11 Debunked Myths About HIPAA and Medical Records Privacy for Patients

Are you confused about HIPAA laws and how they apply to your medical records privacy?

If so, join the club.

When medical records made the transition to the digital world, it suddenly became much easier for anyone to access your information. Among other things, HIPAA laws were set in place to protect that information. And they’ve been very effective in that department. 

But they’re not always easy to understand. As such, many misunderstandings have developed over the years. 

11 Myths Surrounding HIPAA and Medical Records Privacy

The vastness and complexity of HIPAA laws can be intimidating. And though translations for the law are available on the internet, not everyone was thrilled about having to learn them.

Plus, becoming HIPAA compliant meant extra work and money for providers. And now it’s essential to prove that you’re compliant! 

As such, there is a lot of misinformation about HIPAA and its powers. We’re here to debunk eleven of those myths.

1. Only You or Your Caregivers Can Access Your Health Records

Nope. There are many others who can access a patient’s medical records without a patient’s permission.

Legally, your personal medical information can be given to anyone who helps you pay for your medical care. This includes your insurance company and the government. 

It can also, in some instances, be given to those who want to pay for it. And finally, it can be illegally obtained if stolen or given away by mistake.

2. It Prohibits Doctors from Emailing Their Patients

If you’ve heard this from your physician or healthcare provider, it’s most likely an excuse. And a false one.

The truth is, when working in the medical industry, there are a ton of email security requirements. Many providers just don’t have the time or the willingness to deal with them. So they blame HIPAA instead.

3. There Is Strict Government Enforcement

The government enforces to the point where providers are getting slapped with fines and going to jail! Again, not true.

The federal government is not in the business of imposing huge fines and doling out jail time for providers who don’t abide by HIPAA.

While the government certainly encourages doctors, hospitals, and others to implement HIPAA, none have been severely penalized for breaches in their compliance with HIPAA. 

4. Medical Information Cannot Be Sold to Marketers

As long as marketers are HIPAA compliant, your information is not necessarily protected.

Some of this depends, of course, on what information will be shared and how and with whom it will be shared. 

For example, a hospital may use its patient list to inform you of a new doctor on staff or a new service it’s offering. 

5. Providers Cannot Share Information with Your Family 

Wrong again.

The problem is, many doctors are confused by what HIPAA allows. The laws are confusing and complex. So rather than swim through the muck of regulations, it’s easier for them to say that they can’t share information with your family.

Or anyone else, for that matter.

In reality, with specifically written permissions from you, your records can be shared with anyone you specify. 

6. You Must Use HIPAA Compliant Consultants

We mentioned above that the HIPAA laws are complex and there are many.

As a result, there are now more than a handful of folks calling themselves consultants who claim expertise in HIPAA laws. They even claim to be endorsed by the federal government.

But they’re not. HIPAA doesn’t require attendance at any educational seminars to be compliant. Thus, the federal government does not offer any sort of certification for this.

7. HIPAA Impedes Medical Care

Because of the lack of understanding around these laws, some patients are concerned that their information cannot be shared with other physicians without written permission.

That’s not the case. The rules that apply to payment, operations, and research do NOT apply to physicians when they communicate about a patient’s care.

8. Your Medical Records Cannot Affect Your Credit Records

If your medical records are secret under HIPAA law, then providers can’t report you for non-payment. Right?

Obviously, that’s not right. When services are rendered, you’re expected to pay. That’s part of the waiver you sign off on when you’re a new patient to a facility.

If you don’t provide payment, your provider is allowed to do whatever is legal under bill collecting statutes to collect that debt. And that means they may have to turn your files over to a collections agency. 

And you can bet that’ll affect your credit.

9. Employers Have Access to Your Medical Records

As stated above, your personal medical information can be given to anyone who helps you pay for your medical care. So does that mean if your employer pays for part of your health insurance, they should have access to your information?

You would think so. But in most cases, HIPAA prohibits employers from accessing your records. Even though they meet that stipulation. 

This is part of what makes the laws so confusing.

10. Physicians Do Not Benefit from HIPAA

Some doctors feel that HIPAA just makes their lives more difficult. Especially given the costs involved in implementing it.

But that’s short-sighted.

The transaction standards put forth by HIPAA make it easier for doctors to submit medical claims. This decreases administrative costs. HIPAA compliance may also head off costly patient claims for breach of privacy.

And HIPAA’s vigorous utilization of electronic medical records is actually thought to enhance care. 

11. All Previous Privacy Laws Are Negated

HIPAA is not the sole piece of legislation pertaining to patient privacy.

The privacy portions of HIPAA generally replace a big part of any state laws that cover medical privacy. But some state laws remain relevant in specific contexts. 

For instance, HIPAA covers digital medical information and not medical information that is in hard copy. Therefore, state medical privacy laws would likely still apply to patient medical information kept on paper.

Also, it’s important to note that state laws giving patients the private right of action to sue doctors for breach of privacy are still in force.

In a nutshell, although HIPAA is now the most well known medical privacy law, it’s not always the final word on it. 

Are You HIPAA Compliant?

If you’re a healthcare provider, you probably already know the importance of abiding by the HIPAA laws regarding medical records privacy. 

But how certain are you that you can provide proof of that compliance? 

Contact us today to find out the easiest and most cost-effective way to do this.

HIPAA Security Reminders


HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up

Scroll to Top