Does HIPAA Provide Special Protections for HIV Diagnosis/Treatment?


It’s easy to assume that the more sensitive information is, the more it should be protected. We know that the Health Insurance Portability and Accountability Act (known as HIPAA) protects health information. But does HIPAA provide special protections for highly sensitive health data, such as an HIV diagnosis or treatment?

In short, no. The federal HIPAA law governs all protected health information (PHI) but doesn’t afford special protections for PHI related to an HIV diagnosis or treatment. This data should be treated with the same privacy and security safeguards as any other health data. You need written consent to disclose this information, just like you do for any other type of PHI, unless the disclosure is for TPO or required by law.

Your practice must report an HIV diagnosis to your state health department for public health purposes. In many states, you can also disclose HIV services that a minor receives to their parents, if you believe it’s in the child’s best interests. However, you must not disclose this status to a patient’s employer.

At your practice, you may choose to provide extra protection, such as keeping HIV-related information in a separate area of the electronic health record. Additionally, state law may have requirements in addition to the HIPAA Privacy Rule. For example, some states or cities require you the health care provider or the patient to notify their partners of their HIV status or go through a partner notification program, such as in Texas. If your state has additional protections, you must comply with them.

In summary, HIPAA doesn’t provide special protections for HIV diagnosis or status. Nevertheless, you must still follow your current privacy policies and procedures to protect all patient data.

Are you up to date with HIPAA?

Check out our cheat sheet for staying up to date with changing regulations!

Request A HIPAAtrek Demo

HIPAAtrek User
Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!

You Might Also Like

Is the Telehealth you’ve adopted secure?

Many patients and providers who would not have normally considered telehealth as a regular way to access healthcare are now utilizing the services. Many patients are afraid to go the hospital or doctor office in fear of exposing themselves and loved ones to Covid-19. Luckily, doctors can still reach their patients and provide medical care online. After this pandemic is over, many suspect that telehealth will still be sticking around. Now may be a good time to consider how to make your telehealth services more secure.

Read More »