allowed To Share Information Under HIPAA?
Under HIPAA, a patient’s medical information can be shared and accessed by four groups:
Healthcare providers
Healthcare plans
Healthcare clearinghouses
Business associates
The Privacy Rule applies to every healthcare provider regardless of size.
However, according to Greenes, access to your medical information should always be limited to the doctors, nurses, technicians, billing staff, or insurance personnel involved in your direct care, administration, or payment of provided services.
He explains:
“Without explicit written authorization, other parties like family members cannot access Protected Health Information (PHI) except in emergency or incompetent situations with documented good faith justification.”
How to Ensure Your Medical Data Is Secure
While the HIPAA Privacy Rule dictates standards around how health practitioners and their business partners process patient data, it’s important to remember that not all personal data threats stem from external parties.
Ben Michael, an attorney at Michael & Associates explains:
“These days, there are increasing legal implications of telehealth. The biggest risks are always going to come from the users, including both the patients and the practitioners.”
That’s why patients must ensure they’re protecting their health information by using a safe and secure digital platform like Trustworthy.
Trustworthy is a digital Family Operating System® that gives users one, centralized view of all their important family documents. This might include everything from family IDs and tax returns to medical bills and health treatment records.
When you upload documents onto Trustworthy, you create a digital copy protected by two-factor authentication, hardware keys, and AES 256 bit encryption. Trustworthy even redacts sensitive information on-screen to protect your personal data from prying eyes.
Trustworthy empowers you with the ability to collaborate online and share health information with those you trust. For example, you could grant access to a hospital bill with your financial adviser or treatment information to a new doctor.
Learn more about Trustworthy’s range of features and how it can help you secure your personal information.
Frequently Asked Questions
What describes the sharing of information with other covered entities?
The “sharing of information with other covered entities” is a process included within the HIPAA Privacy Rule that explains how different entities should process, store, and share personal data.
Can protected health information (PHI) be shared with anyone at any time?
Protected Health Information (PHI) can be shared as long as the HIPAA Privacy Rule allows it or the patient gives their authorization to share the information.
What are examples of information not covered by the privacy rule?
Examples of information sharing that would not be allowed under the HIPAA Privacy Rule include anything about research, marketing activity, or psychotherapy notes.
Try Trustworthy today.
Try the Family Operating System® for yourself. You (and your family) will love it.
No credit card required.
Try Trustworthy today.
Try the Family Operating System® for yourself. You (and your family) will love it.
No credit card required.
Try Trustworthy today.
Try the Family Operating System® for yourself. You (and your family) will love it.
No credit card required.
Related Articles
Mar 28, 2024
Safeguard Your Files: Mastering Secure File Sharing
Feb 9, 2024
What Is a Family Operating System? And Why Do You Need One?
Feb 2, 2024
The Critical Role of Information Sharing in Healthcare
Jan 18, 2024
Navigating Consent: Sharing Medical Info with Relatives
Jan 12, 2024
HIPAA Uncovered: What Information Is Shareable?
Jan 11, 2024
FERPA Violations: Examples to Avoid in Education
Jan 10, 2024
Decoding HIPAA: What Information Can Be Shared Legally?
Jan 5, 2024
Doctors & Family: What Patient Information Can They Share?
Jan 2, 2024
How To Disable 2FA
Dec 26, 2023
How to Share Documents on Goodnotes
Dec 18, 2023
How To Share Documents in Google Docs
Dec 13, 2023
How to Share Documents on Dropbox
Dec 12, 2023
How To Share Documents on Teams
Dec 12, 2023
What is the Most Secure File Transfer Protocol?
Dec 9, 2023
How To Use SharePoint for Document Control
Dec 8, 2023
What Documents Have Social Security Numbers on Them?
Dec 8, 2023
How to Disable the Open File Security Warning
Dec 7, 2023
How To View Shared Documents In Quickbooks Online
Dec 4, 2023
How to Lock a File on SharePoint
Dec 4, 2023
What is Document Control?
Dec 2, 2023
How To Share Confidential Documents Online
Nov 30, 2023
What Does a Document Control Specialist Do?
Jun 12, 2023
The Essential International Travel Checklist for Your Next Trip
Mar 21, 2023
How to safely destroy sensitive documents
Feb 8, 2023
Is It Safe To Send Credit Card Info By Text? (5 Safety Tips)
Feb 1, 2023
Is It Safe To Send Credit Card Info By Email? (5 Safety Tips)
Feb 1, 2023
Is It Safe To Text Social Security Number? (5 Safety Tips)
Feb 1, 2023
Is It Safe To Email Social Security Number? (5 Safety Tips)
Feb 1, 2023
Is It Safe To Save & Send Credit Card Info Through Google Drive?
Feb 1, 2023
Is It Safe To Put Sensitive Files In Google Drive? (7 Tips)
Feb 1, 2023
Is It Safe To Share Google Drive Link? (Yes, Here's How)
Feb 1, 2023
Is It Safe To Store Tax Documents On Google Drive? (5 Tips)
Feb 1, 2023
Is It Safe To Send Credit Card Info By WhatsApp?
Jan 24, 2023
Trustworthy guide: Organize Your Digital Space for 2023
Jan 18, 2023
Which Documents Should We Keep a Paper Copy of? Which Documents Can We Scan and Recycle?
Mar 2, 2022
What To Look for in a Legal Document Management System
Mar 1, 2022
How to securely manage your legal documents
Mar 1, 2022
Does my state have a digital vaccine card?
Mar 1, 2022
10 ways to win at Trustworthy and organize your life