Let’s start with the basics: HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. (Don’t you wish you had a quarter for every time you saw it referred to as HIPPA?) Like most laws, this one is long and technical. But there are basic aspects that are easy to understand and important for patients and their families to know. The U.S. Department of Health and Human Services is responsible for making sure the law is followed, including rules about: 

  • Who can see someone’s personal health information (PHI).
  • Under what circumstances protected health information can be shared.
  • Correcting errors in a patient’s record.

What HIPAA is not

HIPAA is not a general law for safeguarding personal information. It covers the relationship between health care providers and patients. So, if someone tells you they can’t share personal information in another context — such as an employer-employee relationship —because of HIPPA, they have the wrong law in mind. 

You may have heard a doctor say they can’t share certain medical information with you because of HIPAA, even if you are the patient. That certainly isn’t true! What if you are a close family member or friend? The answer to that is maybe, but often yes. Let’s dig a little deeper.

HIPAA rules at a glance

Under the law, most health care providers — including hospitals, nursing homes, doctors, and nurses — must protect the privacy of your health care information. It can’t be shared unless you authorize it or, under special circumstances, a health care provider considers it to be in your best interest. The same is true for information about payment of your health care bills. 

That means you can tell your health care provider to share medical information with certain members of your family but not others. You can designate a close friend who can receive information. You can specify what types of information you want or don’t want to be shared with others. 

For example, you may want a spouse or partner to know everything possible about your medical condition but not want your children or siblings to receive all the same information. You may want certain people to have access to information about your current medical condition, such as that pertaining to why you are in the hospital, but not to your entire medical history. 

If a doctor or nurse comes into your hospital room to discuss your condition and others are present, you can object and say you don’t want the details discussed in front of them. But if you say nothing, the health care provider can reasonably assume it is okay to talk about your condition with these individuals present. 

When patient information is shared without consent.

What if you aren’t able to speak up for yourself and your wishes have not been specified? This is where the doctor or other provider can exercise their professional judgment. Let’s say you are not conscious and your family needs to know what is wrong and what is the prognosis? What if decisions must be made and you are too sick to participate fully in the discussion with your doctor? Or perhaps the doctor is not sure you understand your discharge instructions and wants to discuss them with your home health aide.

The bottom line is this: If your medical provider believes it is in your best interest to share certain, specific information to make sure you get the best care, there is leeway in the law to allow for their professional judgment

Of course, you can also help ensure your wishes are followed by having an advance medical directive and a designated medical power of attorney. The medical directive lays out your preferences for end-of-life decisions such as whether you want to receive nourishment, a breathing tube, or other life-sustaining measures. 

It also allows for decisions such as Do Not Resuscitate orders. A medical power of attorney gives authority to another, designated person — usually a family member or close friend — to make all or certain decisions for you if you aren’t able to make these decisions yourself. 

Document your end-of-life wishes.

In addition to these legal documents, it is becoming popular for patients to draw up medical documents, together with their doctors, to lay out their end-of-life wishes. These are called Physician Order for Life-Sustaining Treatment (POLST) or in some states, Medical Order for Life-Sustaining Treatment (MOLST). 

When a medical professional knows that these documents exist and what they stipulate, decisions about what can or can’t be shared under HIPAA may become much clearer. Someone with medical power of attorney has a strong case for receiving as much medical information as possible. Without that authority, it may be much harder to access information unless the patient gives permission. 

All of this can get complicated. While medical professionals are obligated to follow your instructions, the clearer you make your wishes, the easier it will be to ensure they are followed. And the better you and your family, or close friends, know your rights under HIPAA, the better able you will be to ensure you are getting the care you want. 

For more information about sharing health information with family and friends under HIPAA, visit

Like this article? Share on social