Does Talking About a Patient Violate HIPAA

One main focus of HIPAA regulations is ensuring the privacy of the protected health information (PHI) of patients. Most people immediately think about the protection and security of PHI in physical or electronic (ePHI) formats, but what about when PHI is verbalized?

Does talking about a patient violate HIPAA? If so, what precautions do healthcare providers need to take to avoid breaching PHI?

Does Talking About a Patient Violate HIPAA? – Basics

As we’ve already said, maintaining the privacy of PHI is one of the key requirements of HIPAA Rules and Regulations. The HIPAA Privacy Rule is very clear about requiring access controls and a minimum necessary standard for information that is being shared.

What happens when a doctor is discussing a patient’s care in the hallway outside a treatment room? Or when patient information is posted on a whiteboard at a nurses’ station? Could this create a breach that would result in a violation of HIPAA?

Does Talking About a Patient Violate HIPAA? – Incidental Use and Disclosure

The HIPAA law actually addresses examples like this within the Privacy Rule through Incidental Use and Disclosure. An incidental use or disclosure is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the Rule.

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

The Rule does require that the covered entity apply reasonable safeguards and implement the minimum necessary standard, where applicable, with respect to the primary use or disclosure. 

In implementing reasonable safeguards, covered entities should analyze their own needs and circumstances, such as the nature of