Does HIPAA Provide Special Protections for HIV Diagnosis/Treatment?

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

It’s easy to assume that the more sensitive information is, the more it should be protected. We know that the Health Insurance Portability and Accountability Act (known as HIPAA) protects health information. But does HIPAA provide special protections for highly sensitive health data, such as an HIV diagnosis or treatment?

In short, no. The federal HIPAA law governs all protected health information (PHI) but doesn’t afford special protections for PHI related to an HIV diagnosis or treatment. This data should be treated with the same privacy and security safeguards as any other health data. You need written consent to disclose this information, just like you do for any other type of PHI, unless the disclosure is for TPO or required by law.

Your practice must report an HIV diagnosis to your state health department for public health purposes. In many states, you can also disclose HIV services that a minor receives to their parents, if you believe it’s in the child’s best interests. However, you must not disclose this status to a patient’s employer.

At your practice, you may choose to provide extra protection, such as keeping HIV-related information in a separate area of the electronic health record. Additionally, state law may have requirements in addition to the HIPAA Privacy Rule. For example, some states or cities require you the health care provider or the patient to notify their partners of their HIV status or go through a partner notification program, such as in Texas. If your state has additional protections, you must comply with them.

In summary, HIPAA doesn’t provide special protections for HIV diagnosis or status. Nevertheless, you must still follow your current privacy policies and procedures to protect all patient data.

Request A HIPAAtrek Demo

Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!

You Might Also Like

Telehealth

Is the Telehealth you’ve adopted secure?

Many patients and providers who would not have normally considered telehealth as a regular way to access healthcare are now utilizing the services. Many patients are afraid to go the hospital or doctor office in fear of exposing themselves and loved ones to Covid-19. Luckily, doctors can still reach their patients and provide medical care online. After this pandemic is over, many suspect that telehealth will still be sticking around. Now may be a good time to consider how to make your telehealth services more secure.

Read More »
Double Extortion

Double Extortion-What it is and how you can prevent it

If organizations refuse to pay their ransom, attackers are threatening to release the data publicly. This will of course include sensitive information and PHI. Before Double Extortion, we assumed that hackers could not actually access our data and were only with-holding it from victims to disrupt the ability to continue their work. Now we know they can extract this information and publish it online, breaching our patient’s security.

Read More »
Learn about Hipaa

Join the HIPAA Huddle

The HIPAA Huddle is a monthly meeting for compliance officers and others with HIPAA oversight responsibility to meet LIVE in a collaborative  environment to work through a single issue or discuss best practices.