HIPAA — the Health Insurance Portability and Accountability Act — is a federal law that protects your medical information. If you've ever wondered what your employer can and can't ask about your health, HIPAA is the reason those boundaries exist.
What Does HIPAA Actually Protect?
HIPAA applies to "covered entities," which includes doctors, hospitals, insurance companies, and their business associates. Under HIPAA, your protected health information (PHI) includes:
- Medical diagnoses and treatment records
- Lab results and prescription history
- Mental health records
- Billing and insurance information
- Any information that can identify you as a patient
This means your doctor cannot share your medical records with your employer, your school, or anyone else without your written consent.
What Your Employer Can and Can't Ask
Here's where it gets practical. Your employer can ask for a doctor's note confirming you were seen by a provider and the dates you're excused. However, they cannot demand to know your specific diagnosis, the medications you're taking, or the details of your treatment.
If your employer pressures you for medical details beyond what's on your doctor's note, you have the right to decline. You can simply say the information is private and protected under HIPAA.
HIPAA and Doctor's Notes
A properly written doctor's note respects HIPAA by including only the minimum necessary information:
- Confirmation that a medical evaluation took place
- The dates of recommended absence
- When the patient is cleared to return
- Provider contact information for verification
It should not include your diagnosis, symptoms, or treatment plan unless you specifically authorize it.
Your Rights Under HIPAA
As a patient, you have the right to:
- Access your own records. You can request copies of your medical records at any time.
- Know who has seen your information. Healthcare providers must keep a log of disclosures.
- Request corrections. If something in your record is wrong, you can ask for it to be fixed.
- File a complaint. If you believe your privacy has been violated, you can file a complaint with the U.S. Department of Health and Human Services.
Understanding your HIPAA rights helps you navigate situations where your medical privacy might be at risk — whether it's dealing with an employer, a school, or an insurance company.