How healthcare privacy laws protect you when you're living with HIV


By: Jennifer McMillen Smith, MSSA, LISW-S, Division of Infectious Disease and medically reviewed by Ann Avery, Infectious Disease Physician at Metrohealth Medical Center

Your health information is your private property.

Everything your doctor knows about you is valuable information that belongs to you, the same way your shoes or your clothes or your phone belong to you. People can’t just come along and give your property to somebody else without your permission.

This applies when you’re thinking about HIV confidentiality. The thought of HIV still makes some people uncomfortable. It shouldn’t, of course, because it’s treatable thanks to HIV meds.

Still, the stigma is out there, so you want to maintain control over who knows about your diagnosis.

Lots of privacy rules and regulations have been created because experts realize what can happen if your health information does not stay private.

Federal laws require doctors, health insurers and the people who work with them to follow certain rules to protect your health information. The main federal law protecting the privacy of your health information is called HIPAA — the Health Insurance Portability and Accountability Act of 1996.


Come join our private, stigma-free, supportive community.

Health management tools with medication & appointment reminders.
Social networking in a community conversation & private chats.


How HIPAA protects your health data privacy rights

HIPAA guarantees you can see your health records and request to change them if they are inaccurate. If you’re under a doctor’s care, the doctor has to show you your records if you request them.

Doctors and hospitals can share your information with other people in the medical world, but you have a right to see whom they have shared it with.

If you have health insurance, your insurer knows pretty much everything about the health care you’ve received. HIPAA gives insurers tight guidelines to ensure they do not accidentally reveal your health data to people who have no right to receive it.

If you have a job covered by health insurance, your insurer cannot reveal your private health information to your employer without your permission (unless some other law compels your employer to reveal the information).


What HIPAA does not cover

HIPAA tries to help doctors treat you while keeping your medical data as private as possible. Doctors may share some of your data to keep you healthy and provide general public-health data to keep your neighborhood healthy, but the rules do not cover everybody who could possibly see your health data.

According to the U.S. Department of Health and Human Services, lots of organizations are not covered by HIPAA rules, including:

  • Employers
  • Workers compensation carriers
  • Most schools and school districts
  • Many state agencies like child protective service agencies
  • Most law enforcement agencies

This means you can’t count on HIPAA to prevent these organizations from informing other people about your health status.


The value of protecting your health data

It’s crucial to have an in-depth talk with your HIV social worker about your health privacy rights, especially what to do if your health status is accidentally given to somebody who should not have it.

Your health information has value to other people — employers, hackers, people selling advertising and more. They would love to get that information for free, but you don’t have to make it easy for them to get it.

Related Blogs:





Positive Peers is made possible through a U.S. Department of Health and Human Services Health Resources and Services Administration, HIV/AIDS Bureau Special Projects of National Significance (SPNS) Grant to The MetroHealth System. Click here for more information about the SPNS grant initiative.
Positive Peers is a private app for young people living with HIV. Learn how you can earn rewards for your participation.